From de9a874401c2347b1617ca52ae42407969414c79 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 20 Jul 2020 14:40:05 +0200 Subject: [PATCH 001/235] Add first version of CONTRIBUTING.md --- CONTRIBUTING.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..3d144f7a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,62 @@ +# Contributing + +There are multiple different workflows with different advantages and disadvantages. +The most common workflows are: + +- [GitFlow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow) +- [GitHub Flow](https://githubflow.github.io/) +- [GitLab Flow](https://about.gitlab.com/blog/2014/09/29/gitlab-flow/) + +## GitHub Flow (How we want to work) + +GitHub Flow is very lightweight (especially compared to GitFlow). +This workflow uses only two kinds of branches: + +- Feature branch +- Main branch (previously called master) + +The `feature` branches are used to develop new features as well as fixes. +These branches are usually created out of main. + +Anything in the `main` branch is deployable. +The `main` branch is expected to be deployed regularly and is considered stable. + +### How to work with GitHub Flow + +For more Information see [GitHub Flow](https://githubflow.github.io/) + +TL;DR + +1. anything in the main branch is deployable +2. create descriptive branches off of main +3. push to named branches constantly +4. open a pull request at any time +5. merge only after pull request review +6. deploy immediately after review + +### Why not GitLab Flow or GitFlow + +Both `GitLab Flow` and `GitFlow` are to complex for our use case. + +## Working with The Community / Working with Forks + +Our current continuous integration workflow makes it very hard to work on own forks of the SecureCodeBox because CI tests cannot be executed outside of our repository. We are aware of that problem and are working on a solution. + +## Working with Issues + +`GitHub Flow` does not enforce you to use Issues but it is highly encouraged. +It is recommended to use an Issue for every Task taking longer than 1h (See [GitLab Flow](https://about.gitlab.com/blog/2014/09/29/gitlab-flow/)). + +## How to Write Commit Messages + +For more Information see [here](https://chris.beams.io/posts/git-commit/). + +TL;DR + +1. Separate subject from body with a blank line +2. Limit the subject line to 50 characters +3. Capitalize the subject line +4. Do not end the subject line with a period +5. Use the imperative mood in the subject line +6. Wrap the body at 72 characters +7. Use the body to explain what and why vs. how From b5d96574c83db0b7f2e91bc4c92fac26ce45d4aa Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 08:53:16 +0200 Subject: [PATCH 002/235] [WIP] Update CONTRIBUTING --- CONTRIBUTING.md | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3d144f7a..11a39d37 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,13 +1,8 @@ # Contributing -There are multiple different workflows with different advantages and disadvantages. -The most common workflows are: +## GitHub Flow -- [GitFlow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow) -- [GitHub Flow](https://githubflow.github.io/) -- [GitLab Flow](https://about.gitlab.com/blog/2014/09/29/gitlab-flow/) - -## GitHub Flow (How we want to work) +For more information see [GitHub Flow](https://githubflow.github.io/) GitHub Flow is very lightweight (especially compared to GitFlow). This workflow uses only two kinds of branches: @@ -23,7 +18,7 @@ The `main` branch is expected to be deployed regularly and is considered stable. ### How to work with GitHub Flow -For more Information see [GitHub Flow](https://githubflow.github.io/) +For more information see [GitHub Flow](https://githubflow.github.io/) TL;DR @@ -34,22 +29,20 @@ TL;DR 5. merge only after pull request review 6. deploy immediately after review -### Why not GitLab Flow or GitFlow - -Both `GitLab Flow` and `GitFlow` are to complex for our use case. - -## Working with The Community / Working with Forks +## Working with Forks and Pull Requests Our current continuous integration workflow makes it very hard to work on own forks of the SecureCodeBox because CI tests cannot be executed outside of our repository. We are aware of that problem and are working on a solution. -## Working with Issues +Generally the SCB project follows the standard [GitHub Pull request process](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). -`GitHub Flow` does not enforce you to use Issues but it is highly encouraged. -It is recommended to use an Issue for every Task taking longer than 1h (See [GitLab Flow](https://about.gitlab.com/blog/2014/09/29/gitlab-flow/)). +## Working with Issues / How to Contribute in Issues + +For every task taking more than 1h, opening an issue is required. +Before opening an Issue please verify there is no existing one covering your issue. ## How to Write Commit Messages -For more Information see [here](https://chris.beams.io/posts/git-commit/). +For more information see [here](https://chris.beams.io/posts/git-commit/). TL;DR @@ -60,3 +53,13 @@ TL;DR 5. Use the imperative mood in the subject line 6. Wrap the body at 72 characters 7. Use the body to explain what and why vs. how + +NOTE: Make sure you don't include `@mentions` or `fixes` keywords in your git commit messages. These should be included in the PR body instead. + +## Code Review + +## Code of Conduct + +## Code Style + + From c3ac26f67e41d13731e8ce2b4b39328af7e17ca9 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 08:56:37 +0200 Subject: [PATCH 003/235] [WIP] Add Headline for CLA --- CONTRIBUTING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 11a39d37..3850d7aa 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -62,4 +62,6 @@ NOTE: Make sure you don't include `@mentions` or `fixes` keywords in your git co ## Code Style +## Contributor License Agreement (CLA) + From ae5b3492ebe3901aa700a29156cbfe2f0dbe7573 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 10:54:22 +0200 Subject: [PATCH 004/235] Adding init CODE_OF_CONDUCT --- CODE_OF_CONDUCT.md | 130 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..90272fed --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,130 @@ + +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity +and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the + overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or + advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email + address, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +[INSERT CONTACT METHOD]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series +of actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or +permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within +the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.0, available at +https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. + +Community Impact Guidelines were inspired by [Mozilla's code of conduct +enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at +https://www.contributor-covenant.org/faq. Translations are available at +https://www.contributor-covenant.org/translations. + From f170d8e9b25172468607604bbe37524dd6af23f1 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 11:05:16 +0200 Subject: [PATCH 005/235] Add reference to CODE_OF_CONDUCT --- CONTRIBUTING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3850d7aa..d1d83459 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -60,6 +60,8 @@ NOTE: Make sure you don't include `@mentions` or `fixes` keywords in your git co ## Code of Conduct +Please have a look at our [Code of Conduct](./CODE_OF_CONDUCT.md) before you write an Issue or make a PR. + ## Code Style ## Contributor License Agreement (CLA) From 0c752955e05d6614bc3d96c6a2a6ea71ec2633f5 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 11:34:41 +0200 Subject: [PATCH 006/235] Adding Table of Contents --- CONTRIBUTING.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d1d83459..1e1a8155 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,13 @@ # Contributing +. [GitHub Flow](#GitHub Flow) +. [Working with Forks and Pull Requests](#Working with Forks and Pull Requests) +. [Working with Issues / How to Contribute in Issues](#Working with Issues / How to Contribute in Issues) +. [How to Write Commit Messages](#How to Write Commit Messages) +. [Code Review](#Code Review) +. [Code of Conduct](#Code of Conduct) +. [Contributor License Agreement (CLA](#Contributor License Agreement (CLA) + ## GitHub Flow For more information see [GitHub Flow](https://githubflow.github.io/) From 6bba97998285e2235fb3513ca9fa16ff5a4b6eaa Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 22 Jul 2020 11:35:50 +0200 Subject: [PATCH 007/235] Fix Syntax for Table of Contents --- CONTRIBUTING.md | 17 ++++++++++------- ressources.md | 15 +++++++++++++++ 2 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 ressources.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1e1a8155..522f95e8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,12 +1,15 @@ # Contributing -. [GitHub Flow](#GitHub Flow) -. [Working with Forks and Pull Requests](#Working with Forks and Pull Requests) -. [Working with Issues / How to Contribute in Issues](#Working with Issues / How to Contribute in Issues) -. [How to Write Commit Messages](#How to Write Commit Messages) -. [Code Review](#Code Review) -. [Code of Conduct](#Code of Conduct) -. [Contributor License Agreement (CLA](#Contributor License Agreement (CLA) +- [Contributing](#contributing) + - [GitHub Flow](#github-flow) + - [How to work with GitHub Flow](#how-to-work-with-github-flow) + - [Working with Forks and Pull Requests](#working-with-forks-and-pull-requests) + - [Working with Issues / How to Contribute in Issues](#working-with-issues--how-to-contribute-in-issues) + - [How to Write Commit Messages](#how-to-write-commit-messages) + - [Code Review](#code-review) + - [Code of Conduct](#code-of-conduct) + - [Code Style](#code-style) + - [Contributor License Agreement (CLA)](#contributor-license-agreement-cla) ## GitHub Flow diff --git a/ressources.md b/ressources.md new file mode 100644 index 00000000..b8f08a2f --- /dev/null +++ b/ressources.md @@ -0,0 +1,15 @@ +# Ressources for Contributing + +## Contributing + +- [Kubernetes Contributing](https://github.com/kubernetes/community/blob/master/contributors/guide/contributing.md#learn-about-sigs) +- [Kubernetes Pull-requests](https://github.com/kubernetes/community/blob/master/contributors/guide/pull-requests.md) +- [Nodejs Contributing](https://github.com/nodejs/node/blob/master/CONTRIBUTING.md) + +## Code of Conduct + +- [Kubernetes Code of Conduct](https://github.com/kubernetes/community/blob/master/governance.md#code-of-conduct) + +## Developer's Certificate of Origin? (Nodejs) + +## Rebase over Merge? (Nodejs) From 00f2237f56467a5fa2cc8bcbb3055ed84e9f6b15 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 27 Jul 2020 08:04:44 +0200 Subject: [PATCH 008/235] Remove CLA section We are not sure if we need an agreement like this Until then we will remove this section --- CONTRIBUTING.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 522f95e8..496485d1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -75,6 +75,4 @@ Please have a look at our [Code of Conduct](./CODE_OF_CONDUCT.md) before you wri ## Code Style -## Contributor License Agreement (CLA) - From 720c3c70df77dc4117bce201fb46fe4951fc4496 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 27 Jul 2020 08:08:03 +0200 Subject: [PATCH 009/235] Enclose plain links in angle brackets --- CODE_OF_CONDUCT.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 90272fed..f5ca2738 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -117,14 +117,14 @@ the community. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +. Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). -[homepage]: https://www.contributor-covenant.org +[homepage]: For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +. Translations are available at +. From 9b226eb450861f883517ccecc31e414a1418045e Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 27 Jul 2020 08:16:34 +0200 Subject: [PATCH 010/235] Escape special char in headings --- CODE_OF_CONDUCT.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f5ca2738..ca21bb21 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -72,7 +72,7 @@ reporter of any incident. Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: -### 1. Correction +### 1\. Correction **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. @@ -81,7 +81,7 @@ unprofessional or unwelcome in the community. clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. -### 2. Warning +### 2\. Warning **Community Impact**: A violation through a single incident or series of actions. @@ -93,7 +93,7 @@ includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. -### 3. Temporary Ban +### 3\. Temporary Ban **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. @@ -104,7 +104,7 @@ private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. -### 4. Permanent Ban +### 4\. Permanent Ban **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an From 526e93adf570b8273ac94dec1fbeab7465ce89ec Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 27 Jul 2020 08:26:07 +0200 Subject: [PATCH 011/235] Fix markdown syntax --- CONTRIBUTING.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 496485d1..c06986c2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -21,11 +21,11 @@ This workflow uses only two kinds of branches: - Feature branch - Main branch (previously called master) -The `feature` branches are used to develop new features as well as fixes. +The _feature_ branches are used to develop new features as well as fixes. These branches are usually created out of main. -Anything in the `main` branch is deployable. -The `main` branch is expected to be deployed regularly and is considered stable. +Anything in the _main_ branch is deployable. +The _main_ branch is expected to be deployed regularly and is considered stable. ### How to work with GitHub Flow @@ -33,7 +33,7 @@ For more information see [GitHub Flow](https://githubflow.github.io/) TL;DR -1. anything in the main branch is deployable +1. anything in the _main_ branch is deployable 2. create descriptive branches off of main 3. push to named branches constantly 4. open a pull request at any time @@ -42,11 +42,11 @@ TL;DR ## Working with Forks and Pull Requests -Our current continuous integration workflow makes it very hard to work on own forks of the SecureCodeBox because CI tests cannot be executed outside of our repository. We are aware of that problem and are working on a solution. +Our current continuous integration workflow makes it very hard to work on own forks of the _secureCodeBox_ because CI tests cannot be executed outside of our repository. We are aware of that problem and are working on a solution. -Generally the SCB project follows the standard [GitHub Pull request process](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). +Generally the _secureCodeBox_ project follows the standard [GitHub Pull request process](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). -## Working with Issues / How to Contribute in Issues +## Working with Issues/How to Contribute in Issues For every task taking more than 1h, opening an issue is required. Before opening an Issue please verify there is no existing one covering your issue. From 5cab1eba4f1798e5905ea462c9edf03774e32e5b Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 27 Jul 2020 08:28:49 +0200 Subject: [PATCH 012/235] Change wording --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c06986c2..4ac8dd84 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -48,8 +48,8 @@ Generally the _secureCodeBox_ project follows the standard [GitHub Pull request ## Working with Issues/How to Contribute in Issues -For every task taking more than 1h, opening an issue is required. -Before opening an Issue please verify there is no existing one covering your issue. +It is mandatory to open an issue, if the task takes longer than one hour. +Before you open an issue please verify there is no existing one covering your issue. ## How to Write Commit Messages From 196b4da07b2487939d9ca815020a22dd38183628 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 29 Jul 2020 13:10:29 +0200 Subject: [PATCH 013/235] Remove dead link --- CONTRIBUTING.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4ac8dd84..6c7fa69d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,7 +9,6 @@ - [Code Review](#code-review) - [Code of Conduct](#code-of-conduct) - [Code Style](#code-style) - - [Contributor License Agreement (CLA)](#contributor-license-agreement-cla) ## GitHub Flow From fd0709165c71033cb54c2c68df918b70add26d45 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 10 Aug 2020 17:37:17 +0200 Subject: [PATCH 014/235] Add completion timestamp to scans once finished This also allows to track the total runtime by comparing it against the .metadata.creationTimestamp of the scan. --- operator/apis/execution/v1/scan_types.go | 4 +++- operator/apis/execution/v1/zz_generated.deepcopy.go | 4 ++++ .../bases/execution.experimental.securecodebox.io_scans.yaml | 5 +++++ operator/controllers/execution/scans/hook_reconciler.go | 4 ++++ .../crds/execution.experimental.securecodebox.io_scans.yaml | 5 +++++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/operator/apis/execution/v1/scan_types.go b/operator/apis/execution/v1/scan_types.go index 23a598e9..4d32f283 100644 --- a/operator/apis/execution/v1/scan_types.go +++ b/operator/apis/execution/v1/scan_types.go @@ -43,7 +43,9 @@ type ScanSpec struct { type ScanStatus struct { State string `json:"state,omitempty"` - ErrorDescription string `json:"errorDescription,omitempty"` + // FinishedAt contains the time where the scan (including parser & hooks) has been marked as "Done" + FinishedAt *metav1.Time `json:"finishedAt,omitempty"` + ErrorDescription string `json:"errorDescription,omitempty"` // RawResultType determines which kind of ParseDefinition will be used to turn the raw results of the scanner into findings RawResultType string `json:"rawResultType,omitempty"` diff --git a/operator/apis/execution/v1/zz_generated.deepcopy.go b/operator/apis/execution/v1/zz_generated.deepcopy.go index 268e7d6f..fbae0fbc 100644 --- a/operator/apis/execution/v1/zz_generated.deepcopy.go +++ b/operator/apis/execution/v1/zz_generated.deepcopy.go @@ -388,6 +388,10 @@ func (in *ScanSpec) DeepCopy() *ScanSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ScanStatus) DeepCopyInto(out *ScanStatus) { *out = *in + if in.FinishedAt != nil { + in, out := &in.FinishedAt, &out.FinishedAt + *out = (*in).DeepCopy() + } in.Findings.DeepCopyInto(&out.Findings) if in.ReadAndWriteHookStatus != nil { in, out := &in.ReadAndWriteHookStatus, &out.ReadAndWriteHookStatus diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml index a5ee337a..01e02e48 100644 --- a/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml +++ b/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml @@ -252,6 +252,11 @@ spec: type: integer type: object type: object + finishedAt: + description: FinishedAt contains the time where the scan (including + parser & hooks) has been marked as "Done" + format: date-time + type: string rawResultFile: description: RawResultFile Filename of the result file of the scanner. e.g. `nmap-result.xml` diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index c7aee9f1..7cdbfd1e 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -217,6 +217,8 @@ func (r *ScanReconciler) startReadOnlyHooks(scan *executionv1.Scan) error { if len(readOnlyHooks) == 0 { r.Log.Info("Marked scan as done as without running ReadOnly hooks as non were configured", "ScanName", scan.Name) scan.Status.State = "Done" + var now metav1.Time = metav1.Now() + scan.Status.FinishedAt = &now if err := r.Status().Update(ctx, scan); err != nil { r.Log.Error(err, "Unable to update Scan status") return err @@ -281,6 +283,8 @@ func (r *ScanReconciler) checkIfReadOnlyHookIsCompleted(scan *executionv1.Scan) if readOnlyHookCompletion == completed { r.Log.V(7).Info("All ReadOnlyHooks have completed") scan.Status.State = "Done" + var now metav1.Time = metav1.Now() + scan.Status.FinishedAt = &now if err := r.Status().Update(ctx, scan); err != nil { r.Log.Error(err, "Unable to update Scan status") return err diff --git a/operator/crds/execution.experimental.securecodebox.io_scans.yaml b/operator/crds/execution.experimental.securecodebox.io_scans.yaml index a5ee337a..01e02e48 100644 --- a/operator/crds/execution.experimental.securecodebox.io_scans.yaml +++ b/operator/crds/execution.experimental.securecodebox.io_scans.yaml @@ -252,6 +252,11 @@ spec: type: integer type: object type: object + finishedAt: + description: FinishedAt contains the time where the scan (including + parser & hooks) has been marked as "Done" + format: date-time + type: string rawResultFile: description: RawResultFile Filename of the result file of the scanner. e.g. `nmap-result.xml` From 1d9e0d34de1e1a4c073cfe72d8e849db6e55dc48 Mon Sep 17 00:00:00 2001 From: Felix Hoffmann <19827840+zzzFelix@users.noreply.github.com> Date: Tue, 11 Aug 2020 14:41:50 +0200 Subject: [PATCH 015/235] First draft for declarative combined scans --- docs/user-guide/README.md | 122 +++++++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 1 deletion(-) diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 5df2506c..97ce5375 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,3 +1,123 @@ # Using the secureCodeBox -follwing... \ No newline at end of file +## Declarative Combines Scans +### Install Hook +Installing the Declarative Combined Scan hook will add a ReadOnly Hook to your namespace which looks for matching CascadingRules in the namespace and start subsequent scans accordingly. + +```bash +helm install combined-scans ./hooks/declarative-subsequent-scans +``` + +### Verify Hook Installation + +Successful installation can be verified by retrieving installed ScanCompletionHooks. + +```bash +$ kubectl get ScanCompletionHooks +``` + +The result should contain a hook for declarative subsequent scans. + +```bash +NAME TYPE IMAGE +combined-scans-declarative-subsequent-scans ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest +``` + +### Verify CascadingRules + +CascadingRules are included in each individual scanner's Helm chart. + +```bash +$ kubectl get CascadingRules +``` +Output should show these CascadingRules: + +```bash +NAME STARTS INVASIVENESS INTENSIVENESS +https-tls-scan sslyze non-invasive light +imaps-tls-scan sslyze non-invasive light +nikto-http nikto non-invasive medium +nmap-smb nmap non-invasive light +pop3s-tls-scan sslyze non-invasive light +smtps-tls-scan sslyze non-invasive light +ssh-scan ssh-scan non-invasive light +zap-http zap-baseline non-invasive medium +``` + +### Start Scans + +When you start a normal Scan, no CascadingRule will be applied. +To use CascadingRules the scan must be marked to allow cascading rules. +This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one. + +### Example + +```bash +cat < Date: Tue, 11 Aug 2020 14:44:38 +0200 Subject: [PATCH 016/235] Fix typos --- docs/user-guide/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 97ce5375..4966f24a 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,8 +1,8 @@ # Using the secureCodeBox -## Declarative Combines Scans +## Declarative Combined Scans ### Install Hook -Installing the Declarative Combined Scan hook will add a ReadOnly Hook to your namespace which looks for matching CascadingRules in the namespace and start subsequent scans accordingly. +Installing the Declarative Combined Scan hook will add a ReadOnly Hook to your namespace which looks for matching CascadingRules in the namespace and starts subsequent scans accordingly. ```bash helm install combined-scans ./hooks/declarative-subsequent-scans @@ -48,6 +48,7 @@ zap-http zap-baseline non-invasive medium When you start a normal Scan, no CascadingRule will be applied. To use CascadingRules the scan must be marked to allow cascading rules. + This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one. ### Example From b63054e68aade355588184d6838a625f93d00a90 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Wed, 12 Aug 2020 19:22:54 +0200 Subject: [PATCH 017/235] Added a new placeholder folder for the static-reporting hook we are working on. --- hooks/persistence-static-report/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 hooks/persistence-static-report/README.md diff --git a/hooks/persistence-static-report/README.md b/hooks/persistence-static-report/README.md new file mode 100644 index 00000000..58705ecf --- /dev/null +++ b/hooks/persistence-static-report/README.md @@ -0,0 +1,13 @@ +--- +title: "Static Report" +path: "hooks/persistence-staticreport" +category: "hook" +type: "persistenceProvider" +state: "developing" +usecase: "Publishes all Scan Findings as HTML Report." +--- + + + +## Deployment +The secureCodeBox core team is working on an integration of DefectDojo. We will keep you informed. From 7c32941c63b0633908ae0abe7ad7a93bc2184cbb Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Wed, 12 Aug 2020 19:24:37 +0200 Subject: [PATCH 018/235] Switched DefectDojo state to developing because its an important feature we are working on. --- hooks/persistence-defectdojo/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index dbf4cd42..f6c56b8b 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -3,7 +3,7 @@ title: "DefectDojo" path: "hooks/persistence-defectdojo" category: "hook" type: "persistenceProvider" -state: "roadmap" +state: "developing" usecase: "Publishes all Scan Findings to DefectDojo." --- From 90f29e394441c1ff6dfc2110a7371069c17f9822 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Thu, 13 Aug 2020 11:36:47 +0200 Subject: [PATCH 019/235] Refactored readme to update project the state. --- README.md | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c7b32327..79645992 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# secureCodeBox – v2 ALPHA +# secureCodeBox – v2 Beta

secureCodeBox Logo @@ -7,17 +7,20 @@

License Apache-2.0 - Latest GitHub Release + Preview GitHub Release OWASP Incubator Project Twitter Follower

- Build - Test Coverage - Known Vulnerabilities + Build + Test Coverage + Known Vulnerabilities

-**NOTE**: This Repository contains a **work in progress** preview of the planned next major secureCodeBox Release. You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). The release of version 2.0 is still at least some month away but you can already get a sneak peak here 😀. The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles. +**NOTE**: This Repository contains the stable beta preview of the next major secureCodeBox (SCB) Release v2. +You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). + +_The major release of SCB version 2.0 will be available in the next weeks._ The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles. > _secureCodeBox_ is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. @@ -25,7 +28,7 @@ -- [secureCodeBox – v2 ALPHA](#securecodebox--v2-alpha) +- [secureCodeBox – v2 Beta](#securecodebox--v2-beta) - [Overview](#overview) - [Purpose of this Project](#purpose-of-this-project) - [Quickstart](#quickstart) From 2863ccfd1b8ccb2c087166bf868ef3931a4118f5 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 14 Aug 2020 12:17:10 +0200 Subject: [PATCH 020/235] Added hooks to architecture --- docs/resources/scb-architecture.drawio | 265 +++++++++++++++++-------- 1 file changed, 183 insertions(+), 82 deletions(-) diff --git a/docs/resources/scb-architecture.drawio b/docs/resources/scb-architecture.drawio index 27d9ee91..496ad545 100644 --- a/docs/resources/scb-architecture.drawio +++ b/docs/resources/scb-architecture.drawio @@ -1,30 +1,47 @@ - + - + - - + + - + - + + + + + + + + + + + + + + + + + + - + - - + + - - + + - + @@ -36,7 +53,7 @@ - + @@ -50,80 +67,41 @@ - - + + + - - - - - - - - - - - - - - - - - - - - + + - - - - - - - - + + - - + + - + - - + + + + - - - - - - - - - - - - - - - - - - - + - + @@ -134,13 +112,61 @@ - + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + @@ -149,20 +175,95 @@ - - + + - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - + + From 927e07e8e90c8b4448006508e208dbbc954db98e Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 14 Aug 2020 12:19:44 +0200 Subject: [PATCH 021/235] Updated scb-architecture.svg added hooks --- docs/resources/scb-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/scb-architecture.svg b/docs/resources/scb-architecture.svg index b6d25a55..ef40e944 100644 --- a/docs/resources/scb-architecture.svg +++ b/docs/resources/scb-architecture.svg @@ -1,3 +1,3 @@ -
Kubernetes Job
Kubernetes Job
Scanner Container
Run Scan
Scanner Container...
Lurcher
Extract Results
Lurcher...
Kubernetes Job
Kubernetes Job
Parser Container
Parse Results
Parser Container...
Kubernetes Job
Kubernetes Job
PersistenceProvider
Persist Results
PersistenceProvider...
2
2
3
3
4
4
CustomRessourceDefinition
Scan
CustomRessourceDefinitio...
secureCodeBox
Operator
secureCodeBoxOperator
1
1Viewer does not support full SVG 1.1 \ No newline at end of file +
kubectl apply -f scan.yaml
kubectl apply -f scan.yaml
Kubernetes Job
Kubernetes Job
Scanner Container
Run Scan
Scanner Container...
Lurcher
Extract Results
Lurcher...
Kubernetes Job
Kubernetes Job
CustomRessourceDefinition
Scan : scanType
CustomRessourceDefinitio...
1
1
Security Scanning
Security Scanning
Result Parsing
Result Parsing
Data Processing Hooks
Data Processing Hooks
Analytics &
Vulnerability Management
Analytics &...
Security Test Definition
Security Test Definition
Parser Container
Parse Results
Parser Container...
secureCodeBox
Operator
secureCodeBoxOperator
3
3
2
2
Kubernetes Job
Kubernetes Job
PersistenceProvider
Persist Results
PersistenceProvider...
ReadOnlyHook
Notify Results
ReadOnlyHook...
Kubernetes Job
Kubernetes Job
5
5
4
4Viewer does not support full SVG 1.1 \ No newline at end of file From 34ef0b0c1030adcd90058f6f147ba9ee20868600 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Fri, 14 Aug 2020 12:21:04 +0200 Subject: [PATCH 022/235] Updated scb-architecture.svg --- docs/resources/scb-architecture.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/scb-architecture.svg b/docs/resources/scb-architecture.svg index ef40e944..f9170692 100644 --- a/docs/resources/scb-architecture.svg +++ b/docs/resources/scb-architecture.svg @@ -1,3 +1,3 @@ -
kubectl apply -f scan.yaml
kubectl apply -f scan.yaml
Kubernetes Job
Kubernetes Job
Scanner Container
Run Scan
Scanner Container...
Lurcher
Extract Results
Lurcher...
Kubernetes Job
Kubernetes Job
CustomRessourceDefinition
Scan : scanType
CustomRessourceDefinitio...
1
1
Security Scanning
Security Scanning
Result Parsing
Result Parsing
Data Processing Hooks
Data Processing Hooks
Analytics &
Vulnerability Management
Analytics &...
Security Test Definition
Security Test Definition
Parser Container
Parse Results
Parser Container...
secureCodeBox
Operator
secureCodeBoxOperator
3
3
2
2
Kubernetes Job
Kubernetes Job
PersistenceProvider
Persist Results
PersistenceProvider...
ReadOnlyHook
Notify Results
ReadOnlyHook...
Kubernetes Job
Kubernetes Job
5
5
4
4Viewer does not support full SVG 1.1 \ No newline at end of file +
kubectl apply -f scan.yaml
kubectl apply -f scan.yaml
Kubernetes Job
Kubernetes Job
Scanner Container
Run Scan
Scanner Container...
Lurcher
Extract Results
Lurcher...
Kubernetes Job
Kubernetes Job
CustomRessourceDefinition
Scan : scanType
CustomRessourceDefinitio...
1
1
Security Scanning
Security Scanning
Result Parsing
Result Parsing
Data Processing Hooks
Data Processing Hooks
Analytics &
Vulnerability Management
Analytics &...
Security Test Definition
Security Test Definition
Parser Container
Parse Results
Parser Container...
secureCodeBox
Operator
secureCodeBoxOperator
3
3
2
2
Kubernetes Job
Kubernetes Job
PersistenceProvider
Persist Results
PersistenceProvider...
ReadOnlyHook
Notify Results
ReadOnlyHook...
Kubernetes Job
Kubernetes Job
5
5
4
4Viewer does not support full SVG 1.1 \ No newline at end of file From 2e6d2c431b8b0fa3971c538fd0232868dec9e076 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 17 Aug 2020 09:56:19 +0200 Subject: [PATCH 023/235] Add ADR for CascadingRules --- docs/adr/adr_0002.adoc | 182 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 docs/adr/adr_0002.adoc diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc new file mode 100644 index 00000000..44d1e6a7 --- /dev/null +++ b/docs/adr/adr_0002.adoc @@ -0,0 +1,182 @@ +[[ADR-0000]] += ADR-0000: How can we introduce a more general extension concept for data processing modules? + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== + +| Status +| ACCEPTED + +| Date +| 2020-05-20 + +| Author(s) +| Jannik Hollenbach , + Robert Seedorff , + Sven Strittmatter +|==== + +== Context + +=== Status Quo + +Currently scans by the secureCodeBox are single focused on a specific tool. +Combining multiple scans requires manual or scripting by the user to use the results of a scan (e.g. Nmap) as a input for another scanner (e.g. SSLyze) + +=== Problem and Question + +How can the results of a scan be used to automatically configure subsequent specialized scans for identified targets. + +In general we want to describe cascading scans like: + +``` ++--------+ +--------+ +--------+ +| scan 1 |-- result -->| scan 2 |-- result -->| scan 3 | ++--------+ +--------+ | +--------+ + | + | +--------+ + +---->| scan 4 | + +--------+ +```` + +A concrete example: + +``` ++----------------+ +-----------------+ +-----------+ +| <> | | <> | | <> | +| find all hosts |-- IP -->| find open ports |-- port 443 -->| check TLS | ++----------------+ +-----------------+ | +-----------+ + | + | +-------------+ + | | <> | + +------->| check HTTPd | + +-------------+ +``` + +The solution should fulfill the following criteria: + +- The "rules" used to describe which subsequent scans can be executed should be modular, so that they can be packaged together with the scan types. +- It should be possible for a user to select which scan rules should be applied +- Protections should be in place to ensure that the clusters are not completely overwhelmed by these automatically created scans. Especially circular structures which create a infinite number of scans should be prevented. + +== Decision + +It was decided to implement these rules as Custom Resource Definitions (CRDs) in Kubernetes. +This allows the Helm Charts of the scanners to package related rules for the scanner together with their ScanTypes. + +=== Defining CascadingRule + +The so called "CascadingRules" consist of a "matches" section which contains one or multiple rules which are compared against findings. +When a finding matches a rule the "scanSpec" section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +```yaml +apiVersion: "cascading.experimental.securecodebox.io/v1" +kind: CascadingRule +metadata: + name: "tls-scans" + labels: + # Described how "invasive" the scan is. + # Possible values: "invasive" or "non-invasive" + # CascadingRules are considered "invasive" when the Scan they start actively sends out packages with attack payloads. + securecodebox.io/invasive: non-invasive + # Described the intensiveness level on a scanning and computational resource level. + # Possible values: "ligh", "medium", "intense" + # CascadingRules are considered more "intensive" when the Scan they start consumes lots of computational resources like RAM, CPU, or Network + securecodebox.io/intensive: light +spec: + matches: + # CascadingRule triggers if a finding matches at least one of the anyOf matchers + # With the first version of this implementation only anyOf would be supported. + # If this turns out to be lacking and other operators (like `allOf` can be introduced without breaking changes) + anyOf: + # define an explicit "port" as finding and a given port number + - category: "Open Port" + attributes: + port: 443 + service: "https" + # define an "port service" finding (any port) + - category: "Open Port" + attributes: + service: "https" + scanSpec: + name: "sslyze" + parameters: ["--regular", "{{attributes.hostname}}"] +``` + +=== Using CascadingRules + +By default no cascading Rules will be used. + +```yaml +# Nmap Scan without cascading rules +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To enable cascading rules you need to specify a label selector to select the cascading rules you'd like + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + matchLabels: + # Uses all CascadingRules in the namespace which are labelled as "non-invasive" and a intensiveness level of "light" + securecodebox.io/invasive: non-invasive + securecodebox.io/intensive: light + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To implicitly enable all cascading rules (not-recommended) a empty label selector can be used + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + # Uses all `CascadingRules` in the namespace + matchLabels: {} + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +The label selectors also allow the more powerful [matchExpression](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) selectors: + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "example.com" +spec: + scanType: nmap + parameters: + - -p22,80,443 + - example.com + cascades: + # Using matchExpression instead of matchLabels + matchExpression: + key: "securecodebox.io/intensive" + operator: In + # This select both light and medium intensity rules + values: [light, medium] +``` From 8b708dc3861616c18569401751926b410d0be716 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 17 Aug 2020 09:58:03 +0200 Subject: [PATCH 024/235] Fix header --- docs/adr/adr_0002.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc index 44d1e6a7..7069f35a 100644 --- a/docs/adr/adr_0002.adoc +++ b/docs/adr/adr_0002.adoc @@ -1,5 +1,5 @@ -[[ADR-0000]] -= ADR-0000: How can we introduce a more general extension concept for data processing modules? +[[ADR-0002]] += ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? [cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] |==== From e1ad99e47df0bcfea2e16b2b5958c59a24aff163 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 17 Aug 2020 10:02:50 +0200 Subject: [PATCH 025/235] Remove leading $ signs from bash blocks --- docs/user-guide/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 4966f24a..94826694 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,7 +1,9 @@ # Using the secureCodeBox ## Declarative Combined Scans + ### Install Hook + Installing the Declarative Combined Scan hook will add a ReadOnly Hook to your namespace which looks for matching CascadingRules in the namespace and starts subsequent scans accordingly. ```bash @@ -13,7 +15,7 @@ helm install combined-scans ./hooks/declarative-subsequent-scans Successful installation can be verified by retrieving installed ScanCompletionHooks. ```bash -$ kubectl get ScanCompletionHooks +kubectl get ScanCompletionHooks ``` The result should contain a hook for declarative subsequent scans. @@ -28,8 +30,9 @@ combined-scans-declarative-subsequent-scans ReadOnly docker.io/scbexperiment CascadingRules are included in each individual scanner's Helm chart. ```bash -$ kubectl get CascadingRules +kubectl get CascadingRules ``` + Output should show these CascadingRules: ```bash @@ -75,7 +78,7 @@ This Scan will used all CascadingRules which are labeled with a "light" intensit You can lookup which CascadingRules this selects by running: ```bash -$ kubectl get CascadingRules -l "securecodebox.io/intensive=light" +kubectl get CascadingRules -l "securecodebox.io/intensive=light" NAME STARTS INVASIVENESS INTENSIVENESS https-tls-scan sslyze non-invasive light imaps-tls-scan sslyze non-invasive light @@ -121,4 +124,4 @@ pop3s-tls-scan sslyze non-invasive light smtps-tls-scan sslyze non-invasive light ssh-scan ssh-scan non-invasive light zap-http zap-baseline non-invasive medium -``` \ No newline at end of file +``` From 3ca3c3d9789cff282029187a3985f1c90557f76b Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 17 Aug 2020 10:21:41 +0200 Subject: [PATCH 026/235] Update amass version --- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 798af42a..8fbd4ae4 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.8.2 +appVersion: 3.9.1 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 835b11c7..4626a25a 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.7.2" +appVersion: "3.9.1" usecase: "Subdomain Enumeration Scanner" --- From c34c63f6f4f455ce3f2927ebc3f49889eaf56685 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 09:56:42 +0200 Subject: [PATCH 027/235] remove examples --- scanners/amass/README.md | 7 ------- scanners/kube-hunter/README.md | 6 ------ scanners/nikto/README.md | 6 ------ scanners/nmap/README.md | 8 -------- scanners/ssh_scan/README.md | 7 ------- scanners/sslyze/README.md | 7 ------- scanners/trivy/README.md | 7 ------- scanners/wpscan/README.md | 6 ------ scanners/zap/README.md | 7 ------- 9 files changed, 61 deletions(-) diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 4626a25a..7e87e960 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -22,13 +22,6 @@ The AMASS scanType can be deployed via helm: helm upgrade --install amass ./scanners/amass/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/amass/examples) folder. - -* Example *secureCodeBox.io* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/amass/examples/secureCodeBox.io/scan.yaml) -* Example *example.com* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/amass/examples/example.com/scan.yaml) - ## Configuration The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 15b843ed..95d71b26 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -22,12 +22,6 @@ The kube-hunter ScanType can be deployed via helm: helm upgrade --install kube-hunter ./scanners/kube-hunter/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/kube-hunter/examples) folder. - -* Example *in-cluster* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/kube-hunter/examples/in-cluster/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/kube-hunter/examples/in-cluster/findings.json) - ## Configuration The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index 226db9ec..f42abdcf 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -22,12 +22,6 @@ The Nikto ScanType can be deployed via helm: helm upgrade --install nikto ./scanners/nikto/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/nikto/examples) folder. - -* Example *secureCodeBox.io* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nikto/examples/secureCodeBox.io/scan.yaml) - ## Configuration The following security scan configuration example are based on the [Nikto Documentation](https://cirt.net/nikto2-docs/usage.html#id2780332), please take a look at the original documentation for more configuration examples. diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 94005a13..8b936d78 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -24,14 +24,6 @@ The Nmap ScanType can be deployed via helm: helm install nmap ./scanners/nmap/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/nmap/examples) folder. - -* Example *local-network* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/local-network/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/local-network/findings.yaml) -* Example *localhost* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/localhost/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/localhost/findings.yaml) -* Example *scan.nmap.org* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/scan.nmap.org/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/nmap/examples/scan.nmap.org/findings.yaml) - ## Nmap Configuration The nmap scan target is set via the targets location of the securityTest. The target should be a Hostname or an IP Address. diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index 8da24c27..c8d45bd3 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -22,13 +22,6 @@ The SSH_scan ScanType can be deployed via helm. helm upgrade --install ssh ./scanners/ssh_scan/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/ssh_scan/examples) folder. - -* Example *example.com* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/ssh_scan/examples/example.com/scan.yaml) -* Example *localhost* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/ssh_scan/examples/localhost/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/ssh_scan/examples/localhost/findings.yaml) - ## Configuration The following security scan configuration example are based on the [ssh_scan Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index 3428532c..2ea9a017 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -20,13 +20,6 @@ The SSLyze scanType can be deployed via helm: helm upgrade --install sslyze ./scanners/sslyze/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/sslyze/examples) folder. - -* Example *secureCodeBox.io* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/sslyze/examples/secureCodeBox.io/scan.yaml) -* Example *example.com* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/sslyze/examples/example.com/scan.yaml) - ## Configuration The following security scan configuration example are based on the [SSLyze Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index e90fa50b..56189029 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -25,13 +25,6 @@ The Trivy scanType can be deployed via helm: helm upgrade --install trivy ./scanners/trivy/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/trivy/examples) folder. - -* Example *juice-shop* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/trivy/examples/juice-shop/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/trivy/examples/juice-shop/findings.yaml) -* Example *mediawiki* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/trivy/examples/mediawiki/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/trivy/examples/mediawiki/findings.yaml) - ## Configuration The following security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index aee8ba86..2beb5565 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -26,12 +26,6 @@ The WPScan scanType can be deployed via helm: helm upgrade --install wpscan ./scanners/wpscan/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/wpscan/examples) folder. - -* Example *example.com* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/wpscan/examples/example.com/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/wpscan/examples/example.com/findings.yaml) - ## Configuration The following security scan configuration example are based on the [WPScan Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/zap/README.md b/scanners/zap/README.md index e08ba416..97a59df1 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -24,13 +24,6 @@ The ZAP scanType can be deployed via helm: helm upgrade --install zap ./scanners/zap/ ``` -## Examples - -A set of examples can be found in the [examples](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/tree/master/scanners/zap/examples) folder. - -* Example *Juice Shop* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/zap/examples/demo-juice-shop-full-scan/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/zap/examples/demo-juice-shop-full-scan/findings.yaml) -* Example *Pet Store* [scan](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/zap/examples/demo-petstore-api-scan/scan.yaml) and [findings](https://github.com/secureCodeBox/secureCodeBox-v2-alpha/blob/master/scanners/zap/examples/demo-petstore-api-scan/findings.yaml) - ## Configuration The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. From 96af34cf49fa0cc2c83f9dab5e20dc0fd65900a1 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 10:06:47 +0200 Subject: [PATCH 028/235] remove redundand deployment and development --- scanners/amass/README.md | 23 ----------------------- scanners/deployment.md | 7 +++++++ scanners/development.md | 14 ++++++++++++++ scanners/kube-hunter/README.md | 23 ----------------------- scanners/kubeaudit/README.md | 1 - scanners/ncrack/README.md | 1 - scanners/nikto/README.md | 23 ----------------------- scanners/nmap/README.md | 26 -------------------------- scanners/ssh_scan/README.md | 23 ----------------------- scanners/sslyze/README.md | 27 --------------------------- scanners/trivy/README.md | 23 ----------------------- scanners/wpscan/README.md | 23 ----------------------- scanners/zap/README.md | 23 ----------------------- 13 files changed, 21 insertions(+), 216 deletions(-) create mode 100644 scanners/deployment.md create mode 100644 scanners/development.md diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 7e87e960..31e6d988 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -14,14 +14,6 @@ The OWASP Amass Project has developed a tool to help information security profes -## Deployment - -The AMASS scanType can be deployed via helm: - -```bash -helm upgrade --install amass ./scanners/amass/ -``` - ## Configuration The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. @@ -36,21 +28,6 @@ Special command line options: * Disable saving data into a local database `amass enum -nolocaldb -d example.com` * Domain names separated by commas (can be used multiple times) `amass enum -d example.com` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [OWASP_Amass_Project]: https://owasp.org/www-project-amass/ [Amass GitHub]: https://github.com/OWASP/Amass [Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/deployment.md b/scanners/deployment.md new file mode 100644 index 00000000..22b6c7ea --- /dev/null +++ b/scanners/deployment.md @@ -0,0 +1,7 @@ +## Deployment + +Each scanType can be deployed via helm: + +```bash +helm upgrade --install [scannerName] ./scanners/[scannerName]/ +``` diff --git a/scanners/development.md b/scanners/development.md new file mode 100644 index 00000000..c8d1bcc8 --- /dev/null +++ b/scanners/development.md @@ -0,0 +1,14 @@ +## Development + +### Local setup + +1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` +2. Ensure you have node.js installed + * On MacOs with brew package manager: `brew install node` + +### Parser Development + +1. Install the dependencies `npm install` +2. Update the parser function here: `./parser/parser.js` +3. Update the parser tests here: `./parser/parser.test.js` +4. Run the test suite: `npm test` \ No newline at end of file diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 95d71b26..8ae3e2e8 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -14,14 +14,6 @@ To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or -## Deployment - -The kube-hunter ScanType can be deployed via helm: - -```bash -helm upgrade --install kube-hunter ./scanners/kube-hunter/ -``` - ## Configuration The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. @@ -30,21 +22,6 @@ The following security scan configuration example are based on the [kube-hunter * To specify interface scanning, you can use the --interface option (this will scan all of the machine's network interfaces). Example: `kube-hunter --interface` * To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [kube-hunter Website]: https://kube-hunter.aquasec.com/ [kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter [kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index 86250880..dfe55150 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -14,7 +14,6 @@ To learn more about the kubeaudit scanner itself visit [kubeaudit GitHub]. -## Deployment The secureCodeBox core team is working on an integration of kubeaudit. We will keep you informed. [kubeaudit GitHub]: https://github.com/Shopify/kubeaudit diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 6177fbf5..bb083b7c 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -14,7 +14,6 @@ To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack W -## Deployment The secureCodeBox core team is working on an integration of Ncrack. We will keep you informed. [Ncrack Website]: https://nmap.org/ncrack/ diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index f42abdcf..41afc495 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -14,14 +14,6 @@ Nikto is a free software command-line vulnerability scanner that scans webserver -## Deployment - -The Nikto ScanType can be deployed via helm: - -```bash -helm upgrade --install nikto ./scanners/nikto/ -``` - ## Configuration The following security scan configuration example are based on the [Nikto Documentation](https://cirt.net/nikto2-docs/usage.html#id2780332), please take a look at the original documentation for more configuration examples. @@ -49,20 +41,5 @@ Nikto also has a comprehensive list of [command line options documented](https:/ * c - Remote source inclusion. Software allows remote inclusion of source code. * x - Reverse Tuning Options. Perform exclusion of the specified tuning type instead of inclusion of the specified tuning type -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [cirt.net]: https://cirt.net/ [nikto github]: https://github.com/sullo/nikto diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 8b936d78..247bea8f 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -16,14 +16,6 @@ To learn more about the Nmap scanner itself visit [nmap.org]. -## Deployment - -The Nmap ScanType can be deployed via helm: - -```bash -helm install nmap ./scanners/nmap/ -``` - ## Nmap Configuration The nmap scan target is set via the targets location of the securityTest. The target should be a Hostname or an IP Address. @@ -42,21 +34,3 @@ Some useful example parameters listed below: - `-script` xx: Replace xx with the script name. Start the scan with the given script. - `--script` xx: Replace xx with a coma-separated list of scripts. Start the scan with the given scripts. -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - -#### Basic scanner tests - -If you want to test sslyze localy you can use brew (only on macOS) to install it: `brew install nmap` diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index c8d45bd3..6705501b 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -14,14 +14,6 @@ To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub]. -## Deployment - -The SSH_scan ScanType can be deployed via helm. - -```bash -helm upgrade --install ssh ./scanners/ssh_scan/ -``` - ## Configuration The following security scan configuration example are based on the [ssh_scan Documentation], please take a look at the original documentation for more configuration examples. @@ -62,20 +54,5 @@ Examples: ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml ``` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [ssh_scan GitHub]: https://github.com/mozilla/ssh_scan [ssh_scan Documentation]: https://github.com/mozilla/ssh_scan#example-command-line-usage diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index 2ea9a017..8c08d60f 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -12,14 +12,6 @@ SSLyze is a Python library and a CLI tool that can analyze the SSL configuration -## Deployment - -The SSLyze scanType can be deployed via helm: - -```bash -helm upgrade --install sslyze ./scanners/sslyze/ -``` - ## Configuration The following security scan configuration example are based on the [SSLyze Documentation], please take a look at the original documentation for more configuration examples. @@ -129,24 +121,5 @@ Options: vulnerability (CVE-2014-0224). ``` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - -#### Basic scanner tests - -If you want to test sslyze localy you can use brew (only on macOS) to install it: `brew install sslyze` - [SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze [SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 56189029..355aece6 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -17,14 +17,6 @@ To learn more about the Trivy scanner itself visit or [Trivy GitHub]. -## Deployment - -The Trivy scanType can be deployed via helm: - -```bash -helm upgrade --install trivy ./scanners/trivy/ -``` - ## Configuration The following security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. @@ -34,20 +26,5 @@ The following security scan configuration example are based on the [Trivy Docume * Skip update of vulnerability DB: `trivy image --skip-update python:3.4-alpine3.9` * Ignore unfixed vulnerabilities:`trivy image --ignore-unfixed ruby:2.4.0` By default, Trivy also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the `--ignore-unfixed` option. -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [Trivy GitHub]: https://github.com/aquasecurity/trivy [Trivy Documentation]: https://github.com/aquasecurity/trivy#examples diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 2beb5565..5011df99 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -18,14 +18,6 @@ To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io]. -## Deployment - -The WPScan scanType can be deployed via helm: - -```bash -helm upgrade --install wpscan ./scanners/wpscan/ -``` - ## Configuration The following security scan configuration example are based on the [WPScan Documentation], please take a look at the original documentation for more configuration examples. @@ -68,21 +60,6 @@ Incompatible choices (only one of each group/s can be used): - vt, at, t ``` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` - [wpscan.io]: https://wpscan.io/ [wpscan.org]: https://wpscan.org/ [WPScan Documentation]: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 97a59df1..ae860d30 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -16,14 +16,6 @@ To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy -## Deployment - -The ZAP scanType can be deployed via helm: - -```bash -helm upgrade --install zap ./scanners/zap/ -``` - ## Configuration The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. @@ -59,20 +51,5 @@ Options: --hook path to python file that define your custom hooks ``` -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` - [SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze [SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ From b11b78c64caa66c51ec36db341082ffbca11395b Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 10:19:07 +0200 Subject: [PATCH 029/235] remove temp files --- docs/developer-guide/README.md | 7 ++++++- docs/user-guide/README.md | 14 ++++++++++++++ scanners/deployment.md | 7 ------- scanners/development.md | 14 -------------- 4 files changed, 20 insertions(+), 22 deletions(-) delete mode 100644 scanners/deployment.md delete mode 100644 scanners/development.md diff --git a/docs/developer-guide/README.md b/docs/developer-guide/README.md index 241c78d9..7c6d6589 100644 --- a/docs/developer-guide/README.md +++ b/docs/developer-guide/README.md @@ -86,12 +86,17 @@ cd operator make run ``` -## How to a New Security Scanner +## How to add a New Security Scanner ### ScanType Definition ### Parsing SDK +1. Install the dependencies `npm install` +2. Update the parser function here: `./parser/parser.js` +3. Update the parser tests here: `./parser/parser.test.js` +4. Run the test suite: `npm test` + ## How to Integrate a New Hook ### HookType Definition diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 5df2506c..04f30ede 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,3 +1,17 @@ # Using the secureCodeBox +### Local setup + +1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` +2. Ensure you have node.js installed + * On MacOs with brew package manager: `brew install node` + +## Deployment + +Each scanType can be deployed via helm: + +```bash +helm upgrade --install ./scanners// +``` + follwing... \ No newline at end of file diff --git a/scanners/deployment.md b/scanners/deployment.md deleted file mode 100644 index 22b6c7ea..00000000 --- a/scanners/deployment.md +++ /dev/null @@ -1,7 +0,0 @@ -## Deployment - -Each scanType can be deployed via helm: - -```bash -helm upgrade --install [scannerName] ./scanners/[scannerName]/ -``` diff --git a/scanners/development.md b/scanners/development.md deleted file mode 100644 index c8d1bcc8..00000000 --- a/scanners/development.md +++ /dev/null @@ -1,14 +0,0 @@ -## Development - -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -### Parser Development - -1. Install the dependencies `npm install` -2. Update the parser function here: `./parser/parser.js` -3. Update the parser tests here: `./parser/parser.test.js` -4. Run the test suite: `npm test` \ No newline at end of file From a708da45d00b6060084fd0bcd4bdcf6dc213682c Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 10:20:41 +0200 Subject: [PATCH 030/235] remove unneccessary content --- docs/user-guide/README.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 04f30ede..5df2506c 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,17 +1,3 @@ # Using the secureCodeBox -### Local setup - -1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` -2. Ensure you have node.js installed - * On MacOs with brew package manager: `brew install node` - -## Deployment - -Each scanType can be deployed via helm: - -```bash -helm upgrade --install ./scanners// -``` - follwing... \ No newline at end of file From 10cd1674201888cf13f71cc8822783c30ae200c7 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 10:36:08 +0200 Subject: [PATCH 031/235] add indication for content in progress --- docs/developer-guide/README.md | 6 ++++++ docs/user-guide/README.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/developer-guide/README.md b/docs/developer-guide/README.md index 7c6d6589..2c2dcd01 100644 --- a/docs/developer-guide/README.md +++ b/docs/developer-guide/README.md @@ -89,6 +89,7 @@ make run ## How to add a New Security Scanner ### ScanType Definition +> 🔧 **Following...** ### Parsing SDK @@ -98,14 +99,19 @@ make run 4. Run the test suite: `npm test` ## How to Integrate a New Hook +> 🔧 **Following...** ### HookType Definition +> 🔧 **Following...** ### Hook SDK +> 🔧 **Following...** ## Guidelines +> 🔧 **Following...** ### Coding Guidelines +> 🔧 **Following...** #### JSON diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index 5df2506c..cb8ac832 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,3 +1,3 @@ # Using the secureCodeBox -follwing... \ No newline at end of file +> 🔧 **Page under construction.** \ No newline at end of file From 8bd77e792dac1a1cb2b59e4397babcd83221c73e Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 10:38:39 +0200 Subject: [PATCH 032/235] add indication for content in progress --- scanners/kubeaudit/README.md | 2 +- scanners/ncrack/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index dfe55150..38177cbf 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -14,7 +14,7 @@ To learn more about the kubeaudit scanner itself visit [kubeaudit GitHub]. -The secureCodeBox core team is working on an integration of kubeaudit. We will keep you informed. +> 🔧 The secureCodeBox core team is working on an integration of kubeaudit. We will keep you informed. [kubeaudit GitHub]: https://github.com/Shopify/kubeaudit [kubeaudit Documentation]: https://github.com/Shopify/kubeaudit#quick-start diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index bb083b7c..6e4ab8ce 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -14,7 +14,7 @@ To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack W -The secureCodeBox core team is working on an integration of Ncrack. We will keep you informed. +> 🔧 The secureCodeBox core team is working on an integration of Ncrack. We will keep you informed. [Ncrack Website]: https://nmap.org/ncrack/ [Ncrack GitHub]: https://github.com/nmap/ncrack From f3a38bd0199d384e196e403a380ed7986e920b79 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 11:11:23 +0200 Subject: [PATCH 033/235] add indication for following content --- hooks/declarative-subsequent-scans/README.md | 2 +- hooks/generic-webhook/README.md | 1 + hooks/imperative-subsequent-scans/README.md | 10 ++++++++++ hooks/persistence-defectdojo/README.md | 2 +- hooks/persistence-static-report/README.md | 2 +- hooks/slack-webhook/README.md | 2 +- hooks/teams-webhook/README.md | 2 +- hooks/update-field/README.md | 2 ++ 8 files changed, 18 insertions(+), 5 deletions(-) create mode 100644 hooks/imperative-subsequent-scans/README.md diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index 0f71cef0..dd875b57 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -63,7 +63,7 @@ spec: EOF ``` -This Scan will used all CascadingRules which are labeled with a "light" intensity. +This Scan will use all CascadingRules which are labeled with a "light" intensity. You can lookup which CascadingRules this selects by running: ```bash diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index be2cf6a6..ad706c9e 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -16,3 +16,4 @@ Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. ```bash helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target" ``` +> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file diff --git a/hooks/imperative-subsequent-scans/README.md b/hooks/imperative-subsequent-scans/README.md new file mode 100644 index 00000000..a765a999 --- /dev/null +++ b/hooks/imperative-subsequent-scans/README.md @@ -0,0 +1,10 @@ +--- +title: "Imperative Scans" +path: "hooks/imperative-subsequent-scans" +category: "hook" +type: "integration" +state: "roadmap" +usecase: "Cascading Scans based imperative Rules." +--- + +> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index f6c56b8b..b8b3ed2a 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -18,7 +18,7 @@ Tools which are supported both by the secureCodeBox and DefectDojo (OWASP ZAP & To learn more about DefectDojo visit [DefectDojo GitHub] or [DefectDojo Website]. ## Deployment -The secureCodeBox core team is working on an integration of DefectDojo. We will keep you informed. +> 🔧 The secureCodeBox core team is working on an integration of DefectDojo. We will keep you informed. [DefectDojo Website]: https://www.defectdojo.org/ diff --git a/hooks/persistence-static-report/README.md b/hooks/persistence-static-report/README.md index 58705ecf..72c0611b 100644 --- a/hooks/persistence-static-report/README.md +++ b/hooks/persistence-static-report/README.md @@ -10,4 +10,4 @@ usecase: "Publishes all Scan Findings as HTML Report." ## Deployment -The secureCodeBox core team is working on an integration of DefectDojo. We will keep you informed. +> 🔧 The secureCodeBox core team is working on an integration of a static report. We will keep you informed. diff --git a/hooks/slack-webhook/README.md b/hooks/slack-webhook/README.md index 3b0c7748..4c7be1f1 100644 --- a/hooks/slack-webhook/README.md +++ b/hooks/slack-webhook/README.md @@ -13,4 +13,4 @@ usecase: "Publishes Scan Summary to Slack." Installing the Slack WebHook hook will add a ReadOnly Hook to your namespace. -The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md index 9860e723..8ef8216d 100644 --- a/hooks/teams-webhook/README.md +++ b/hooks/teams-webhook/README.md @@ -13,4 +13,4 @@ usecase: "Publishes Scan Summary to MS Teams." Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace. -The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index cb9ebc6d..fa6b0dd9 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -16,3 +16,5 @@ Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. ```bash helm upgrade --install ufh ./hooks/update-field/ --set attribute.name="category" --set attribute.value="my-own-category" ``` + +> 🔧 The secureCodeBox core team is working on this, we will keep you informed. From 1e59e88d4c182d31e0e7ef0277db3030d550bbac Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 11:23:23 +0200 Subject: [PATCH 034/235] revert deployment removal --- scanners/amass/README.md | 8 ++++++++ scanners/kube-hunter/README.md | 8 ++++++++ scanners/nikto/README.md | 8 ++++++++ scanners/nmap/README.md | 8 ++++++++ scanners/ssh_scan/README.md | 8 ++++++++ scanners/sslyze/README.md | 8 ++++++++ scanners/trivy/README.md | 8 ++++++++ scanners/wpscan/README.md | 8 ++++++++ scanners/zap/README.md | 8 ++++++++ 9 files changed, 72 insertions(+) diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 31e6d988..6968c918 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -14,6 +14,14 @@ The OWASP Amass Project has developed a tool to help information security profes +## Deployment + +The AMASS scanType can be deployed via helm: + +```bash +helm upgrade --install amass ./scanners/amass/ +``` + ## Configuration The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 8ae3e2e8..e60d7413 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -14,6 +14,14 @@ To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or +## Deployment + +The kube-hunter ScanType can be deployed via helm: + +```bash +helm upgrade --install kube-hunter ./scanners/kube-hunter/ +``` + ## Configuration The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index 41afc495..f19c5080 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -14,6 +14,14 @@ Nikto is a free software command-line vulnerability scanner that scans webserver +## Deployment + +The Nikto ScanType can be deployed via helm: + +```bash +helm upgrade --install nikto ./scanners/nikto/ +``` + ## Configuration The following security scan configuration example are based on the [Nikto Documentation](https://cirt.net/nikto2-docs/usage.html#id2780332), please take a look at the original documentation for more configuration examples. diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 247bea8f..a108c0a2 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -16,6 +16,14 @@ To learn more about the Nmap scanner itself visit [nmap.org]. +## Deployment + +The Nikto ScanType can be deployed via helm: + +```bash +helm upgrade --install nikto ./scanners/nikto/ +``` + ## Nmap Configuration The nmap scan target is set via the targets location of the securityTest. The target should be a Hostname or an IP Address. diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index 6705501b..a0cba5be 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -14,6 +14,14 @@ To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub]. +## Deployment + +The SSH_scan ScanType can be deployed via helm. + +```bash +helm upgrade --install ssh ./scanners/ssh_scan/ +``` + ## Configuration The following security scan configuration example are based on the [ssh_scan Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index 8c08d60f..6a02c95c 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -12,6 +12,14 @@ SSLyze is a Python library and a CLI tool that can analyze the SSL configuration +## Deployment + +The SSLyze scanType can be deployed via helm: + +```bash +helm upgrade --install sslyze ./scanners/sslyze/ +``` + ## Configuration The following security scan configuration example are based on the [SSLyze Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 355aece6..fc76cb9a 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -17,6 +17,14 @@ To learn more about the Trivy scanner itself visit or [Trivy GitHub]. +## Deployment + +The Trivy scanType can be deployed via helm: + +```bash +helm upgrade --install trivy ./scanners/trivy/ +``` + ## Configuration The following security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 5011df99..1f3da369 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -18,6 +18,14 @@ To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io]. +## Deployment + +The WPScan scanType can be deployed via helm: + +```bash +helm upgrade --install wpscan ./scanners/wpscan/ +``` + ## Configuration The following security scan configuration example are based on the [WPScan Documentation], please take a look at the original documentation for more configuration examples. diff --git a/scanners/zap/README.md b/scanners/zap/README.md index ae860d30..61e6ef5b 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -16,6 +16,14 @@ To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy +## Deployment + +The ZAP scanType can be deployed via helm: + +```bash +helm upgrade --install zap ./scanners/zap/ +``` + ## Configuration The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. From 97a860edc32a2e0db897282599b5358d034135ff Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 11:31:22 +0200 Subject: [PATCH 035/235] better WIP messages --- hooks/generic-webhook/README.md | 2 +- hooks/imperative-subsequent-scans/README.md | 2 +- hooks/persistence-defectdojo/README.md | 2 +- hooks/persistence-static-report/README.md | 4 +++- hooks/slack-webhook/README.md | 2 +- hooks/teams-webhook/README.md | 2 +- scanners/ncrack/README.md | 2 +- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index ad706c9e..ffef9221 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -16,4 +16,4 @@ Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. ```bash helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target" ``` -> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> ✍ This documentation is currently work-in-progress. \ No newline at end of file diff --git a/hooks/imperative-subsequent-scans/README.md b/hooks/imperative-subsequent-scans/README.md index a765a999..c4b471fc 100644 --- a/hooks/imperative-subsequent-scans/README.md +++ b/hooks/imperative-subsequent-scans/README.md @@ -7,4 +7,4 @@ state: "roadmap" usecase: "Cascading Scans based imperative Rules." --- -> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. \ No newline at end of file diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index b8b3ed2a..5b85c64f 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -18,7 +18,7 @@ Tools which are supported both by the secureCodeBox and DefectDojo (OWASP ZAP & To learn more about DefectDojo visit [DefectDojo GitHub] or [DefectDojo Website]. ## Deployment -> 🔧 The secureCodeBox core team is working on an integration of DefectDojo. We will keep you informed. +> 🔧 The implementation is currently work-in-progress and under still undergoing major changes. It'll be released here once it has stabilized. [DefectDojo Website]: https://www.defectdojo.org/ diff --git a/hooks/persistence-static-report/README.md b/hooks/persistence-static-report/README.md index 72c0611b..adbbefcd 100644 --- a/hooks/persistence-static-report/README.md +++ b/hooks/persistence-static-report/README.md @@ -10,4 +10,6 @@ usecase: "Publishes all Scan Findings as HTML Report." ## Deployment -> 🔧 The secureCodeBox core team is working on an integration of a static report. We will keep you informed. + +> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. + diff --git a/hooks/slack-webhook/README.md b/hooks/slack-webhook/README.md index 4c7be1f1..c204ea85 100644 --- a/hooks/slack-webhook/README.md +++ b/hooks/slack-webhook/README.md @@ -13,4 +13,4 @@ usecase: "Publishes Scan Summary to Slack." Installing the Slack WebHook hook will add a ReadOnly Hook to your namespace. -> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md index 8ef8216d..9c0cbfa9 100644 --- a/hooks/teams-webhook/README.md +++ b/hooks/teams-webhook/README.md @@ -13,4 +13,4 @@ usecase: "Publishes Scan Summary to MS Teams." Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace. -> 🔧 The secureCodeBox core team is working on this, we will keep you informed. \ No newline at end of file +> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 6e4ab8ce..f16640d1 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -14,7 +14,7 @@ To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack W -> 🔧 The secureCodeBox core team is working on an integration of Ncrack. We will keep you informed. +> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. [Ncrack Website]: https://nmap.org/ncrack/ [Ncrack GitHub]: https://github.com/nmap/ncrack From c3409b66822d63ad1ebb93dccfc5f53e65e883fb Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 11:35:45 +0200 Subject: [PATCH 036/235] improved messages and message icons --- docs/developer-guide/README.md | 12 ++++++------ docs/user-guide/README.md | 2 +- hooks/update-field/README.md | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/developer-guide/README.md b/docs/developer-guide/README.md index 2c2dcd01..84618a91 100644 --- a/docs/developer-guide/README.md +++ b/docs/developer-guide/README.md @@ -89,7 +89,7 @@ make run ## How to add a New Security Scanner ### ScanType Definition -> 🔧 **Following...** +> ✍ **Following...** ### Parsing SDK @@ -99,19 +99,19 @@ make run 4. Run the test suite: `npm test` ## How to Integrate a New Hook -> 🔧 **Following...** +> ✍ **Following...** ### HookType Definition -> 🔧 **Following...** +> ✍ **Following...** ### Hook SDK -> 🔧 **Following...** +> ✍ **Following...** ## Guidelines -> 🔧 **Following...** +> ✍ **Following...** ### Coding Guidelines -> 🔧 **Following...** +> ✍ **Following...** #### JSON diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index cb8ac832..fa9b7869 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,3 +1,3 @@ # Using the secureCodeBox -> 🔧 **Page under construction.** \ No newline at end of file +> ✍ **Page under construction.** \ No newline at end of file diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index fa6b0dd9..10f6c3a4 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -17,4 +17,4 @@ Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. helm upgrade --install ufh ./hooks/update-field/ --set attribute.name="category" --set attribute.value="my-own-category" ``` -> 🔧 The secureCodeBox core team is working on this, we will keep you informed. +> ✍ This documentation is currently work-in-progress. From 2e130c942e3652fc620a57ed0bfe826277cc5d42 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 12:42:25 +0200 Subject: [PATCH 037/235] add missing link --- hooks/persistence-elastic/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index 294194d4..21170803 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -10,7 +10,7 @@ usecase: "Publishes all Scan Findings to Elasticsearch." ## About -The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit elastic.io. +The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io]. ## Deployment @@ -52,4 +52,6 @@ elasticsearch: kibana: enabled: true # image: docker.elastic.co/kibana/kibana-oss -``` \ No newline at end of file +``` + +[elastic.io]: https://www.elastic.co/products/elasticsearch \ No newline at end of file From 22d4222db816b352e09ad9be0185abb5f3092403 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 18 Aug 2020 12:51:28 +0200 Subject: [PATCH 038/235] adding frontmatter to docs --- docs/developer-guide/README.md | 8 ++++++++ docs/user-guide/README.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/docs/developer-guide/README.md b/docs/developer-guide/README.md index 84618a91..a7e0ddcc 100644 --- a/docs/developer-guide/README.md +++ b/docs/developer-guide/README.md @@ -1,3 +1,11 @@ +--- +title: "Developer Guide" +path: "docs/developer-guide" +category: "develop" +--- + + + # Extending secureCodeBox ## Developing the SCB Operator diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index fa9b7869..cc728bc7 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -1,3 +1,11 @@ +--- +title: "User Guide" +path: "docs/user-guide" +category: "use" +--- + + + # Using the secureCodeBox > ✍ **Page under construction.** \ No newline at end of file From a97b589baa6c1f7f9ec2ae5fd78eb252a84bbbe3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 20 Aug 2020 20:08:04 +0200 Subject: [PATCH 039/235] Add version as a env var to the docker image --- .github/workflows/ci.yaml | 4 ++++ operator/Dockerfile | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 572c987c..c4f36b60 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -63,12 +63,16 @@ jobs: cd operator/ go fmt ./... go vet ./... + - name: Parse Tag + id: parse-tag + run: echo ::set-output name=version::${GITHUB_REF#refs/*/} - name: "Build'n Push Operator" uses: docker/build-push-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} repository: scbexperimental/operator + build_args: VERSION=`${{ steps.parse-tag.outputs.version }} tag_with_ref: true tag_with_sha: true path: ./operator/ diff --git a/operator/Dockerfile b/operator/Dockerfile index 42586593..34d572b9 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -13,6 +13,7 @@ RUN go mod download COPY main.go main.go COPY apis/ apis/ COPY controllers/ controllers/ +COPY internal/ internal/ COPY utils/ utils/ # Build @@ -21,6 +22,11 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot + +ARG VERSION=unkown +ENV VERSION ENV ${BRANCH} +ENV TELEMETRY_ENABLED "true" + WORKDIR / COPY --from=builder /workspace/manager . USER nonroot:nonroot From 1105ff07a94698ecc2a5b1d8a5224c77e12025fe Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 20 Aug 2020 20:12:54 +0200 Subject: [PATCH 040/235] Add telemetry client sending the telemetry data to the backend --- operator/internal/telemetry/telemetry.go | 101 +++++++++++++++++++++++ operator/main.go | 5 ++ 2 files changed, 106 insertions(+) create mode 100644 operator/internal/telemetry/telemetry.go diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go new file mode 100644 index 00000000..858f9669 --- /dev/null +++ b/operator/internal/telemetry/telemetry.go @@ -0,0 +1,101 @@ +package telemetry + +import ( + "bytes" + "context" + "encoding/json" + "net/http" + "os" + "time" + + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/go-logr/logr" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var telemetryInterval = 24 * time.Hour + +// officialScanTypes contains the list of official secureCodeBox Scan Types. +// Unofficial Scan Types should be reported as "other" to avoid leakage of confidential data via the scan-types name +var officialScanTypes map[string]bool = map[string]bool{ + "amass": true, + "kube-hunter": true, + "kubeaudit": true, + "ncrack": true, + "nikto": true, + "nmap": true, + "ssh-scan": true, + "sslyze": true, + "trivy": true, + "wpscan": true, + "zap-baseline": true, + "zap-api-scan": true, + "zap-full-scan": true, +} + +// telemetryData submitted by operator +type telemetryData struct { + Version string `json:"version"` + InstalledScanTypes []string `json:"installedScanTypes"` +} + +// Loop Submits Telemetry Data in a regular interval +func Loop(apiClient client.Client, log logr.Logger) { + log.Info("The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry") + + // Wait until controller cache is initialized + time.Sleep(10 * time.Second) + + for { + var version string + if envVersion, ok := os.LookupEnv("VERSION"); ok { + version = envVersion + } else { + version = "unkown" + } + + ctx := context.Background() + + installedScanTypes := map[string]bool{} + var scanTypes executionv1.ScanTypeList + err := apiClient.List(ctx, &scanTypes, client.InNamespace(metav1.NamespaceAll)) + + if err != nil { + log.Error(err, "Failed to list ScanTypes") + } + for _, scanType := range scanTypes.Items { + installedScanTypes[scanType.Name] = true + } + + installedScanTypesList := []string{} + for key := range installedScanTypes { + if _, ok := officialScanTypes[key]; ok { + installedScanTypesList = append(installedScanTypesList, key) + } else { + installedScanTypesList = append(installedScanTypesList, "other") + } + } + + log.Info("Submitting Anonymous Telemetry Data", "Version", version, "InstalledScanTypes", installedScanTypesList) + + reqBody, err := json.Marshal(telemetryData{ + Version: version, + InstalledScanTypes: installedScanTypesList, + }) + + if err != nil { + log.Error(err, "Failed to encode telemetry data to json") + } + response, err := http.Post("https://telemetry.chase.securecodebox.io/v1/submit", "application/json", bytes.NewBuffer(reqBody)) + if err != nil { + log.Error(err, "Failed to send telemetry data") + } + if response != nil { + response.Body.Close() + } + + time.Sleep(telemetryInterval) + } +} diff --git a/operator/main.go b/operator/main.go index 4551bac9..18d1e58e 100644 --- a/operator/main.go +++ b/operator/main.go @@ -32,6 +32,7 @@ import ( executioncontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution" scancontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution/scans" targetscontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/targets" + "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/internal/telemetry" // +kubebuilder:scaffold:imports ) @@ -98,6 +99,10 @@ func main() { } // +kubebuilder:scaffold:builder + if enabled, ok := os.LookupEnv("TELEMETRY_ENABLED"); ok && enabled == "true" { + go telemetry.Loop(mgr.GetClient(), ctrl.Log.WithName("telemetry")) + } + setupLog.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") From fb60042a4270efd08ccad995bc5b88a0ff0de1c8 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 21 Aug 2020 12:38:31 +0200 Subject: [PATCH 041/235] Correct nmap deployment instructions --- scanners/nmap/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index a108c0a2..6520b0c9 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -21,7 +21,7 @@ To learn more about the Nmap scanner itself visit [nmap.org]. The Nikto ScanType can be deployed via helm: ```bash -helm upgrade --install nikto ./scanners/nikto/ +helm upgrade --install nmap ./scanners/nmap/ ``` ## Nmap Configuration From c6fb6f203cc0c08ab4685ef3e396f373f7a7aff5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 27 Aug 2020 10:30:12 +0200 Subject: [PATCH 042/235] Update supported kubernetes version range --- .github/workflows/ci.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 572c987c..b3c51c6a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -316,7 +316,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - k8sVersion: ["1.18.6", "1.17.5", "1.16.9", "1.15.11"] + k8sVersion: ["1.19.0", "1.18.8", "1.17.5", "1.16.9"] steps: - uses: actions/checkout@master - name: "Start kind cluster" diff --git a/README.md b/README.md index 79645992..d2669c2d 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Prerequisites -- kubernetes (last 4 major releases supported: `1.15`, `1.16`, `1.17` & `1.18`) +- kubernetes (last 4 major releases supported: `1.16`, `1.17`, `1.18` & `1.19`,) ### Deployment (based on Helm) From 123aec9fdd2ba9ef2507f9537d3fa2442604ba1b Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 27 Aug 2020 15:09:05 +0200 Subject: [PATCH 043/235] Add helm value to disable telemetry data collection --- operator/templates/manager/manager.yaml | 2 ++ operator/values.yaml | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index 2ee84703..721f70d1 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -28,6 +28,8 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager env: + - name: TELEMETRY_ENABLED + value: {{ .Values.telemetryEnabled | quote }} # TODO: integrate with cert manager and auto gen a cert for minio {{- if .Values.minio.enabled }} - name: S3_USE_SSL diff --git a/operator/values.yaml b/operator/values.yaml index 2a6e396d..c2e7a44d 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# telemetryEnabled -- The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry +telemetryEnabled: true + image: registry: docker.io repository: scbexperimental/operator @@ -45,4 +48,4 @@ resources: memory: 30Mi requests: cpu: 100m - memory: 20Mi \ No newline at end of file + memory: 20Mi From 291d630d8f4ac1ea744df32ff5fec8c017f3ccf5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 31 Aug 2020 16:38:52 +0200 Subject: [PATCH 044/235] Fixed Link to ZAP Website --- scanners/zap/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 61e6ef5b..12a3e380 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -12,7 +12,7 @@ usecase: "WebApp & OpenAPI Vulnerability Scanner" The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. -To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy.org]. +To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/). From 77c2326567312a86b2ecfad655ff705886dfa401 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 31 Aug 2020 17:01:33 +0200 Subject: [PATCH 045/235] Update ZAP example doc description to give more details --- scanners/zap/README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 12a3e380..e6f2108a 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -26,7 +26,7 @@ helm upgrade --install zap ./scanners/zap/ ## Configuration -The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the ZAP Docker Scan Scripts. By default the secureCodeBox ZAP Helm Chart installs all three ZAP scripts: `zap-baseline`, `zap-full-scan` & `zap-api-scan`. Listed below are the arguments supported by the `zap-baseline` script, which are mostly interchangable with the other ZAP scripts. For a more complete reference check out the [ZAP Documentation](https://www.zaproxy.org/docs/docker/) and the secureCodeBox based ZAP examples listed below. The command line interface can be used to easily run server scans: `-t www.example.com` @@ -58,6 +58,3 @@ Options: -z zap_options ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd" --hook path to python file that define your custom hooks ``` - -[SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze -[SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ From e80a795b335f91fea13807db44b12683d81a8eb8 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 1 Sep 2020 09:42:55 +0200 Subject: [PATCH 046/235] Update to Amass 3.10.1 --- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 8fbd4ae4..4ed2cbe3 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.9.1 +appVersion: 3.10.1 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 6968c918..745befa6 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.9.1" +appVersion: "3.10.1" usecase: "Subdomain Enumeration Scanner" --- @@ -26,16 +26,16 @@ helm upgrade --install amass ./scanners/amass/ The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. -* The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -* Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` Special command line options: -* Disable generation of altered names `amass enum -noalts -d example.com` -* Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -* Disable saving data into a local database `amass enum -nolocaldb -d example.com` -* Domain names separated by commas (can be used multiple times) `amass enum -d example.com` +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` -[OWASP_Amass_Project]: https://owasp.org/www-project-amass/ -[Amass GitHub]: https://github.com/OWASP/Amass -[Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md From 000da5f46f3aff6846e30cc0a0e3ffe0b8cf78c4 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 1 Sep 2020 11:17:47 +0200 Subject: [PATCH 047/235] Add notes.txt file for Operator Chart --- operator/templates/NOTES.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 operator/templates/NOTES.txt diff --git a/operator/templates/NOTES.txt b/operator/templates/NOTES.txt new file mode 100644 index 00000000..98256c15 --- /dev/null +++ b/operator/templates/NOTES.txt @@ -0,0 +1,15 @@ +secureCodeBox Operator Deployed 🚀 + +The operator can orchestrate the execution of various security scanning tools inside of your cluster. +You can find a list of all officially supported scanners here: https://www.securecodebox.io/integrations/ +The website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch. + +{{ if .Values.telemetryEnabled -}} +The operator send out regular telemetry pings to a central service. +This lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used. +The submitted data is chosen to be as anonymous as possible. +You can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/telemetry +The first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`. +{{ else -}} +Telemetry data collection has been disabled. +{{ end -}} \ No newline at end of file From 5fea0f07112daea0faa45913c6ddfb5b531b1eb2 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 1 Sep 2020 14:43:33 +0200 Subject: [PATCH 048/235] add example readme --- scanners/amass/examples/example.com/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 scanners/amass/examples/example.com/README.md diff --git a/scanners/amass/examples/example.com/README.md b/scanners/amass/examples/example.com/README.md new file mode 100644 index 00000000..978d5f21 --- /dev/null +++ b/scanners/amass/examples/example.com/README.md @@ -0,0 +1,9 @@ +--- +title: "example.com" +--- + + + +> ✍ **Page under construction.** + +the frontmatter requires the name of the scantarget as 'title' \ No newline at end of file From 4e2569064d71c4ec96466c1c9891f93b790a7685 Mon Sep 17 00:00:00 2001 From: dpatanin Date: Tue, 1 Sep 2020 18:37:18 +0200 Subject: [PATCH 049/235] hotfix: repair ssh scan readme --- scanners/ssh_scan/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index a0cba5be..a07af52a 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -1,6 +1,6 @@ --- title: "SSH" -path: "scanners/ssh" +path: "scanners/ssh_scan" category: "scanner" type: "SSH" state: "released" From 4c30e2fa8a319104d57c1a10cbe261bb92e38979 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Wed, 2 Sep 2020 20:22:38 +0200 Subject: [PATCH 050/235] Update to Amass 3.10.2 --- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 4ed2cbe3..12242fc7 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.10.1 +appVersion: 3.10.2 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 745befa6..9995965d 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.10.1" +appVersion: "3.10.2" usecase: "Subdomain Enumeration Scanner" --- From 51b6aaa02cccb9a140f2397bfa19de0d1696ac2c Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Wed, 2 Sep 2020 21:10:30 +0200 Subject: [PATCH 051/235] Properly rename repository references --- auto-discovery/kubernetes/PROJECT | 2 +- .../controllers/ingress_scan_controller.go | 2 +- auto-discovery/kubernetes/go.mod | 6 +++--- auto-discovery/kubernetes/go.sum | 2 +- auto-discovery/kubernetes/main.go | 4 ++-- .../declarative-subsequent-scans/templates/NOTES.txt | 2 +- lurcher/go.mod | 2 +- operator/PROJECT | 2 +- operator/apis/cascading/v1/cascadingrule_types.go | 2 +- operator/apis/targets/v1/host_types.go | 2 +- .../controllers/execution/scans/hook_reconciler.go | 4 ++-- operator/controllers/execution/scans/job.go | 2 +- .../controllers/execution/scans/parse_reconciler.go | 4 ++-- .../controllers/execution/scans/scan_controller.go | 2 +- .../controllers/execution/scans/scan_reconciler.go | 4 ++-- .../execution/scheduledscan_controller.go | 2 +- operator/controllers/execution/suite_test.go | 2 +- operator/controllers/targets/host_controller.go | 4 ++-- operator/controllers/targets/suite_test.go | 2 +- operator/go.mod | 2 +- operator/go.sum | 2 +- operator/main.go | 12 ++++++------ package.json | 6 +++--- 23 files changed, 37 insertions(+), 37 deletions(-) diff --git a/auto-discovery/kubernetes/PROJECT b/auto-discovery/kubernetes/PROJECT index 12d65693..5131904f 100644 --- a/auto-discovery/kubernetes/PROJECT +++ b/auto-discovery/kubernetes/PROJECT @@ -1,3 +1,3 @@ domain: securecodebox.io -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha/cloud-integrations/kubernetes +repo: github.com/secureCodeBox/secureCodeBox-v2/cloud-integrations/kubernetes version: "2" diff --git a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go b/auto-discovery/kubernetes/controllers/ingress_scan_controller.go index 76c3dd4d..f26f076d 100644 --- a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/ingress_scan_controller.go @@ -21,7 +21,7 @@ import ( "fmt" "github.com/go-logr/logr" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" + targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" networking "k8s.io/api/networking/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod index cd684be0..8ba5b490 100644 --- a/auto-discovery/kubernetes/go.mod +++ b/auto-discovery/kubernetes/go.mod @@ -1,4 +1,4 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes +module github.com/secureCodeBox/secureCodeBox-v2/auto-discovery/kubernetes go 1.13 @@ -6,11 +6,11 @@ require ( github.com/go-logr/logr v0.1.0 github.com/onsi/ginkgo v1.11.0 github.com/onsi/gomega v1.8.1 - github.com/secureCodeBox/secureCodeBox-v2-alpha/operator v0.0.0 + github.com/secureCodeBox/secureCodeBox-v2/operator v0.0.0 k8s.io/api v0.17.2 k8s.io/apimachinery v0.17.2 k8s.io/client-go v0.17.2 sigs.k8s.io/controller-runtime v0.5.2 ) -replace github.com/secureCodeBox/secureCodeBox-v2-alpha/operator => ../../operator +replace github.com/secureCodeBox/secureCodeBox-v2/operator => ../../operator diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum index b063e04c..45f55823 100644 --- a/auto-discovery/kubernetes/go.sum +++ b/auto-discovery/kubernetes/go.sum @@ -251,7 +251,7 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200421122123-57178734d6e9 h1:S/FoesxDuE1/lj2iYpCgPdJXj4Gqe81BfuzTao+kIng= +github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200421122123-57178734d6e9 h1:S/FoesxDuE1/lj2iYpCgPdJXj4Gqe81BfuzTao+kIng= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/auto-discovery/kubernetes/main.go b/auto-discovery/kubernetes/main.go index c34bd899..92b1eaeb 100644 --- a/auto-discovery/kubernetes/main.go +++ b/auto-discovery/kubernetes/main.go @@ -26,9 +26,9 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" - "github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes/controllers" + "github.com/secureCodeBox/secureCodeBox-v2/auto-discovery/kubernetes/controllers" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" + targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" // +kubebuilder:scaffold:imports ) diff --git a/hooks/declarative-subsequent-scans/templates/NOTES.txt b/hooks/declarative-subsequent-scans/templates/NOTES.txt index 5b163957..0e06e84a 100644 --- a/hooks/declarative-subsequent-scans/templates/NOTES.txt +++ b/hooks/declarative-subsequent-scans/templates/NOTES.txt @@ -10,4 +10,4 @@ $ kubectl get cascadingrules You need to explicitly turn on scan cascading for every scan you use. You can do that by setting a label selector which matches all rules you want to use. -Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues/46) \ No newline at end of file +Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2/issues/46) \ No newline at end of file diff --git a/lurcher/go.mod b/lurcher/go.mod index eea3bcf0..69375b67 100644 --- a/lurcher/go.mod +++ b/lurcher/go.mod @@ -1,4 +1,4 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/lurcher +module github.com/secureCodeBox/secureCodeBox-v2/lurcher go 1.13 diff --git a/operator/PROJECT b/operator/PROJECT index a0c68343..20f5bd19 100644 --- a/operator/PROJECT +++ b/operator/PROJECT @@ -1,6 +1,6 @@ domain: experimental.securecodebox.io multigroup: true -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha +repo: github.com/secureCodeBox/secureCodeBox-v2 resources: - group: execution kind: Scan diff --git a/operator/apis/cascading/v1/cascadingrule_types.go b/operator/apis/cascading/v1/cascadingrule_types.go index 2115bf0d..b1de37eb 100644 --- a/operator/apis/cascading/v1/cascadingrule_types.go +++ b/operator/apis/cascading/v1/cascadingrule_types.go @@ -17,7 +17,7 @@ limitations under the License. package v1 import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) diff --git a/operator/apis/targets/v1/host_types.go b/operator/apis/targets/v1/host_types.go index 47b0fea6..e09061b0 100644 --- a/operator/apis/targets/v1/host_types.go +++ b/operator/apis/targets/v1/host_types.go @@ -17,7 +17,7 @@ limitations under the License. package v1 import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index c7aee9f1..899cf15c 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/job.go b/operator/controllers/execution/scans/job.go index c1ccb3aa..2f202ea3 100644 --- a/operator/controllers/execution/scans/job.go +++ b/operator/controllers/execution/scans/job.go @@ -3,7 +3,7 @@ package scancontrollers import ( "context" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" batch "k8s.io/api/batch/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index b3022b9d..bed741a8 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/scan_controller.go b/operator/controllers/execution/scans/scan_controller.go index ae543dab..1755147d 100644 --- a/operator/controllers/execution/scans/scan_controller.go +++ b/operator/controllers/execution/scans/scan_controller.go @@ -32,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/minio/minio-go/v6" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) // ScanReconciler reconciles a Scan object diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 2e3b6e6d..2f10da56 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index cb676b97..b1a29446 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -29,7 +29,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) var ( diff --git a/operator/controllers/execution/suite_test.go b/operator/controllers/execution/suite_test.go index d7a043a9..b71e8cba 100644 --- a/operator/controllers/execution/suite_test.go +++ b/operator/controllers/execution/suite_test.go @@ -30,7 +30,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" // +kubebuilder:scaffold:imports ) diff --git a/operator/controllers/targets/host_controller.go b/operator/controllers/targets/host_controller.go index 9ac2c2f5..149af8ac 100644 --- a/operator/controllers/targets/host_controller.go +++ b/operator/controllers/targets/host_controller.go @@ -31,8 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" ) var ( diff --git a/operator/controllers/targets/suite_test.go b/operator/controllers/targets/suite_test.go index 7f9147dd..fde80700 100644 --- a/operator/controllers/targets/suite_test.go +++ b/operator/controllers/targets/suite_test.go @@ -30,7 +30,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" + targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" // +kubebuilder:scaffold:imports ) diff --git a/operator/go.mod b/operator/go.mod index 97c7be87..91d1c649 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -1,4 +1,4 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/operator +module github.com/secureCodeBox/secureCodeBox-v2/operator go 1.13 diff --git a/operator/go.sum b/operator/go.sum index 5643d29d..c54b01e6 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -254,7 +254,7 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/operator/main.go b/operator/main.go index 4551bac9..b25365a4 100644 --- a/operator/main.go +++ b/operator/main.go @@ -26,12 +26,12 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" - cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/cascading/v1" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - executioncontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution" - scancontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution/scans" - targetscontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/targets" + cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/cascading/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" + executioncontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution" + scancontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution/scans" + targetscontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/targets" // +kubebuilder:scaffold:imports ) diff --git a/package.json b/package.json index 11ccfe50..afa424a5 100644 --- a/package.json +++ b/package.json @@ -9,15 +9,15 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2-alpha.git" + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" }, "keywords": [], "author": "", "license": "ISC", "bugs": { - "url": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues" + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" }, - "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha#readme", + "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2#readme", "devDependencies": { "eslint": "^6.8.0", "eslint-config-oclif": "^3.1.0", From 8f2f4ff33ea147ea436717f14a17b73b257bef47 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Wed, 2 Sep 2020 21:11:47 +0200 Subject: [PATCH 052/235] Delete auto-discovery folder This will be added back in a feature release of v2 or a further release Check `auto-discovery` branch for more details --- auto-discovery/kubernetes/.gitignore | 24 - auto-discovery/kubernetes/Dockerfile | 27 - auto-discovery/kubernetes/Makefile | 80 --- auto-discovery/kubernetes/PROJECT | 3 - .../config/certmanager/certificate.yaml | 26 - .../config/certmanager/kustomization.yaml | 5 - .../config/certmanager/kustomizeconfig.yaml | 16 - .../config/default/kustomization.yaml | 70 --- .../default/manager_auth_proxy_patch.yaml | 25 - .../config/default/manager_webhook_patch.yaml | 23 - .../default/webhookcainjection_patch.yaml | 15 - .../config/manager/kustomization.yaml | 2 - .../kubernetes/config/manager/manager.yaml | 39 -- .../config/prometheus/kustomization.yaml | 2 - .../kubernetes/config/prometheus/monitor.yaml | 16 - .../rbac/auth_proxy_client_clusterrole.yaml | 7 - .../config/rbac/auth_proxy_role.yaml | 13 - .../config/rbac/auth_proxy_role_binding.yaml | 12 - .../config/rbac/auth_proxy_service.yaml | 14 - .../kubernetes/config/rbac/kustomization.yaml | 12 - .../config/rbac/leader_election_role.yaml | 32 -- .../rbac/leader_election_role_binding.yaml | 12 - .../kubernetes/config/rbac/role.yaml | 22 - .../kubernetes/config/rbac/role_binding.yaml | 12 - .../config/webhook/kustomization.yaml | 6 - .../config/webhook/kustomizeconfig.yaml | 25 - .../kubernetes/config/webhook/service.yaml | 12 - .../controllers/ingress_scan_controller.go | 202 -------- .../kubernetes/controllers/suite_test.go | 76 --- auto-discovery/kubernetes/go.mod | 16 - auto-discovery/kubernetes/go.sum | 470 ------------------ .../kubernetes/hack/boilerplate.go.txt | 15 - auto-discovery/kubernetes/main.go | 86 ---- auto-discovery/readme.md | 16 - 34 files changed, 1433 deletions(-) delete mode 100644 auto-discovery/kubernetes/.gitignore delete mode 100644 auto-discovery/kubernetes/Dockerfile delete mode 100644 auto-discovery/kubernetes/Makefile delete mode 100644 auto-discovery/kubernetes/PROJECT delete mode 100644 auto-discovery/kubernetes/config/certmanager/certificate.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/default/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/manager.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/monitor.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/service.yaml delete mode 100644 auto-discovery/kubernetes/controllers/ingress_scan_controller.go delete mode 100644 auto-discovery/kubernetes/controllers/suite_test.go delete mode 100644 auto-discovery/kubernetes/go.mod delete mode 100644 auto-discovery/kubernetes/go.sum delete mode 100644 auto-discovery/kubernetes/hack/boilerplate.go.txt delete mode 100644 auto-discovery/kubernetes/main.go delete mode 100644 auto-discovery/readme.md diff --git a/auto-discovery/kubernetes/.gitignore b/auto-discovery/kubernetes/.gitignore deleted file mode 100644 index d97ffc51..00000000 --- a/auto-discovery/kubernetes/.gitignore +++ /dev/null @@ -1,24 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -.idea -*.swp -*.swo -*~ diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile deleted file mode 100644 index 74eb9d74..00000000 --- a/auto-discovery/kubernetes/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Build the manager binary -FROM golang:1.13 as builder - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ - -# Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY --from=builder /workspace/manager . -USER nonroot:nonroot - -ENTRYPOINT ["/manager"] diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile deleted file mode 100644 index 5da22b5b..00000000 --- a/auto-discovery/kubernetes/Makefile +++ /dev/null @@ -1,80 +0,0 @@ - -# Image URL to use all building/pushing image targets -IMG ?= controller:latest -# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true" - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -all: manager - -# Run tests -test: generate fmt vet manifests - go test ./... -coverprofile cover.out - -# Build manager binary -manager: generate fmt vet - go build -o bin/manager main.go - -# Run against the configured Kubernetes cluster in ~/.kube/config -run: generate fmt vet manifests - go run ./main.go - -# Install CRDs into a cluster -install: manifests - kustomize build config/crd | kubectl apply -f - - -# Uninstall CRDs from a cluster -uninstall: manifests - kustomize build config/crd | kubectl delete -f - - -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests - cd config/manager && kustomize edit set image controller=${IMG} - kustomize build config/default | kubectl apply -f - - -# Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases - -# Run go fmt against code -fmt: - go fmt ./... - -# Run go vet against code -vet: - go vet ./... - -# Generate code -generate: controller-gen - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - -# Build the docker image -docker-build: test - docker build . -t ${IMG} - -# Push the docker image -docker-push: - docker push ${IMG} - -# find or download controller-gen -# download controller-gen if necessary -controller-gen: -ifeq (, $(shell which controller-gen)) - @{ \ - set -e ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$CONTROLLER_GEN_TMP_DIR ;\ - go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ - rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ - } -CONTROLLER_GEN=$(GOBIN)/controller-gen -else -CONTROLLER_GEN=$(shell which controller-gen) -endif diff --git a/auto-discovery/kubernetes/PROJECT b/auto-discovery/kubernetes/PROJECT deleted file mode 100644 index 5131904f..00000000 --- a/auto-discovery/kubernetes/PROJECT +++ /dev/null @@ -1,3 +0,0 @@ -domain: securecodebox.io -repo: github.com/secureCodeBox/secureCodeBox-v2/cloud-integrations/kubernetes -version: "2" diff --git a/auto-discovery/kubernetes/config/certmanager/certificate.yaml b/auto-discovery/kubernetes/config/certmanager/certificate.yaml deleted file mode 100644 index 58db114f..00000000 --- a/auto-discovery/kubernetes/config/certmanager/certificate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml b/auto-discovery/kubernetes/config/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a5..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index 90d7c313..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/auto-discovery/kubernetes/config/default/kustomization.yaml b/auto-discovery/kubernetes/config/default/kustomization.yaml deleted file mode 100644 index 4d371fdb..00000000 --- a/auto-discovery/kubernetes/config/default/kustomization.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Adds namespace to all resources. -namespace: kubernetes-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: kubernetes- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 77e743d1..00000000 --- a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" diff --git a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml b/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de350..00000000 --- a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml b/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 7e79bf99..00000000 --- a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/auto-discovery/kubernetes/config/manager/kustomization.yaml b/auto-discovery/kubernetes/config/manager/kustomization.yaml deleted file mode 100644 index 5c5f0b84..00000000 --- a/auto-discovery/kubernetes/config/manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- manager.yaml diff --git a/auto-discovery/kubernetes/config/manager/manager.yaml b/auto-discovery/kubernetes/config/manager/manager.yaml deleted file mode 100644 index b6c85a52..00000000 --- a/auto-discovery/kubernetes/config/manager/manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - command: - - /manager - args: - - --enable-leader-election - image: controller:latest - name: manager - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - terminationGracePeriodSeconds: 10 diff --git a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168..00000000 --- a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/auto-discovery/kubernetes/config/prometheus/monitor.yaml b/auto-discovery/kubernetes/config/prometheus/monitor.yaml deleted file mode 100644 index 9b8047b7..00000000 --- a/auto-discovery/kubernetes/config/prometheus/monitor.yaml +++ /dev/null @@ -1,16 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - selector: - matchLabels: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 7d62534c..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 618f5e41..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 48ed1e4b..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 6cf656be..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/kustomization.yaml b/auto-discovery/kubernetes/config/rbac/kustomization.yaml deleted file mode 100644 index 66c28338..00000000 --- a/auto-discovery/kubernetes/config/rbac/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml deleted file mode 100644 index eaa79158..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index eed16906..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml deleted file mode 100644 index 62af5353..00000000 --- a/auto-discovery/kubernetes/config/rbac/role.yaml +++ /dev/null @@ -1,22 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - networking - resources: - - ingress - verbs: - - get - - list - - watch -- apiGroups: - - networking - resources: - - ingress/status - verbs: - - get diff --git a/auto-discovery/kubernetes/config/rbac/role_binding.yaml b/auto-discovery/kubernetes/config/rbac/role_binding.yaml deleted file mode 100644 index 8f265870..00000000 --- a/auto-discovery/kubernetes/config/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/webhook/kustomization.yaml b/auto-discovery/kubernetes/config/webhook/kustomization.yaml deleted file mode 100644 index 9cf26134..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: -- manifests.yaml -- service.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml deleted file mode 100644 index 25e21e3c..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# the following config is for teaching kustomize where to look at when substituting vars. -# It requires kustomize v2.1.0 or newer to work properly. -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true - -varReference: -- path: metadata/annotations diff --git a/auto-discovery/kubernetes/config/webhook/service.yaml b/auto-discovery/kubernetes/config/webhook/service.yaml deleted file mode 100644 index 31e0f829..00000000 --- a/auto-discovery/kubernetes/config/webhook/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go b/auto-discovery/kubernetes/controllers/ingress_scan_controller.go deleted file mode 100644 index f26f076d..00000000 --- a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go +++ /dev/null @@ -1,202 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - - "github.com/go-logr/logr" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" - - networking "k8s.io/api/networking/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/predicate" -) - -// IngressScanReconciler reconciles a DeleteMe object -type IngressScanReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// +kubebuilder:rbac:groups=networking,resources=ingress,verbs=get;list;watch -// +kubebuilder:rbac:groups=networking,resources=ingress/status,verbs=get - -// Reconcile compares the Ingress object against the state of the cluster and updates both if needed -func (r *IngressScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log - - log.Info("Something happened to a ingress", "ingress", req.Name, "namespace", req.Namespace) - - var ingress networking.Ingress - if err := r.Get(ctx, req.NamespacedName, &ingress); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Ingress") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - err := r.CreateOrUpdateTlsForHosts(ingress) - if err != nil { - return ctrl.Result{}, err - } - - return ctrl.Result{}, nil -} - -func (r *IngressScanReconciler) CreateOrUpdateTlsForHosts(ingress networking.Ingress) error { - if ingress.Spec.TLS == nil { - return nil - } - - for _, tlsConfig := range ingress.Spec.TLS { - for _, hostname := range tlsConfig.Hosts { - - var hostTargets targetsv1.HostList - - // Check if there is a target already, or create one - r.List( - context.Background(), - &hostTargets, - client.InNamespace(ingress.Namespace), - client.MatchingField(ownerKey, ingress.Name), - ) - r.Log.Info("Listed hosts", "Length", len(hostTargets.Items)) - - host := targetsv1.Host{} - - found := false - // Check if the ingress has a child Host with a matching Hostname - for _, hostItem := range hostTargets.Items { - r.Log.Info("Comparing Hostnames", "LoopyHostname", hostItem.Spec.Hostname, "IngressHostname", hostname) - if hostItem.Spec.Hostname == hostname { - r.Log.Info("Found Host") - found = true - host = hostItem - } - } - if found == false { - host.GenerateName = fmt.Sprintf("%s-", ingress.Name) - host.Namespace = ingress.Namespace - host.Spec.Hostname = hostname - host.Spec.Ports = make([]targetsv1.HostPort, 0) - - if err := ctrl.SetControllerReference(&ingress, &host, r.Scheme); err != nil { - return err - } - - err := r.Create(context.Background(), &host) - if err != nil { - r.Log.Error(err, "unable to create host") - return err - } - } - - containsHTTPSPort := false - if host.Spec.Ports == nil { - host.Spec.Ports = make([]targetsv1.HostPort, 0) - } - for _, port := range host.Spec.Ports { - if port.Port == 443 { - containsHTTPSPort = true - break - } - } - - if containsHTTPSPort == false { - httpsPort := targetsv1.HostPort{ - Type: "https", - Port: 443, - } - host.Spec.Ports = append(host.Spec.Ports, httpsPort) - - err := r.Update(context.Background(), &host) - if err != nil { - r.Log.Error(err, "Failed to add https port to target") - return err - } - } - } - } - - return nil -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *IngressScanReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&targetsv1.Host{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the job object, extract the owner... - host := rawObj.(*targetsv1.Host) - owner := metav1.GetControllerOf(host) - if owner == nil { - return nil - } - // ...make sure it's a Host... - if owner.APIVersion != "networking.k8s.io/v1beta1" || owner.Kind != "Ingress" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - isInDemoNamespaceFilter := predicate.Funcs{ - CreateFunc: func(event event.CreateEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - DeleteFunc: func(event event.DeleteEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - UpdateFunc: func(event event.UpdateEvent) bool { - if val, ok := event.MetaNew.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.MetaNew.GetNamespace() == "juice-shop" || event.MetaNew.GetNamespace() == "bodgeit" - }, - GenericFunc: func(event event.GenericEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - } - - return ctrl.NewControllerManagedBy(mgr). - For(&networking.Ingress{}).WithEventFilter(isInDemoNamespaceFilter). - Complete(r) -} diff --git a/auto-discovery/kubernetes/controllers/suite_test.go b/auto-discovery/kubernetes/controllers/suite_test.go deleted file mode 100644 index e3184e08..00000000 --- a/auto-discovery/kubernetes/controllers/suite_test.go +++ /dev/null @@ -1,76 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod deleted file mode 100644 index 8ba5b490..00000000 --- a/auto-discovery/kubernetes/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module github.com/secureCodeBox/secureCodeBox-v2/auto-discovery/kubernetes - -go 1.13 - -require ( - github.com/go-logr/logr v0.1.0 - github.com/onsi/ginkgo v1.11.0 - github.com/onsi/gomega v1.8.1 - github.com/secureCodeBox/secureCodeBox-v2/operator v0.0.0 - k8s.io/api v0.17.2 - k8s.io/apimachinery v0.17.2 - k8s.io/client-go v0.17.2 - sigs.k8s.io/controller-runtime v0.5.2 -) - -replace github.com/secureCodeBox/secureCodeBox-v2/operator => ../../operator diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum deleted file mode 100644 index 45f55823..00000000 --- a/auto-discovery/kubernetes/go.sum +++ /dev/null @@ -1,470 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= -github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54= -github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= -github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= -github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= -github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= -github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= -github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= -github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= -github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= -github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= -github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= -github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= -github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 h1:u4bArs140e9+AfE52mFHOXVFnOSBJBRlzTHrOPLOIhE= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk= -github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/minio/minio-go/v6 v6.0.50/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= -github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= -github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200421122123-57178734d6e9 h1:S/FoesxDuE1/lj2iYpCgPdJXj4Gqe81BfuzTao+kIng= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69 h1:rOhMmluY6kLMhdnrivzec6lLgaVbMHMn2ISQXJeJ5EM= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0= -gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.17.2 h1:NF1UFXcKN7/OOv1uxdRz3qfra8AHsPav5M93hlV9+Dc= -k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= -k8s.io/apiextensions-apiserver v0.17.2 h1:cP579D2hSZNuO/rZj9XFRzwJNYb41DbNANJb6Kolpss= -k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs= -k8s.io/apimachinery v0.17.2 h1:hwDQQFbdRlpnnsR64Asdi55GyCaIP/3WQpMmbNBeWr4= -k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= -k8s.io/client-go v0.17.2 h1:ndIfkfXEGrNhLIgkr0+qhRguSD3u6DCmonepn1O6NYc= -k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI= -k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo= -sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8= -sigs.k8s.io/controller-runtime v0.5.2 h1:pyXbUfoTo+HA3jeIfr0vgi+1WtmNh0CwlcnQGLXwsSw= -sigs.k8s.io/controller-runtime v0.5.2/go.mod h1:JZUwSMVbxDupo0lTJSSFP5pimEyxGynROImSsqIOx1A= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/auto-discovery/kubernetes/hack/boilerplate.go.txt b/auto-discovery/kubernetes/hack/boilerplate.go.txt deleted file mode 100644 index 767efde9..00000000 --- a/auto-discovery/kubernetes/hack/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file diff --git a/auto-discovery/kubernetes/main.go b/auto-discovery/kubernetes/main.go deleted file mode 100644 index 92b1eaeb..00000000 --- a/auto-discovery/kubernetes/main.go +++ /dev/null @@ -1,86 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "os" - - "k8s.io/apimachinery/pkg/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - "github.com/secureCodeBox/secureCodeBox-v2/auto-discovery/kubernetes/controllers" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -var ( - scheme = runtime.NewScheme() - setupLog = ctrl.Log.WithName("setup") -) - -func init() { - _ = clientgoscheme.AddToScheme(scheme) - - _ = targetsv1.AddToScheme(scheme) - - // +kubebuilder:scaffold:scheme -} - -func main() { - var metricsAddr string - var enableLeaderElection bool - flag.StringVar(&metricsAddr, "metrics-addr", ":8081", "The address the metric endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - flag.Parse() - - ctrl.SetLogger(zap.New(zap.UseDevMode(true))) - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Port: 9443, - LeaderElection: enableLeaderElection, - LeaderElectionID: "0c9fa8fa.my.domain", - }) - if err != nil { - setupLog.Error(err, "unable to start manager") - os.Exit(1) - } - - if err = (&controllers.IngressScanReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("IngressScanController"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DeleteMe") - os.Exit(1) - } - // +kubebuilder:scaffold:builder - - setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") - os.Exit(1) - } -} diff --git a/auto-discovery/readme.md b/auto-discovery/readme.md deleted file mode 100644 index 9aba2beb..00000000 --- a/auto-discovery/readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# secureCodeBox Auto-Discovery - -> Disclaimer: This concept is currently undergoing first tests, things might still change drastically. - -The Auto Discovery Services monitor security relevant resources inside a cloud environment and automatically create scans to continuously monitor security aspects of the resources. We aim to eventually support most mayor cloud providers, like AWS, GCP and Azure, but also runtime environments on top of these, primarily kubernetes. - -## Example - -A developer deploys an app to a kubernetes cluster where the secureCodeBox and the kubernetes cloud integration for the secureCodeBox is installed. They create an Deployment for their application container and a Ingress to expose the application to the world. - -The kubernetes cloud integration service will automatically detect these new resources and start scans for them. -The scans it would start: - -1. A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy) -2. A TLS Scan against the certificate of the ingress for the host. (Using SSLyze) -3. A ZAP Baseline Scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP) From ae183058af57283a102f65f5a53296ca441a5c0f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Wed, 2 Sep 2020 21:13:48 +0200 Subject: [PATCH 053/235] Delete unused testing files --- lurcher/job.yaml | 57 ---------------------------------------------- lurcher/result.xml | 1 - 2 files changed, 58 deletions(-) delete mode 100644 lurcher/job.yaml delete mode 100644 lurcher/result.xml diff --git a/lurcher/job.yaml b/lurcher/job.yaml deleted file mode 100644 index 3aa24783..00000000 --- a/lurcher/job.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: lurcher-test -spec: - backoffLimit: 4 - template: - spec: - restartPolicy: Never - containers: - - name: primary - image: alpine - command: ["sleep", "5"] - - name: lurcher - image: scbexperimental - imagePullPolicy: IfNotPresent - args: - - "--container" - - "primary" - - "--file" - - "/home/securecodebox/result.xml" - - "--url" - # This URL has been expired for quite some time ;) To test this you'll need to generate a new one. - - "https://fra1.digitaloceanspaces.com/securecodebox/scan/result.xml?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=NWN2DEMTNFQUTQB5SZ6A%2F20200312%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20200312T180859Z&X-Amz-Expires=43200&X-Amz-SignedHeaders=host&X-Amz-Signature=852dc4576ff5b6195b9f6a7dd49851cc701a2fb59fb23db6e7c7913f412f0460" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: lurcher ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: "default" - name: lurcher -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: lurcher - namespace: default -subjects: - - kind: ServiceAccount - name: lurcher -roleRef: - kind: Role - name: lurcher - apiGroup: rbac.authorization.k8s.io diff --git a/lurcher/result.xml b/lurcher/result.xml deleted file mode 100644 index b364cd36..00000000 --- a/lurcher/result.xml +++ /dev/null @@ -1 +0,0 @@ - From d870e27530b06ae4db603d6ccd27fd6c979aced3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 3 Sep 2020 10:04:25 +0200 Subject: [PATCH 054/235] Remove extra comma --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d2669c2d..36edf449 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Prerequisites -- kubernetes (last 4 major releases supported: `1.16`, `1.17`, `1.18` & `1.19`,) +- kubernetes (last 4 major releases supported: `1.16`, `1.17`, `1.18` & `1.19`) ### Deployment (based on Helm) From 185e3382f2ca9c2d3800acbf6ff780837e410319 Mon Sep 17 00:00:00 2001 From: sebie Date: Thu, 3 Sep 2020 11:45:53 +0200 Subject: [PATCH 055/235] Dockerfile Scanner --- scanners/ncrack/scanner/Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 scanners/ncrack/scanner/Dockerfile diff --git a/scanners/ncrack/scanner/Dockerfile b/scanners/ncrack/scanner/Dockerfile new file mode 100644 index 00000000..2615013b --- /dev/null +++ b/scanners/ncrack/scanner/Dockerfile @@ -0,0 +1,7 @@ +FROM ubuntu:20.04 + +RUN apt-get update \ + && apt-get install ncrack=0.7+debian-1build1 -y \ + && rm -rf /var/lib/apt/lists/* + +ENTRYPOINT [ "ncrack" ] \ No newline at end of file From 495bd14ad76f1c016391a5629b9cfb946444feee Mon Sep 17 00:00:00 2001 From: sebie Date: Thu, 3 Sep 2020 11:46:04 +0200 Subject: [PATCH 056/235] Parser --- scanners/ncrack/parser/.dockerignore | 1 + scanners/ncrack/parser/.gitignore | 1 + scanners/ncrack/parser/Dockerfile | 11 ++ .../__testFiles__/ncrack_no_results.xml | 11 ++ .../ncrack_two_services_no_results.xml | 15 ++ .../ncrack_two_services_with_results.xml | 17 ++ .../__testFiles__/ncrack_with_results.xml | 12 ++ scanners/ncrack/parser/package-lock.json | 153 ++++++++++++++++++ scanners/ncrack/parser/package.json | 14 ++ scanners/ncrack/parser/parser.js | 51 ++++++ scanners/ncrack/parser/parser.test.js | 101 ++++++++++++ 11 files changed, 387 insertions(+) create mode 100644 scanners/ncrack/parser/.dockerignore create mode 100644 scanners/ncrack/parser/.gitignore create mode 100644 scanners/ncrack/parser/Dockerfile create mode 100644 scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml create mode 100644 scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml create mode 100644 scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml create mode 100644 scanners/ncrack/parser/__testFiles__/ncrack_with_results.xml create mode 100644 scanners/ncrack/parser/package-lock.json create mode 100644 scanners/ncrack/parser/package.json create mode 100644 scanners/ncrack/parser/parser.js create mode 100644 scanners/ncrack/parser/parser.test.js diff --git a/scanners/ncrack/parser/.dockerignore b/scanners/ncrack/parser/.dockerignore new file mode 100644 index 00000000..40b878db --- /dev/null +++ b/scanners/ncrack/parser/.dockerignore @@ -0,0 +1 @@ +node_modules/ \ No newline at end of file diff --git a/scanners/ncrack/parser/.gitignore b/scanners/ncrack/parser/.gitignore new file mode 100644 index 00000000..40b878db --- /dev/null +++ b/scanners/ncrack/parser/.gitignore @@ -0,0 +1 @@ +node_modules/ \ No newline at end of file diff --git a/scanners/ncrack/parser/Dockerfile b/scanners/ncrack/parser/Dockerfile new file mode 100644 index 00000000..59918094 --- /dev/null +++ b/scanners/ncrack/parser/Dockerfile @@ -0,0 +1,11 @@ +ARG baseImageTag +FROM node:12-alpine as build +RUN mkdir -p /home/app +WORKDIR /home/app +COPY package.json package-lock.json ./ +RUN npm ci --production + +FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +WORKDIR /home/app/parser-wrapper/parser/ +COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ +COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml new file mode 100644 index 00000000..ad309335 --- /dev/null +++ b/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml @@ -0,0 +1,11 @@ + + + + + + + +
+ + + diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml new file mode 100644 index 00000000..10162071 --- /dev/null +++ b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml @@ -0,0 +1,15 @@ + + + + + + + +
+ + + +
+ + + \ No newline at end of file diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml new file mode 100644 index 00000000..f57b19f0 --- /dev/null +++ b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml @@ -0,0 +1,17 @@ + + + + + + + +
+ + + + +
+ + + + \ No newline at end of file diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_with_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_with_results.xml new file mode 100644 index 00000000..5365d089 --- /dev/null +++ b/scanners/ncrack/parser/__testFiles__/ncrack_with_results.xml @@ -0,0 +1,12 @@ + + + + + + + +
+ + + + diff --git a/scanners/ncrack/parser/package-lock.json b/scanners/ncrack/parser/package-lock.json new file mode 100644 index 00000000..ba93dcdc --- /dev/null +++ b/scanners/ncrack/parser/package-lock.json @@ -0,0 +1,153 @@ +{ + "name": "ncrack-parser", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "define-properties": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", + "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "requires": { + "object-keys": "^1.0.12" + } + }, + "es-abstract": { + "version": "1.14.2", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.14.2.tgz", + "integrity": "sha512-DgoQmbpFNOofkjJtKwr87Ma5EW4Dc8fWhD0R+ndq7Oc456ivUfGOOP6oAZTTKl5/CcNMP+EN+e3/iUzgE0veZg==", + "requires": { + "es-to-primitive": "^1.2.0", + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.0", + "is-callable": "^1.1.4", + "is-regex": "^1.0.4", + "object-inspect": "^1.6.0", + "object-keys": "^1.1.1", + "string.prototype.trimleft": "^2.0.0", + "string.prototype.trimright": "^2.0.0" + } + }, + "es-to-primitive": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.0.tgz", + "integrity": "sha512-qZryBOJjV//LaxLTV6UC//WewneB3LcXOL9NP++ozKVXsIIIpm/2c13UDiD9Jp2eThsecw9m3jPqDwTyobcdbg==", + "requires": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + } + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-symbols": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.0.tgz", + "integrity": "sha1-uhqPGvKg/DllD1yFA2dwQSIGO0Q=" + }, + "is-callable": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.4.tgz", + "integrity": "sha512-r5p9sxJjYnArLjObpjA4xu5EKI3CuKHkJXMhT7kwbpUyIFD1n5PMAsoPvWnvtZiNz7LjkYDRZhd7FlI0eMijEA==" + }, + "is-date-object": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.1.tgz", + "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=" + }, + "is-regex": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.4.tgz", + "integrity": "sha1-VRdIm1RwkbCTDglWVM7SXul+lJE=", + "requires": { + "has": "^1.0.1" + } + }, + "is-symbol": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.2.tgz", + "integrity": "sha512-HS8bZ9ox60yCJLH9snBpIwv9pYUAkcuLhSA1oero1UB5y9aiQpRA8y2ex945AOtCZL1lJDeIk3G5LthswI46Lw==", + "requires": { + "has-symbols": "^1.0.0" + } + }, + "object-inspect": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.6.0.tgz", + "integrity": "sha512-GJzfBZ6DgDAmnuaM3104jR4s1Myxr3Y3zfIyN4z3UdqN69oSRacNK8UhnobDdC+7J2AHCjGwxQubNJfE70SXXQ==" + }, + "object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==" + }, + "object.getownpropertydescriptors": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.0.3.tgz", + "integrity": "sha1-h1jIRvW0B62rDyNuCYbxSwUcqhY=", + "requires": { + "define-properties": "^1.1.2", + "es-abstract": "^1.5.1" + } + }, + "sax": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz", + "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==" + }, + "string.prototype.trimleft": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/string.prototype.trimleft/-/string.prototype.trimleft-2.1.0.tgz", + "integrity": "sha512-FJ6b7EgdKxxbDxc79cOlok6Afd++TTs5szo+zJTUyow3ycrRfJVE2pq3vcN53XexvKZu/DJMDfeI/qMiZTrjTw==", + "requires": { + "define-properties": "^1.1.3", + "function-bind": "^1.1.1" + } + }, + "string.prototype.trimright": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/string.prototype.trimright/-/string.prototype.trimright-2.1.0.tgz", + "integrity": "sha512-fXZTSV55dNBwv16uw+hh5jkghxSnc5oHq+5K/gXgizHwAvMetdAJlHqqoFC1FSDVPYWLkAKl2cxpUT41sV7nSg==", + "requires": { + "define-properties": "^1.1.3", + "function-bind": "^1.1.1" + } + }, + "util.promisify": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.0.tgz", + "integrity": "sha512-i+6qA2MPhvoKLuxnJNpXAGhg7HphQOSUq2LKMZD0m15EiskXUkMvKdF4Uui0WYeCUGea+o2cw/ZuwehtfsrNkA==", + "requires": { + "define-properties": "^1.1.2", + "object.getownpropertydescriptors": "^2.0.3" + } + }, + "xml2js": { + "version": "0.4.22", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.22.tgz", + "integrity": "sha512-MWTbxAQqclRSTnehWWe5nMKzI3VmJ8ltiJEco8akcC6j3miOhjjfzKum5sId+CWhfxdOs/1xauYr8/ZDBtQiRw==", + "requires": { + "sax": ">=0.6.0", + "util.promisify": "~1.0.0", + "xmlbuilder": "~11.0.0" + } + }, + "xmlbuilder": { + "version": "11.0.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==" + } + } +} diff --git a/scanners/ncrack/parser/package.json b/scanners/ncrack/parser/package.json new file mode 100644 index 00000000..0252ae96 --- /dev/null +++ b/scanners/ncrack/parser/package.json @@ -0,0 +1,14 @@ +{ + "name": "ncrack-parser", + "version": "1.0.0", + "description": "Parses result files for the type: 'ncrack-xml'", + "main": "", + "scripts": {}, + "keywords": [], + "author": "iteratec GmbH", + "license": "Apache-2.0", + "dependencies": { + "xml2js": "^0.4.22" + }, + "devDependencies": {} +} diff --git a/scanners/ncrack/parser/parser.js b/scanners/ncrack/parser/parser.js new file mode 100644 index 00000000..55aaedef --- /dev/null +++ b/scanners/ncrack/parser/parser.js @@ -0,0 +1,51 @@ +const xml2js = require('xml2js'); + +async function parse(fileContent) { + const { ncrackrun } = await transformXML(fileContent); + const findings = transformToFindings(ncrackrun); + return findings; +} + +function transformToFindings(ncrackrun) { + const portFindings = ncrackrun.service.flatMap(({ address, port, credentials = [] }) => { + const { addr: ipAddress } = address[0]['$']; + const { protocol, portid, name: portName } = port[0]['$']; + + return credentials.map(credential => { + const { username, password } = credential['$']; + + return { + name: `Credentials for Service ${portName}://${ipAddress}:${portid} discovered via bruteforce.`, + description: '', + category: 'Discovered Credentials', + location: `${portName}://${ipAddress}:${portid}`, + osi_layer: 'APPLICATION', + severity: 'HIGH', + attributes: { + port: portid, + ip_address: ipAddress, + protocol: protocol, + service: portName, + username, + password, + }, + }; + }); + }); + + return portFindings; +} + +function transformXML(fileContent) { + return new Promise((resolve, reject) => { + xml2js.parseString(fileContent, (err, xmlInput) => { + if (err) { + reject(new Error('Error converting XML to JSON in xml2js: ' + err)); + } else { + resolve(xmlInput); + } + }); + }); +} + +module.exports.parse = parse; diff --git a/scanners/ncrack/parser/parser.test.js b/scanners/ncrack/parser/parser.test.js new file mode 100644 index 00000000..ae1f52ef --- /dev/null +++ b/scanners/ncrack/parser/parser.test.js @@ -0,0 +1,101 @@ +const { parse } = require('./parser'); +const uuid = require('uuid/v4'); +const fs = require('fs'); + +it('should return no findings when ncrack has not found credentials', async () => { + // eslint-disable-next-line security/detect-non-literal-fs-filename + const ncrackXML = fs.readFileSync(__dirname + '/__testFiles__/ncrack_no_results.xml', { + encoding: 'utf8', + }); + const findings = await parse(ncrackXML); + + expect(findings.length).toBe(0); +}); + +it('should return findings when ncrack found credentials', async () => { + // eslint-disable-next-line security/detect-non-literal-fs-filename + const ncrackXML = fs.readFileSync(__dirname + '/__testFiles__/ncrack_with_results.xml', { + encoding: 'utf8', + }); + const [finding, ...otherFindings] = await parse(ncrackXML); + + expect(finding).toMatchInlineSnapshot(` + Object { + "attributes": Object { + "ip_address": "192.168.0.1", + "password": "aaf076d4fe7cfb63fd1628df91", + "port": "22", + "protocol": "tcp", + "service": "ssh", + "username": "root", + }, + "category": "Discovered Credentials", + "description": "", + "location": "ssh://192.168.0.1:22", + "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.", + "osi_layer": "APPLICATION", + "severity": "HIGH", + } + `); + expect(otherFindings.length).toBe(0); +}); + +it('should return no findings when ncrack has not found credentials scanning two services', async () => { + // eslint-disable-next-line security/detect-non-literal-fs-filename + const ncrackXML = fs.readFileSync( + __dirname + '/__testFiles__/ncrack_two_services_no_results.xml', + { + encoding: 'utf8', + } + ); + const findings = await parse(ncrackXML); + + expect(findings.length).toBe(0); +}); + +it('should return findings when ncrack found two credentials scanning two services', async () => { + // eslint-disable-next-line security/detect-non-literal-fs-filename + const ncrackXML = fs.readFileSync( + __dirname + '/__testFiles__/ncrack_two_services_with_results.xml', + { + encoding: 'utf8', + } + ); + + expect(await parse(ncrackXML)).toMatchInlineSnapshot(` + Array [ + Object { + "attributes": Object { + "ip_address": "192.168.0.2", + "password": "55994bcdabd8b0b69d4cb32919", + "port": "22", + "protocol": "tcp", + "service": "ssh", + "username": "root", + }, + "category": "Discovered Credentials", + "description": "", + "location": "ssh://192.168.0.2:22", + "name": "Credentials for Service ssh://192.168.0.2:22 discovered via bruteforce.", + "osi_layer": "APPLICATION", + "severity": "HIGH", + }, + Object { + "attributes": Object { + "ip_address": "192.168.0.1", + "password": "2a4707625af87d8d4302ad226d", + "port": "22", + "protocol": "tcp", + "service": "ssh", + "username": "root", + }, + "category": "Discovered Credentials", + "description": "", + "location": "ssh://192.168.0.1:22", + "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.", + "osi_layer": "APPLICATION", + "severity": "HIGH", + }, + ] + `); +}); \ No newline at end of file From 516c0398618c18990867130f331efd2703dab3a8 Mon Sep 17 00:00:00 2001 From: sebie Date: Thu, 3 Sep 2020 12:06:43 +0200 Subject: [PATCH 057/235] Templates --- scanners/ncrack/.helmignore | 5 +++++ scanners/ncrack/Chart.yaml | 20 ++++++++++++++++++ scanners/ncrack/examples/raspberry/scan.yaml | 8 +++++++ .../templates/ncrack-parse-definition.yaml | 7 +++++++ .../ncrack/templates/ncrack-scan-type.yaml | 21 +++++++++++++++++++ scanners/ncrack/values.yaml | 15 +++++++++++++ 6 files changed, 76 insertions(+) create mode 100644 scanners/ncrack/.helmignore create mode 100644 scanners/ncrack/Chart.yaml create mode 100644 scanners/ncrack/examples/raspberry/scan.yaml create mode 100644 scanners/ncrack/templates/ncrack-parse-definition.yaml create mode 100644 scanners/ncrack/templates/ncrack-scan-type.yaml create mode 100644 scanners/ncrack/values.yaml diff --git a/scanners/ncrack/.helmignore b/scanners/ncrack/.helmignore new file mode 100644 index 00000000..2b6e53d7 --- /dev/null +++ b/scanners/ncrack/.helmignore @@ -0,0 +1,5 @@ +.DS_Store + +parser/ +scanner/ +examples/ \ No newline at end of file diff --git a/scanners/ncrack/Chart.yaml b/scanners/ncrack/Chart.yaml new file mode 100644 index 00000000..683f24ea --- /dev/null +++ b/scanners/ncrack/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: ncrack +description: A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. + +type: application +version: 0.1.0 +appVersion: 0.7 + +keywords: +- security +- ncrack +- scanner +- secureCodeBox +home: https://www.securecodebox.io/scanners/ncrack +icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg +sources: +- https://github.com/secureCodeBox/secureCodeBox +maintainers: +- name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/ncrack/examples/raspberry/scan.yaml b/scanners/ncrack/examples/raspberry/scan.yaml new file mode 100644 index 00000000..e37f073f --- /dev/null +++ b/scanners/ncrack/examples/raspberry/scan.yaml @@ -0,0 +1,8 @@ +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "raspberry" +spec: + scanType: "ncrack" + parameters: + - ssh://192.168.178.83 \ No newline at end of file diff --git a/scanners/ncrack/templates/ncrack-parse-definition.yaml b/scanners/ncrack/templates/ncrack-parse-definition.yaml new file mode 100644 index 00000000..c7b3f7df --- /dev/null +++ b/scanners/ncrack/templates/ncrack-parse-definition.yaml @@ -0,0 +1,7 @@ +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: ParseDefinition +metadata: + name: "ncrack-xml" +spec: + handlesResultsType: ncrack-xml + image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml new file mode 100644 index 00000000..a0233b72 --- /dev/null +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -0,0 +1,21 @@ +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: ScanType +metadata: + name: "ncrack" +spec: + extractResults: + type: ncrack-xml + location: "/home/securecodebox/ncrack-results.xml" + jobTemplate: + spec: + ttlSecondsAfterFinished: 10 + backoffLimit: 3 + template: + spec: + restartPolicy: OnFailure + containers: + - name: ncrack + image: scbexperimental/ncrack:0.7 + command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"] + resources: + {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml new file mode 100644 index 00000000..3f71e04a --- /dev/null +++ b/scanners/ncrack/values.yaml @@ -0,0 +1,15 @@ +parserImage: + registry: docker.io + repository: scbexperimental/parser-ncrack + tag: latest + +scannerJob: + resources: {} +# scannerJob: +# resources: +# requests: +# memory: "256Mi" +# cpu: "250m" +# limits: +# memory: "512Mi" +# cpu: "500m" From 1c0f0ece8c1c418ca9d6a410d4d04eed667c9e1f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 3 Sep 2020 13:39:12 +0200 Subject: [PATCH 058/235] Delete target implementation This will likely come back in a simmilar form in a future feature release of the secureCodeBox --- operator/apis/targets/v1/groupversion_info.go | 36 --- operator/apis/targets/v1/host_types.go | 82 ------ .../apis/targets/v1/zz_generated.deepcopy.go | 135 ---------- ...s.experimental.securecodebox.io_hosts.yaml | 124 --------- .../crd/patches/cainjection_in_hosts.yaml | 8 - operator/config/rbac/role.yaml | 20 -- .../controllers/targets/host_controller.go | 236 ------------------ operator/controllers/targets/suite_test.go | 81 ------ ...s.experimental.securecodebox.io_hosts.yaml | 124 --------- operator/go.sum | 1 + operator/main.go | 11 - operator/templates/rbac/role.yaml | 20 -- 12 files changed, 1 insertion(+), 877 deletions(-) delete mode 100644 operator/apis/targets/v1/groupversion_info.go delete mode 100644 operator/apis/targets/v1/host_types.go delete mode 100644 operator/apis/targets/v1/zz_generated.deepcopy.go delete mode 100644 operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml delete mode 100644 operator/config/crd/patches/cainjection_in_hosts.yaml delete mode 100644 operator/controllers/targets/host_controller.go delete mode 100644 operator/controllers/targets/suite_test.go delete mode 100644 operator/crds/targets.experimental.securecodebox.io_hosts.yaml diff --git a/operator/apis/targets/v1/groupversion_info.go b/operator/apis/targets/v1/groupversion_info.go deleted file mode 100644 index f81c0a2f..00000000 --- a/operator/apis/targets/v1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1 contains API Schema definitions for the targets v1 API group -// +kubebuilder:object:generate=true -// +groupName=targets.experimental.securecodebox.io -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "targets.experimental.securecodebox.io", Version: "v1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/operator/apis/targets/v1/host_types.go b/operator/apis/targets/v1/host_types.go deleted file mode 100644 index e09061b0..00000000 --- a/operator/apis/targets/v1/host_types.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// HostSpec defines the desired state of Host -type HostSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // Hostname contains the dns name of the host - // TODO: Add an IPAddress Field - Hostname string `json:"hostname"` - - Ports []HostPort `json:"ports"` -} - -// HostPort describes a Port of a Host -type HostPort struct { - Type string `json:"type"` - // The port number - // +kubebuilder:validation:Minimum=0 - // +kubebuilder:validation:Maximun=65536 - Port int32 `json:"port" protobuf:"varint,2,opt,name=port"` -} - -// HostStatus defines the observed state of Host -type HostStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file - - Findings executionv1.FindingStats `json:"findings,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:printcolumn:name="Hostname",type=string,JSONPath=`.spec.hostname` -// +kubebuilder:printcolumn:name="Ports",type=string,JSONPath=`.spec.ports`,description="Ports of the Host" -// +kubebuilder:printcolumn:name="Findings",type=string,JSONPath=`.status.findings.count`,description="Total Finding Count" - -// Host is the Schema for the hosts API -type Host struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec HostSpec `json:"spec,omitempty"` - Status HostStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// HostList contains a list of Host -type HostList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Host `json:"items"` -} - -func init() { - SchemeBuilder.Register(&Host{}, &HostList{}) -} diff --git a/operator/apis/targets/v1/zz_generated.deepcopy.go b/operator/apis/targets/v1/zz_generated.deepcopy.go deleted file mode 100644 index 03c8fc67..00000000 --- a/operator/apis/targets/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,135 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Host) DeepCopyInto(out *Host) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Host. -func (in *Host) DeepCopy() *Host { - if in == nil { - return nil - } - out := new(Host) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Host) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostList) DeepCopyInto(out *HostList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Host, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostList. -func (in *HostList) DeepCopy() *HostList { - if in == nil { - return nil - } - out := new(HostList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *HostList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostPort) DeepCopyInto(out *HostPort) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPort. -func (in *HostPort) DeepCopy() *HostPort { - if in == nil { - return nil - } - out := new(HostPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostSpec) DeepCopyInto(out *HostSpec) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]HostPort, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostSpec. -func (in *HostSpec) DeepCopy() *HostSpec { - if in == nil { - return nil - } - out := new(HostSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostStatus) DeepCopyInto(out *HostStatus) { - *out = *in - in.Findings.DeepCopyInto(&out.Findings) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostStatus. -func (in *HostStatus) DeepCopy() *HostStatus { - if in == nil { - return nil - } - out := new(HostStatus) - in.DeepCopyInto(out) - return out -} diff --git a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml b/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/config/crd/patches/cainjection_in_hosts.yaml b/operator/config/crd/patches/cainjection_in_hosts.yaml deleted file mode 100644 index 356ddfed..00000000 --- a/operator/config/crd/patches/cainjection_in_hosts.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: hosts.targets.experimental.securecodebox.io diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update diff --git a/operator/controllers/targets/host_controller.go b/operator/controllers/targets/host_controller.go deleted file mode 100644 index 149af8ac..00000000 --- a/operator/controllers/targets/host_controller.go +++ /dev/null @@ -1,236 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - "reflect" - "time" - - "github.com/go-logr/logr" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - ctrl "sigs.k8s.io/controller-runtime" - - "sigs.k8s.io/controller-runtime/pkg/client" - - executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" -) - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// HostReconciler reconciles a Host object -type HostReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -type ScanTemplates struct { - Port int32 - Type string - ScanSpec executionv1.ScanSpec -} - -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans,verbs=get;list;create -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans/status,verbs=get - -// Reconcile comapares the Host Resource with the State of the Cluster and updates both accordingly -func (r *HostReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log.WithValues("host", req.NamespacedName) - - var host targetsv1.Host - if err := r.Get(ctx, req.NamespacedName, &host); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Host") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - scanTemplates := CreateScanTemplatesForHost(host) - - for _, scanTemplate := range scanTemplates { - scanName := fmt.Sprintf("%s-%s-%d", host.Name, scanTemplate.ScanSpec.ScanType, scanTemplate.Port) - - var scan executionv1.ScheduledScan - err := r.Get(ctx, types.NamespacedName{Name: scanName, Namespace: req.Namespace}, &scan) - if err != nil && apierrors.IsNotFound(err) { - // Scan doesn't exists yet. Thats allright, as we are going to create it directly after this :) - } else if err != nil { - log.Error(err, "Failed to lookup ScheduledScan for Host") - return ctrl.Result{}, err - } else { - log.V(4).Info("Wont create Scan for Host as the Scan already exists", "ScheduledScanName", scanName) - continue - } - - scan = executionv1.ScheduledScan{ - ObjectMeta: metav1.ObjectMeta{ - Name: scanName, - Namespace: host.Namespace, - }, - Spec: executionv1.ScheduledScanSpec{ - ScanSpec: &scanTemplate.ScanSpec, - Interval: metav1.Duration{Duration: 24 * time.Hour}, - HistoryLimit: 1, - }, - } - if err := ctrl.SetControllerReference(&host, &scan, r.Scheme); err != nil { - log.Error(err, "unable to set owner reference on ScheduledScan") - return ctrl.Result{}, err - } - - if err := r.Create(ctx, &scan); err != nil { - log.Error(err, "unable to create ScheduledScan for Host", "host", host.Name) - return ctrl.Result{}, err - } - log.Info("Created ScheduledScan for Target", "ScheduledScan", scanName) - } - - // Update Targets Findings Status - var childScans executionv1.ScheduledScanList - if err := r.List(ctx, &childScans, client.InNamespace(req.Namespace), client.MatchingFields{ownerKey: req.Name}); err != nil { - log.Error(err, "unable to list child ScheduledScans") - return ctrl.Result{}, err - } - - totalStats := executionv1.FindingStats{ - Count: 0, - FindingSeverities: executionv1.FindingSeverities{ - Informational: 0, - Low: 0, - Medium: 0, - High: 0, - }, - FindingCategories: map[string]uint64{}, - } - for _, scan := range childScans.Items { - stats := scan.Status.Findings - - totalStats.Count += stats.Count - totalStats.FindingSeverities.Informational += stats.FindingSeverities.Informational - totalStats.FindingSeverities.Low += stats.FindingSeverities.Low - totalStats.FindingSeverities.Medium += stats.FindingSeverities.Medium - totalStats.FindingSeverities.High += stats.FindingSeverities.High - - for key, value := range stats.FindingCategories { - if _, ok := totalStats.FindingCategories[key]; ok { - totalStats.FindingCategories[key] += value - } else { - totalStats.FindingCategories[key] = value - } - } - } - - if !reflect.DeepEqual(host.Status.Findings, totalStats) { - log.V(0).Info("Updating ScheduledScans Findings as they appear to have changed") - host.Status.Findings = *totalStats.DeepCopy() - if err := r.Status().Update(ctx, &host); err != nil { - log.Error(err, "unable to update Host status") - return ctrl.Result{}, err - } - } - - return ctrl.Result{}, nil -} - -// CreateScanTemplatesForHost defines which scans should be created for a Host -func CreateScanTemplatesForHost(host targetsv1.Host) []ScanTemplates { - var scanTemplates []ScanTemplates - - for _, port := range host.Spec.Ports { - if port.Type == "ssh" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "ssh-scan", - Parameters: []string{"--target", host.Spec.Hostname, "--port", fmt.Sprintf("%d", port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "zap-baseline", - Parameters: []string{"-t", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "nikto", - Parameters: []string{"-h", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port), "-Tuning", "1,2,3,5,7,b"}, - }, - }) - } - if port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "sslyze", - Parameters: []string{"--regular", fmt.Sprintf("%s:%d", host.Spec.Hostname, port.Port)}, - }, - }) - } - } - - return scanTemplates -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *HostReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&executionv1.ScheduledScan{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the scan object, extract the owner... - scheduledScan := rawObj.(*executionv1.ScheduledScan) - owner := metav1.GetControllerOf(scheduledScan) - if owner == nil { - return nil - } - // ...make sure it's a Scan belonging to a Host... - if owner.APIVersion != apiGVStr || owner.Kind != "Host" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - return ctrl.NewControllerManagedBy(mgr). - For(&targetsv1.Host{}). - Owns(&executionv1.ScheduledScan{}). - Complete(r) -} diff --git a/operator/controllers/targets/suite_test.go b/operator/controllers/targets/suite_test.go deleted file mode 100644 index fde80700..00000000 --- a/operator/controllers/targets/suite_test.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - err = targetsv1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml b/operator/crds/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/go.sum b/operator/go.sum index c54b01e6..5083a63c 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -255,6 +255,7 @@ github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uY github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v2.0.0-rc.1+incompatible h1:beH1o7Y/nuUUkE0OutEPMkJ6ml+jnq27CFGWJq1NFS0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/operator/main.go b/operator/main.go index b25365a4..ac4dc3e8 100644 --- a/operator/main.go +++ b/operator/main.go @@ -28,10 +28,8 @@ import ( cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/cascading/v1" executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/targets/v1" executioncontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution" scancontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution/scans" - targetscontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/targets" // +kubebuilder:scaffold:imports ) @@ -44,7 +42,6 @@ func init() { _ = clientgoscheme.AddToScheme(scheme) _ = executionv1.AddToScheme(scheme) - _ = targetsv1.AddToScheme(scheme) _ = cascadingv1.AddToScheme(scheme) // +kubebuilder:scaffold:scheme } @@ -88,14 +85,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "ScheduledScan") os.Exit(1) } - if err = (&targetscontroller.HostReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Host"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Host") - os.Exit(1) - } // +kubebuilder:scaffold:builder setupLog.Info("starting manager") diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/templates/rbac/role.yaml +++ b/operator/templates/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update From a3678e9a1bb563a01dfd67f1ad97ac36d4201b5f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 3 Sep 2020 14:01:36 +0200 Subject: [PATCH 059/235] Properly remove test file from lurcher --- lurcher/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/lurcher/Dockerfile b/lurcher/Dockerfile index 5e55aab5..dc32c8d4 100644 --- a/lurcher/Dockerfile +++ b/lurcher/Dockerfile @@ -20,7 +20,6 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o lurcher FROM gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/lurcher . -COPY result.xml /home/securecodebox/result.xml USER nonroot:nonroot ENTRYPOINT ["/lurcher"] From 9b3a6ac928c4b3f3c1638c13883a57bfc024e446 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 3 Sep 2020 14:03:18 +0200 Subject: [PATCH 060/235] Upgrade to golang 1.15 in operator and lurcher --- .github/workflows/ci.yaml | 4 ++-- lurcher/Dockerfile | 2 +- lurcher/go.mod | 2 +- operator/Dockerfile | 2 +- operator/go.mod | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b3c51c6a..3b06348d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Operator Go Code" run: | cd operator/ @@ -79,7 +79,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Lurcher Go Code" run: | cd lurcher/ diff --git a/lurcher/Dockerfile b/lurcher/Dockerfile index dc32c8d4..38d1d11b 100644 --- a/lurcher/Dockerfile +++ b/lurcher/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/lurcher/go.mod b/lurcher/go.mod index 69375b67..432b7b95 100644 --- a/lurcher/go.mod +++ b/lurcher/go.mod @@ -1,6 +1,6 @@ module github.com/secureCodeBox/secureCodeBox-v2/lurcher -go 1.13 +go 1.15 require ( k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb diff --git a/operator/Dockerfile b/operator/Dockerfile index 42586593..6b5600ec 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/operator/go.mod b/operator/go.mod index 91d1c649..1049ceba 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -1,6 +1,6 @@ module github.com/secureCodeBox/secureCodeBox-v2/operator -go 1.13 +go 1.15 require ( github.com/go-logr/logr v0.1.0 From 79500ae7e879acdf846b164f2794e02925faf00a Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 4 Sep 2020 12:53:04 +0200 Subject: [PATCH 061/235] Merge branch 'master' into telemetry --- .github/workflows/ci.yaml | 6 +- README.md | 2 +- auto-discovery/kubernetes/.gitignore | 24 - auto-discovery/kubernetes/Dockerfile | 27 - auto-discovery/kubernetes/Makefile | 80 --- auto-discovery/kubernetes/PROJECT | 3 - .../config/certmanager/certificate.yaml | 26 - .../config/certmanager/kustomization.yaml | 5 - .../config/certmanager/kustomizeconfig.yaml | 16 - .../config/default/kustomization.yaml | 70 --- .../default/manager_auth_proxy_patch.yaml | 25 - .../config/default/manager_webhook_patch.yaml | 23 - .../default/webhookcainjection_patch.yaml | 15 - .../config/manager/kustomization.yaml | 2 - .../kubernetes/config/manager/manager.yaml | 39 -- .../config/prometheus/kustomization.yaml | 2 - .../kubernetes/config/prometheus/monitor.yaml | 16 - .../rbac/auth_proxy_client_clusterrole.yaml | 7 - .../config/rbac/auth_proxy_role.yaml | 13 - .../config/rbac/auth_proxy_role_binding.yaml | 12 - .../config/rbac/auth_proxy_service.yaml | 14 - .../kubernetes/config/rbac/kustomization.yaml | 12 - .../config/rbac/leader_election_role.yaml | 32 -- .../rbac/leader_election_role_binding.yaml | 12 - .../kubernetes/config/rbac/role.yaml | 22 - .../kubernetes/config/rbac/role_binding.yaml | 12 - .../config/webhook/kustomization.yaml | 6 - .../config/webhook/kustomizeconfig.yaml | 25 - .../kubernetes/config/webhook/service.yaml | 12 - .../controllers/ingress_scan_controller.go | 202 -------- .../kubernetes/controllers/suite_test.go | 76 --- auto-discovery/kubernetes/go.mod | 16 - auto-discovery/kubernetes/go.sum | 470 ------------------ .../kubernetes/hack/boilerplate.go.txt | 15 - auto-discovery/kubernetes/main.go | 86 ---- auto-discovery/readme.md | 16 - docs/adr/adr_0002.adoc | 182 +++++++ .../templates/NOTES.txt | 2 +- lurcher/Dockerfile | 3 +- lurcher/go.mod | 4 +- lurcher/job.yaml | 57 --- lurcher/result.xml | 1 - operator/Dockerfile | 2 +- operator/PROJECT | 2 +- .../apis/cascading/v1/cascadingrule_types.go | 2 +- operator/apis/targets/v1/groupversion_info.go | 36 -- operator/apis/targets/v1/host_types.go | 82 --- .../apis/targets/v1/zz_generated.deepcopy.go | 135 ----- ...s.experimental.securecodebox.io_hosts.yaml | 124 ----- .../crd/patches/cainjection_in_hosts.yaml | 8 - operator/config/rbac/role.yaml | 20 - .../execution/scans/hook_reconciler.go | 4 +- operator/controllers/execution/scans/job.go | 2 +- .../execution/scans/parse_reconciler.go | 4 +- .../execution/scans/scan_controller.go | 2 +- .../execution/scans/scan_reconciler.go | 4 +- .../execution/scheduledscan_controller.go | 2 +- operator/controllers/execution/suite_test.go | 2 +- .../controllers/targets/host_controller.go | 236 --------- operator/controllers/targets/suite_test.go | 81 --- ...s.experimental.securecodebox.io_hosts.yaml | 124 ----- operator/go.mod | 4 +- operator/go.sum | 3 +- operator/internal/telemetry/telemetry.go | 2 +- operator/main.go | 21 +- operator/templates/rbac/role.yaml | 20 - package.json | 6 +- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 20 +- scanners/amass/examples/example.com/README.md | 9 + scanners/nmap/README.md | 2 +- scanners/ssh_scan/README.md | 2 +- scanners/zap/README.md | 7 +- 73 files changed, 240 insertions(+), 2420 deletions(-) delete mode 100644 auto-discovery/kubernetes/.gitignore delete mode 100644 auto-discovery/kubernetes/Dockerfile delete mode 100644 auto-discovery/kubernetes/Makefile delete mode 100644 auto-discovery/kubernetes/PROJECT delete mode 100644 auto-discovery/kubernetes/config/certmanager/certificate.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/default/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/manager.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/monitor.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/service.yaml delete mode 100644 auto-discovery/kubernetes/controllers/ingress_scan_controller.go delete mode 100644 auto-discovery/kubernetes/controllers/suite_test.go delete mode 100644 auto-discovery/kubernetes/go.mod delete mode 100644 auto-discovery/kubernetes/go.sum delete mode 100644 auto-discovery/kubernetes/hack/boilerplate.go.txt delete mode 100644 auto-discovery/kubernetes/main.go delete mode 100644 auto-discovery/readme.md create mode 100644 docs/adr/adr_0002.adoc delete mode 100644 lurcher/job.yaml delete mode 100644 lurcher/result.xml delete mode 100644 operator/apis/targets/v1/groupversion_info.go delete mode 100644 operator/apis/targets/v1/host_types.go delete mode 100644 operator/apis/targets/v1/zz_generated.deepcopy.go delete mode 100644 operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml delete mode 100644 operator/config/crd/patches/cainjection_in_hosts.yaml delete mode 100644 operator/controllers/targets/host_controller.go delete mode 100644 operator/controllers/targets/suite_test.go delete mode 100644 operator/crds/targets.experimental.securecodebox.io_hosts.yaml create mode 100644 scanners/amass/examples/example.com/README.md diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c4f36b60..df05aaf0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Operator Go Code" run: | cd operator/ @@ -83,7 +83,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Lurcher Go Code" run: | cd lurcher/ @@ -320,7 +320,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - k8sVersion: ["1.18.6", "1.17.5", "1.16.9", "1.15.11"] + k8sVersion: ["1.19.0", "1.18.8", "1.17.5", "1.16.9"] steps: - uses: actions/checkout@master - name: "Start kind cluster" diff --git a/README.md b/README.md index 79645992..36edf449 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Prerequisites -- kubernetes (last 4 major releases supported: `1.15`, `1.16`, `1.17` & `1.18`) +- kubernetes (last 4 major releases supported: `1.16`, `1.17`, `1.18` & `1.19`) ### Deployment (based on Helm) diff --git a/auto-discovery/kubernetes/.gitignore b/auto-discovery/kubernetes/.gitignore deleted file mode 100644 index d97ffc51..00000000 --- a/auto-discovery/kubernetes/.gitignore +++ /dev/null @@ -1,24 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -.idea -*.swp -*.swo -*~ diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile deleted file mode 100644 index 74eb9d74..00000000 --- a/auto-discovery/kubernetes/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Build the manager binary -FROM golang:1.13 as builder - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ - -# Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY --from=builder /workspace/manager . -USER nonroot:nonroot - -ENTRYPOINT ["/manager"] diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile deleted file mode 100644 index 5da22b5b..00000000 --- a/auto-discovery/kubernetes/Makefile +++ /dev/null @@ -1,80 +0,0 @@ - -# Image URL to use all building/pushing image targets -IMG ?= controller:latest -# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true" - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -all: manager - -# Run tests -test: generate fmt vet manifests - go test ./... -coverprofile cover.out - -# Build manager binary -manager: generate fmt vet - go build -o bin/manager main.go - -# Run against the configured Kubernetes cluster in ~/.kube/config -run: generate fmt vet manifests - go run ./main.go - -# Install CRDs into a cluster -install: manifests - kustomize build config/crd | kubectl apply -f - - -# Uninstall CRDs from a cluster -uninstall: manifests - kustomize build config/crd | kubectl delete -f - - -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests - cd config/manager && kustomize edit set image controller=${IMG} - kustomize build config/default | kubectl apply -f - - -# Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases - -# Run go fmt against code -fmt: - go fmt ./... - -# Run go vet against code -vet: - go vet ./... - -# Generate code -generate: controller-gen - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - -# Build the docker image -docker-build: test - docker build . -t ${IMG} - -# Push the docker image -docker-push: - docker push ${IMG} - -# find or download controller-gen -# download controller-gen if necessary -controller-gen: -ifeq (, $(shell which controller-gen)) - @{ \ - set -e ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$CONTROLLER_GEN_TMP_DIR ;\ - go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ - rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ - } -CONTROLLER_GEN=$(GOBIN)/controller-gen -else -CONTROLLER_GEN=$(shell which controller-gen) -endif diff --git a/auto-discovery/kubernetes/PROJECT b/auto-discovery/kubernetes/PROJECT deleted file mode 100644 index 12d65693..00000000 --- a/auto-discovery/kubernetes/PROJECT +++ /dev/null @@ -1,3 +0,0 @@ -domain: securecodebox.io -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha/cloud-integrations/kubernetes -version: "2" diff --git a/auto-discovery/kubernetes/config/certmanager/certificate.yaml b/auto-discovery/kubernetes/config/certmanager/certificate.yaml deleted file mode 100644 index 58db114f..00000000 --- a/auto-discovery/kubernetes/config/certmanager/certificate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml b/auto-discovery/kubernetes/config/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a5..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index 90d7c313..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/auto-discovery/kubernetes/config/default/kustomization.yaml b/auto-discovery/kubernetes/config/default/kustomization.yaml deleted file mode 100644 index 4d371fdb..00000000 --- a/auto-discovery/kubernetes/config/default/kustomization.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Adds namespace to all resources. -namespace: kubernetes-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: kubernetes- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 77e743d1..00000000 --- a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" diff --git a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml b/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de350..00000000 --- a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml b/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 7e79bf99..00000000 --- a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/auto-discovery/kubernetes/config/manager/kustomization.yaml b/auto-discovery/kubernetes/config/manager/kustomization.yaml deleted file mode 100644 index 5c5f0b84..00000000 --- a/auto-discovery/kubernetes/config/manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- manager.yaml diff --git a/auto-discovery/kubernetes/config/manager/manager.yaml b/auto-discovery/kubernetes/config/manager/manager.yaml deleted file mode 100644 index b6c85a52..00000000 --- a/auto-discovery/kubernetes/config/manager/manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - command: - - /manager - args: - - --enable-leader-election - image: controller:latest - name: manager - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - terminationGracePeriodSeconds: 10 diff --git a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168..00000000 --- a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/auto-discovery/kubernetes/config/prometheus/monitor.yaml b/auto-discovery/kubernetes/config/prometheus/monitor.yaml deleted file mode 100644 index 9b8047b7..00000000 --- a/auto-discovery/kubernetes/config/prometheus/monitor.yaml +++ /dev/null @@ -1,16 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - selector: - matchLabels: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 7d62534c..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 618f5e41..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 48ed1e4b..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 6cf656be..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/kustomization.yaml b/auto-discovery/kubernetes/config/rbac/kustomization.yaml deleted file mode 100644 index 66c28338..00000000 --- a/auto-discovery/kubernetes/config/rbac/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml deleted file mode 100644 index eaa79158..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index eed16906..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml deleted file mode 100644 index 62af5353..00000000 --- a/auto-discovery/kubernetes/config/rbac/role.yaml +++ /dev/null @@ -1,22 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - networking - resources: - - ingress - verbs: - - get - - list - - watch -- apiGroups: - - networking - resources: - - ingress/status - verbs: - - get diff --git a/auto-discovery/kubernetes/config/rbac/role_binding.yaml b/auto-discovery/kubernetes/config/rbac/role_binding.yaml deleted file mode 100644 index 8f265870..00000000 --- a/auto-discovery/kubernetes/config/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/webhook/kustomization.yaml b/auto-discovery/kubernetes/config/webhook/kustomization.yaml deleted file mode 100644 index 9cf26134..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: -- manifests.yaml -- service.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml deleted file mode 100644 index 25e21e3c..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# the following config is for teaching kustomize where to look at when substituting vars. -# It requires kustomize v2.1.0 or newer to work properly. -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true - -varReference: -- path: metadata/annotations diff --git a/auto-discovery/kubernetes/config/webhook/service.yaml b/auto-discovery/kubernetes/config/webhook/service.yaml deleted file mode 100644 index 31e0f829..00000000 --- a/auto-discovery/kubernetes/config/webhook/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go b/auto-discovery/kubernetes/controllers/ingress_scan_controller.go deleted file mode 100644 index 76c3dd4d..00000000 --- a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go +++ /dev/null @@ -1,202 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - - "github.com/go-logr/logr" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - - networking "k8s.io/api/networking/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/predicate" -) - -// IngressScanReconciler reconciles a DeleteMe object -type IngressScanReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// +kubebuilder:rbac:groups=networking,resources=ingress,verbs=get;list;watch -// +kubebuilder:rbac:groups=networking,resources=ingress/status,verbs=get - -// Reconcile compares the Ingress object against the state of the cluster and updates both if needed -func (r *IngressScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log - - log.Info("Something happened to a ingress", "ingress", req.Name, "namespace", req.Namespace) - - var ingress networking.Ingress - if err := r.Get(ctx, req.NamespacedName, &ingress); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Ingress") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - err := r.CreateOrUpdateTlsForHosts(ingress) - if err != nil { - return ctrl.Result{}, err - } - - return ctrl.Result{}, nil -} - -func (r *IngressScanReconciler) CreateOrUpdateTlsForHosts(ingress networking.Ingress) error { - if ingress.Spec.TLS == nil { - return nil - } - - for _, tlsConfig := range ingress.Spec.TLS { - for _, hostname := range tlsConfig.Hosts { - - var hostTargets targetsv1.HostList - - // Check if there is a target already, or create one - r.List( - context.Background(), - &hostTargets, - client.InNamespace(ingress.Namespace), - client.MatchingField(ownerKey, ingress.Name), - ) - r.Log.Info("Listed hosts", "Length", len(hostTargets.Items)) - - host := targetsv1.Host{} - - found := false - // Check if the ingress has a child Host with a matching Hostname - for _, hostItem := range hostTargets.Items { - r.Log.Info("Comparing Hostnames", "LoopyHostname", hostItem.Spec.Hostname, "IngressHostname", hostname) - if hostItem.Spec.Hostname == hostname { - r.Log.Info("Found Host") - found = true - host = hostItem - } - } - if found == false { - host.GenerateName = fmt.Sprintf("%s-", ingress.Name) - host.Namespace = ingress.Namespace - host.Spec.Hostname = hostname - host.Spec.Ports = make([]targetsv1.HostPort, 0) - - if err := ctrl.SetControllerReference(&ingress, &host, r.Scheme); err != nil { - return err - } - - err := r.Create(context.Background(), &host) - if err != nil { - r.Log.Error(err, "unable to create host") - return err - } - } - - containsHTTPSPort := false - if host.Spec.Ports == nil { - host.Spec.Ports = make([]targetsv1.HostPort, 0) - } - for _, port := range host.Spec.Ports { - if port.Port == 443 { - containsHTTPSPort = true - break - } - } - - if containsHTTPSPort == false { - httpsPort := targetsv1.HostPort{ - Type: "https", - Port: 443, - } - host.Spec.Ports = append(host.Spec.Ports, httpsPort) - - err := r.Update(context.Background(), &host) - if err != nil { - r.Log.Error(err, "Failed to add https port to target") - return err - } - } - } - } - - return nil -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *IngressScanReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&targetsv1.Host{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the job object, extract the owner... - host := rawObj.(*targetsv1.Host) - owner := metav1.GetControllerOf(host) - if owner == nil { - return nil - } - // ...make sure it's a Host... - if owner.APIVersion != "networking.k8s.io/v1beta1" || owner.Kind != "Ingress" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - isInDemoNamespaceFilter := predicate.Funcs{ - CreateFunc: func(event event.CreateEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - DeleteFunc: func(event event.DeleteEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - UpdateFunc: func(event event.UpdateEvent) bool { - if val, ok := event.MetaNew.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.MetaNew.GetNamespace() == "juice-shop" || event.MetaNew.GetNamespace() == "bodgeit" - }, - GenericFunc: func(event event.GenericEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - } - - return ctrl.NewControllerManagedBy(mgr). - For(&networking.Ingress{}).WithEventFilter(isInDemoNamespaceFilter). - Complete(r) -} diff --git a/auto-discovery/kubernetes/controllers/suite_test.go b/auto-discovery/kubernetes/controllers/suite_test.go deleted file mode 100644 index e3184e08..00000000 --- a/auto-discovery/kubernetes/controllers/suite_test.go +++ /dev/null @@ -1,76 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod deleted file mode 100644 index cd684be0..00000000 --- a/auto-discovery/kubernetes/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes - -go 1.13 - -require ( - github.com/go-logr/logr v0.1.0 - github.com/onsi/ginkgo v1.11.0 - github.com/onsi/gomega v1.8.1 - github.com/secureCodeBox/secureCodeBox-v2-alpha/operator v0.0.0 - k8s.io/api v0.17.2 - k8s.io/apimachinery v0.17.2 - k8s.io/client-go v0.17.2 - sigs.k8s.io/controller-runtime v0.5.2 -) - -replace github.com/secureCodeBox/secureCodeBox-v2-alpha/operator => ../../operator diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum deleted file mode 100644 index b063e04c..00000000 --- a/auto-discovery/kubernetes/go.sum +++ /dev/null @@ -1,470 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= -github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54= -github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= -github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= -github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= -github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= -github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= -github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= -github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= -github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= -github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= -github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= -github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= -github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 h1:u4bArs140e9+AfE52mFHOXVFnOSBJBRlzTHrOPLOIhE= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk= -github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/minio/minio-go/v6 v6.0.50/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= -github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= -github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200421122123-57178734d6e9 h1:S/FoesxDuE1/lj2iYpCgPdJXj4Gqe81BfuzTao+kIng= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69 h1:rOhMmluY6kLMhdnrivzec6lLgaVbMHMn2ISQXJeJ5EM= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0= -gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.17.2 h1:NF1UFXcKN7/OOv1uxdRz3qfra8AHsPav5M93hlV9+Dc= -k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= -k8s.io/apiextensions-apiserver v0.17.2 h1:cP579D2hSZNuO/rZj9XFRzwJNYb41DbNANJb6Kolpss= -k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs= -k8s.io/apimachinery v0.17.2 h1:hwDQQFbdRlpnnsR64Asdi55GyCaIP/3WQpMmbNBeWr4= -k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= -k8s.io/client-go v0.17.2 h1:ndIfkfXEGrNhLIgkr0+qhRguSD3u6DCmonepn1O6NYc= -k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI= -k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo= -sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8= -sigs.k8s.io/controller-runtime v0.5.2 h1:pyXbUfoTo+HA3jeIfr0vgi+1WtmNh0CwlcnQGLXwsSw= -sigs.k8s.io/controller-runtime v0.5.2/go.mod h1:JZUwSMVbxDupo0lTJSSFP5pimEyxGynROImSsqIOx1A= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/auto-discovery/kubernetes/hack/boilerplate.go.txt b/auto-discovery/kubernetes/hack/boilerplate.go.txt deleted file mode 100644 index 767efde9..00000000 --- a/auto-discovery/kubernetes/hack/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file diff --git a/auto-discovery/kubernetes/main.go b/auto-discovery/kubernetes/main.go deleted file mode 100644 index c34bd899..00000000 --- a/auto-discovery/kubernetes/main.go +++ /dev/null @@ -1,86 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "os" - - "k8s.io/apimachinery/pkg/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - "github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes/controllers" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -var ( - scheme = runtime.NewScheme() - setupLog = ctrl.Log.WithName("setup") -) - -func init() { - _ = clientgoscheme.AddToScheme(scheme) - - _ = targetsv1.AddToScheme(scheme) - - // +kubebuilder:scaffold:scheme -} - -func main() { - var metricsAddr string - var enableLeaderElection bool - flag.StringVar(&metricsAddr, "metrics-addr", ":8081", "The address the metric endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - flag.Parse() - - ctrl.SetLogger(zap.New(zap.UseDevMode(true))) - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Port: 9443, - LeaderElection: enableLeaderElection, - LeaderElectionID: "0c9fa8fa.my.domain", - }) - if err != nil { - setupLog.Error(err, "unable to start manager") - os.Exit(1) - } - - if err = (&controllers.IngressScanReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("IngressScanController"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DeleteMe") - os.Exit(1) - } - // +kubebuilder:scaffold:builder - - setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") - os.Exit(1) - } -} diff --git a/auto-discovery/readme.md b/auto-discovery/readme.md deleted file mode 100644 index 9aba2beb..00000000 --- a/auto-discovery/readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# secureCodeBox Auto-Discovery - -> Disclaimer: This concept is currently undergoing first tests, things might still change drastically. - -The Auto Discovery Services monitor security relevant resources inside a cloud environment and automatically create scans to continuously monitor security aspects of the resources. We aim to eventually support most mayor cloud providers, like AWS, GCP and Azure, but also runtime environments on top of these, primarily kubernetes. - -## Example - -A developer deploys an app to a kubernetes cluster where the secureCodeBox and the kubernetes cloud integration for the secureCodeBox is installed. They create an Deployment for their application container and a Ingress to expose the application to the world. - -The kubernetes cloud integration service will automatically detect these new resources and start scans for them. -The scans it would start: - -1. A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy) -2. A TLS Scan against the certificate of the ingress for the host. (Using SSLyze) -3. A ZAP Baseline Scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP) diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc new file mode 100644 index 00000000..7069f35a --- /dev/null +++ b/docs/adr/adr_0002.adoc @@ -0,0 +1,182 @@ +[[ADR-0002]] += ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== + +| Status +| ACCEPTED + +| Date +| 2020-05-20 + +| Author(s) +| Jannik Hollenbach , + Robert Seedorff , + Sven Strittmatter +|==== + +== Context + +=== Status Quo + +Currently scans by the secureCodeBox are single focused on a specific tool. +Combining multiple scans requires manual or scripting by the user to use the results of a scan (e.g. Nmap) as a input for another scanner (e.g. SSLyze) + +=== Problem and Question + +How can the results of a scan be used to automatically configure subsequent specialized scans for identified targets. + +In general we want to describe cascading scans like: + +``` ++--------+ +--------+ +--------+ +| scan 1 |-- result -->| scan 2 |-- result -->| scan 3 | ++--------+ +--------+ | +--------+ + | + | +--------+ + +---->| scan 4 | + +--------+ +```` + +A concrete example: + +``` ++----------------+ +-----------------+ +-----------+ +| <> | | <> | | <> | +| find all hosts |-- IP -->| find open ports |-- port 443 -->| check TLS | ++----------------+ +-----------------+ | +-----------+ + | + | +-------------+ + | | <> | + +------->| check HTTPd | + +-------------+ +``` + +The solution should fulfill the following criteria: + +- The "rules" used to describe which subsequent scans can be executed should be modular, so that they can be packaged together with the scan types. +- It should be possible for a user to select which scan rules should be applied +- Protections should be in place to ensure that the clusters are not completely overwhelmed by these automatically created scans. Especially circular structures which create a infinite number of scans should be prevented. + +== Decision + +It was decided to implement these rules as Custom Resource Definitions (CRDs) in Kubernetes. +This allows the Helm Charts of the scanners to package related rules for the scanner together with their ScanTypes. + +=== Defining CascadingRule + +The so called "CascadingRules" consist of a "matches" section which contains one or multiple rules which are compared against findings. +When a finding matches a rule the "scanSpec" section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +```yaml +apiVersion: "cascading.experimental.securecodebox.io/v1" +kind: CascadingRule +metadata: + name: "tls-scans" + labels: + # Described how "invasive" the scan is. + # Possible values: "invasive" or "non-invasive" + # CascadingRules are considered "invasive" when the Scan they start actively sends out packages with attack payloads. + securecodebox.io/invasive: non-invasive + # Described the intensiveness level on a scanning and computational resource level. + # Possible values: "ligh", "medium", "intense" + # CascadingRules are considered more "intensive" when the Scan they start consumes lots of computational resources like RAM, CPU, or Network + securecodebox.io/intensive: light +spec: + matches: + # CascadingRule triggers if a finding matches at least one of the anyOf matchers + # With the first version of this implementation only anyOf would be supported. + # If this turns out to be lacking and other operators (like `allOf` can be introduced without breaking changes) + anyOf: + # define an explicit "port" as finding and a given port number + - category: "Open Port" + attributes: + port: 443 + service: "https" + # define an "port service" finding (any port) + - category: "Open Port" + attributes: + service: "https" + scanSpec: + name: "sslyze" + parameters: ["--regular", "{{attributes.hostname}}"] +``` + +=== Using CascadingRules + +By default no cascading Rules will be used. + +```yaml +# Nmap Scan without cascading rules +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To enable cascading rules you need to specify a label selector to select the cascading rules you'd like + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + matchLabels: + # Uses all CascadingRules in the namespace which are labelled as "non-invasive" and a intensiveness level of "light" + securecodebox.io/invasive: non-invasive + securecodebox.io/intensive: light + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To implicitly enable all cascading rules (not-recommended) a empty label selector can be used + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + # Uses all `CascadingRules` in the namespace + matchLabels: {} + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +The label selectors also allow the more powerful [matchExpression](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) selectors: + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "example.com" +spec: + scanType: nmap + parameters: + - -p22,80,443 + - example.com + cascades: + # Using matchExpression instead of matchLabels + matchExpression: + key: "securecodebox.io/intensive" + operator: In + # This select both light and medium intensity rules + values: [light, medium] +``` diff --git a/hooks/declarative-subsequent-scans/templates/NOTES.txt b/hooks/declarative-subsequent-scans/templates/NOTES.txt index 5b163957..0e06e84a 100644 --- a/hooks/declarative-subsequent-scans/templates/NOTES.txt +++ b/hooks/declarative-subsequent-scans/templates/NOTES.txt @@ -10,4 +10,4 @@ $ kubectl get cascadingrules You need to explicitly turn on scan cascading for every scan you use. You can do that by setting a label selector which matches all rules you want to use. -Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues/46) \ No newline at end of file +Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2/issues/46) \ No newline at end of file diff --git a/lurcher/Dockerfile b/lurcher/Dockerfile index 5e55aab5..38d1d11b 100644 --- a/lurcher/Dockerfile +++ b/lurcher/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests @@ -20,7 +20,6 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o lurcher FROM gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/lurcher . -COPY result.xml /home/securecodebox/result.xml USER nonroot:nonroot ENTRYPOINT ["/lurcher"] diff --git a/lurcher/go.mod b/lurcher/go.mod index eea3bcf0..432b7b95 100644 --- a/lurcher/go.mod +++ b/lurcher/go.mod @@ -1,6 +1,6 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/lurcher +module github.com/secureCodeBox/secureCodeBox-v2/lurcher -go 1.13 +go 1.15 require ( k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb diff --git a/lurcher/job.yaml b/lurcher/job.yaml deleted file mode 100644 index 3aa24783..00000000 --- a/lurcher/job.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: lurcher-test -spec: - backoffLimit: 4 - template: - spec: - restartPolicy: Never - containers: - - name: primary - image: alpine - command: ["sleep", "5"] - - name: lurcher - image: scbexperimental - imagePullPolicy: IfNotPresent - args: - - "--container" - - "primary" - - "--file" - - "/home/securecodebox/result.xml" - - "--url" - # This URL has been expired for quite some time ;) To test this you'll need to generate a new one. - - "https://fra1.digitaloceanspaces.com/securecodebox/scan/result.xml?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=NWN2DEMTNFQUTQB5SZ6A%2F20200312%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20200312T180859Z&X-Amz-Expires=43200&X-Amz-SignedHeaders=host&X-Amz-Signature=852dc4576ff5b6195b9f6a7dd49851cc701a2fb59fb23db6e7c7913f412f0460" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: lurcher ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: "default" - name: lurcher -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: lurcher - namespace: default -subjects: - - kind: ServiceAccount - name: lurcher -roleRef: - kind: Role - name: lurcher - apiGroup: rbac.authorization.k8s.io diff --git a/lurcher/result.xml b/lurcher/result.xml deleted file mode 100644 index b364cd36..00000000 --- a/lurcher/result.xml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/operator/Dockerfile b/operator/Dockerfile index 34d572b9..202cb7df 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/operator/PROJECT b/operator/PROJECT index a0c68343..20f5bd19 100644 --- a/operator/PROJECT +++ b/operator/PROJECT @@ -1,6 +1,6 @@ domain: experimental.securecodebox.io multigroup: true -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha +repo: github.com/secureCodeBox/secureCodeBox-v2 resources: - group: execution kind: Scan diff --git a/operator/apis/cascading/v1/cascadingrule_types.go b/operator/apis/cascading/v1/cascadingrule_types.go index 2115bf0d..b1de37eb 100644 --- a/operator/apis/cascading/v1/cascadingrule_types.go +++ b/operator/apis/cascading/v1/cascadingrule_types.go @@ -17,7 +17,7 @@ limitations under the License. package v1 import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) diff --git a/operator/apis/targets/v1/groupversion_info.go b/operator/apis/targets/v1/groupversion_info.go deleted file mode 100644 index f81c0a2f..00000000 --- a/operator/apis/targets/v1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1 contains API Schema definitions for the targets v1 API group -// +kubebuilder:object:generate=true -// +groupName=targets.experimental.securecodebox.io -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "targets.experimental.securecodebox.io", Version: "v1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/operator/apis/targets/v1/host_types.go b/operator/apis/targets/v1/host_types.go deleted file mode 100644 index 47b0fea6..00000000 --- a/operator/apis/targets/v1/host_types.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// HostSpec defines the desired state of Host -type HostSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // Hostname contains the dns name of the host - // TODO: Add an IPAddress Field - Hostname string `json:"hostname"` - - Ports []HostPort `json:"ports"` -} - -// HostPort describes a Port of a Host -type HostPort struct { - Type string `json:"type"` - // The port number - // +kubebuilder:validation:Minimum=0 - // +kubebuilder:validation:Maximun=65536 - Port int32 `json:"port" protobuf:"varint,2,opt,name=port"` -} - -// HostStatus defines the observed state of Host -type HostStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file - - Findings executionv1.FindingStats `json:"findings,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:printcolumn:name="Hostname",type=string,JSONPath=`.spec.hostname` -// +kubebuilder:printcolumn:name="Ports",type=string,JSONPath=`.spec.ports`,description="Ports of the Host" -// +kubebuilder:printcolumn:name="Findings",type=string,JSONPath=`.status.findings.count`,description="Total Finding Count" - -// Host is the Schema for the hosts API -type Host struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec HostSpec `json:"spec,omitempty"` - Status HostStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// HostList contains a list of Host -type HostList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Host `json:"items"` -} - -func init() { - SchemeBuilder.Register(&Host{}, &HostList{}) -} diff --git a/operator/apis/targets/v1/zz_generated.deepcopy.go b/operator/apis/targets/v1/zz_generated.deepcopy.go deleted file mode 100644 index 03c8fc67..00000000 --- a/operator/apis/targets/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,135 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Host) DeepCopyInto(out *Host) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Host. -func (in *Host) DeepCopy() *Host { - if in == nil { - return nil - } - out := new(Host) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Host) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostList) DeepCopyInto(out *HostList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Host, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostList. -func (in *HostList) DeepCopy() *HostList { - if in == nil { - return nil - } - out := new(HostList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *HostList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostPort) DeepCopyInto(out *HostPort) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPort. -func (in *HostPort) DeepCopy() *HostPort { - if in == nil { - return nil - } - out := new(HostPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostSpec) DeepCopyInto(out *HostSpec) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]HostPort, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostSpec. -func (in *HostSpec) DeepCopy() *HostSpec { - if in == nil { - return nil - } - out := new(HostSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostStatus) DeepCopyInto(out *HostStatus) { - *out = *in - in.Findings.DeepCopyInto(&out.Findings) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostStatus. -func (in *HostStatus) DeepCopy() *HostStatus { - if in == nil { - return nil - } - out := new(HostStatus) - in.DeepCopyInto(out) - return out -} diff --git a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml b/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/config/crd/patches/cainjection_in_hosts.yaml b/operator/config/crd/patches/cainjection_in_hosts.yaml deleted file mode 100644 index 356ddfed..00000000 --- a/operator/config/crd/patches/cainjection_in_hosts.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: hosts.targets.experimental.securecodebox.io diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index c7aee9f1..899cf15c 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/job.go b/operator/controllers/execution/scans/job.go index c1ccb3aa..2f202ea3 100644 --- a/operator/controllers/execution/scans/job.go +++ b/operator/controllers/execution/scans/job.go @@ -3,7 +3,7 @@ package scancontrollers import ( "context" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" batch "k8s.io/api/batch/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index b3022b9d..bed741a8 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/scan_controller.go b/operator/controllers/execution/scans/scan_controller.go index ae543dab..1755147d 100644 --- a/operator/controllers/execution/scans/scan_controller.go +++ b/operator/controllers/execution/scans/scan_controller.go @@ -32,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/minio/minio-go/v6" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) // ScanReconciler reconciles a Scan object diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 2e3b6e6d..2f10da56 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index cb676b97..b1a29446 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -29,7 +29,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) var ( diff --git a/operator/controllers/execution/suite_test.go b/operator/controllers/execution/suite_test.go index d7a043a9..b71e8cba 100644 --- a/operator/controllers/execution/suite_test.go +++ b/operator/controllers/execution/suite_test.go @@ -30,7 +30,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" // +kubebuilder:scaffold:imports ) diff --git a/operator/controllers/targets/host_controller.go b/operator/controllers/targets/host_controller.go deleted file mode 100644 index 9ac2c2f5..00000000 --- a/operator/controllers/targets/host_controller.go +++ /dev/null @@ -1,236 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - "reflect" - "time" - - "github.com/go-logr/logr" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - ctrl "sigs.k8s.io/controller-runtime" - - "sigs.k8s.io/controller-runtime/pkg/client" - - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" -) - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// HostReconciler reconciles a Host object -type HostReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -type ScanTemplates struct { - Port int32 - Type string - ScanSpec executionv1.ScanSpec -} - -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans,verbs=get;list;create -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans/status,verbs=get - -// Reconcile comapares the Host Resource with the State of the Cluster and updates both accordingly -func (r *HostReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log.WithValues("host", req.NamespacedName) - - var host targetsv1.Host - if err := r.Get(ctx, req.NamespacedName, &host); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Host") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - scanTemplates := CreateScanTemplatesForHost(host) - - for _, scanTemplate := range scanTemplates { - scanName := fmt.Sprintf("%s-%s-%d", host.Name, scanTemplate.ScanSpec.ScanType, scanTemplate.Port) - - var scan executionv1.ScheduledScan - err := r.Get(ctx, types.NamespacedName{Name: scanName, Namespace: req.Namespace}, &scan) - if err != nil && apierrors.IsNotFound(err) { - // Scan doesn't exists yet. Thats allright, as we are going to create it directly after this :) - } else if err != nil { - log.Error(err, "Failed to lookup ScheduledScan for Host") - return ctrl.Result{}, err - } else { - log.V(4).Info("Wont create Scan for Host as the Scan already exists", "ScheduledScanName", scanName) - continue - } - - scan = executionv1.ScheduledScan{ - ObjectMeta: metav1.ObjectMeta{ - Name: scanName, - Namespace: host.Namespace, - }, - Spec: executionv1.ScheduledScanSpec{ - ScanSpec: &scanTemplate.ScanSpec, - Interval: metav1.Duration{Duration: 24 * time.Hour}, - HistoryLimit: 1, - }, - } - if err := ctrl.SetControllerReference(&host, &scan, r.Scheme); err != nil { - log.Error(err, "unable to set owner reference on ScheduledScan") - return ctrl.Result{}, err - } - - if err := r.Create(ctx, &scan); err != nil { - log.Error(err, "unable to create ScheduledScan for Host", "host", host.Name) - return ctrl.Result{}, err - } - log.Info("Created ScheduledScan for Target", "ScheduledScan", scanName) - } - - // Update Targets Findings Status - var childScans executionv1.ScheduledScanList - if err := r.List(ctx, &childScans, client.InNamespace(req.Namespace), client.MatchingFields{ownerKey: req.Name}); err != nil { - log.Error(err, "unable to list child ScheduledScans") - return ctrl.Result{}, err - } - - totalStats := executionv1.FindingStats{ - Count: 0, - FindingSeverities: executionv1.FindingSeverities{ - Informational: 0, - Low: 0, - Medium: 0, - High: 0, - }, - FindingCategories: map[string]uint64{}, - } - for _, scan := range childScans.Items { - stats := scan.Status.Findings - - totalStats.Count += stats.Count - totalStats.FindingSeverities.Informational += stats.FindingSeverities.Informational - totalStats.FindingSeverities.Low += stats.FindingSeverities.Low - totalStats.FindingSeverities.Medium += stats.FindingSeverities.Medium - totalStats.FindingSeverities.High += stats.FindingSeverities.High - - for key, value := range stats.FindingCategories { - if _, ok := totalStats.FindingCategories[key]; ok { - totalStats.FindingCategories[key] += value - } else { - totalStats.FindingCategories[key] = value - } - } - } - - if !reflect.DeepEqual(host.Status.Findings, totalStats) { - log.V(0).Info("Updating ScheduledScans Findings as they appear to have changed") - host.Status.Findings = *totalStats.DeepCopy() - if err := r.Status().Update(ctx, &host); err != nil { - log.Error(err, "unable to update Host status") - return ctrl.Result{}, err - } - } - - return ctrl.Result{}, nil -} - -// CreateScanTemplatesForHost defines which scans should be created for a Host -func CreateScanTemplatesForHost(host targetsv1.Host) []ScanTemplates { - var scanTemplates []ScanTemplates - - for _, port := range host.Spec.Ports { - if port.Type == "ssh" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "ssh-scan", - Parameters: []string{"--target", host.Spec.Hostname, "--port", fmt.Sprintf("%d", port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "zap-baseline", - Parameters: []string{"-t", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "nikto", - Parameters: []string{"-h", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port), "-Tuning", "1,2,3,5,7,b"}, - }, - }) - } - if port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "sslyze", - Parameters: []string{"--regular", fmt.Sprintf("%s:%d", host.Spec.Hostname, port.Port)}, - }, - }) - } - } - - return scanTemplates -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *HostReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&executionv1.ScheduledScan{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the scan object, extract the owner... - scheduledScan := rawObj.(*executionv1.ScheduledScan) - owner := metav1.GetControllerOf(scheduledScan) - if owner == nil { - return nil - } - // ...make sure it's a Scan belonging to a Host... - if owner.APIVersion != apiGVStr || owner.Kind != "Host" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - return ctrl.NewControllerManagedBy(mgr). - For(&targetsv1.Host{}). - Owns(&executionv1.ScheduledScan{}). - Complete(r) -} diff --git a/operator/controllers/targets/suite_test.go b/operator/controllers/targets/suite_test.go deleted file mode 100644 index 7f9147dd..00000000 --- a/operator/controllers/targets/suite_test.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - err = targetsv1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml b/operator/crds/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/go.mod b/operator/go.mod index 97c7be87..1049ceba 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -1,6 +1,6 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/operator +module github.com/secureCodeBox/secureCodeBox-v2/operator -go 1.13 +go 1.15 require ( github.com/go-logr/logr v0.1.0 diff --git a/operator/go.sum b/operator/go.sum index 5643d29d..5083a63c 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -254,7 +254,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v2.0.0-rc.1+incompatible h1:beH1o7Y/nuUUkE0OutEPMkJ6ml+jnq27CFGWJq1NFS0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go index 858f9669..db2c47eb 100644 --- a/operator/internal/telemetry/telemetry.go +++ b/operator/internal/telemetry/telemetry.go @@ -11,7 +11,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/go-logr/logr" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/operator/main.go b/operator/main.go index 18d1e58e..ef84fa47 100644 --- a/operator/main.go +++ b/operator/main.go @@ -26,13 +26,11 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" - cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/cascading/v1" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - executioncontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution" - scancontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution/scans" - targetscontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/targets" - "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/internal/telemetry" + cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/cascading/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + executioncontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution" + scancontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution/scans" + "github.com/secureCodeBox/secureCodeBox-v2/operator/internal/telemetry" // +kubebuilder:scaffold:imports ) @@ -45,7 +43,6 @@ func init() { _ = clientgoscheme.AddToScheme(scheme) _ = executionv1.AddToScheme(scheme) - _ = targetsv1.AddToScheme(scheme) _ = cascadingv1.AddToScheme(scheme) // +kubebuilder:scaffold:scheme } @@ -89,14 +86,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "ScheduledScan") os.Exit(1) } - if err = (&targetscontroller.HostReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Host"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Host") - os.Exit(1) - } // +kubebuilder:scaffold:builder if enabled, ok := os.LookupEnv("TELEMETRY_ENABLED"); ok && enabled == "true" { diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/templates/rbac/role.yaml +++ b/operator/templates/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update diff --git a/package.json b/package.json index 11ccfe50..afa424a5 100644 --- a/package.json +++ b/package.json @@ -9,15 +9,15 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2-alpha.git" + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" }, "keywords": [], "author": "", "license": "ISC", "bugs": { - "url": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues" + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" }, - "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha#readme", + "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2#readme", "devDependencies": { "eslint": "^6.8.0", "eslint-config-oclif": "^3.1.0", diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 8fbd4ae4..12242fc7 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.9.1 +appVersion: 3.10.2 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 6968c918..9995965d 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.9.1" +appVersion: "3.10.2" usecase: "Subdomain Enumeration Scanner" --- @@ -26,16 +26,16 @@ helm upgrade --install amass ./scanners/amass/ The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. -* The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -* Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` Special command line options: -* Disable generation of altered names `amass enum -noalts -d example.com` -* Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -* Disable saving data into a local database `amass enum -nolocaldb -d example.com` -* Domain names separated by commas (can be used multiple times) `amass enum -d example.com` +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` -[OWASP_Amass_Project]: https://owasp.org/www-project-amass/ -[Amass GitHub]: https://github.com/OWASP/Amass -[Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/amass/examples/example.com/README.md b/scanners/amass/examples/example.com/README.md new file mode 100644 index 00000000..978d5f21 --- /dev/null +++ b/scanners/amass/examples/example.com/README.md @@ -0,0 +1,9 @@ +--- +title: "example.com" +--- + + + +> ✍ **Page under construction.** + +the frontmatter requires the name of the scantarget as 'title' \ No newline at end of file diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index a108c0a2..6520b0c9 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -21,7 +21,7 @@ To learn more about the Nmap scanner itself visit [nmap.org]. The Nikto ScanType can be deployed via helm: ```bash -helm upgrade --install nikto ./scanners/nikto/ +helm upgrade --install nmap ./scanners/nmap/ ``` ## Nmap Configuration diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index a0cba5be..a07af52a 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -1,6 +1,6 @@ --- title: "SSH" -path: "scanners/ssh" +path: "scanners/ssh_scan" category: "scanner" type: "SSH" state: "released" diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 61e6ef5b..e6f2108a 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -12,7 +12,7 @@ usecase: "WebApp & OpenAPI Vulnerability Scanner" The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. -To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy.org]. +To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/). @@ -26,7 +26,7 @@ helm upgrade --install zap ./scanners/zap/ ## Configuration -The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the ZAP Docker Scan Scripts. By default the secureCodeBox ZAP Helm Chart installs all three ZAP scripts: `zap-baseline`, `zap-full-scan` & `zap-api-scan`. Listed below are the arguments supported by the `zap-baseline` script, which are mostly interchangable with the other ZAP scripts. For a more complete reference check out the [ZAP Documentation](https://www.zaproxy.org/docs/docker/) and the secureCodeBox based ZAP examples listed below. The command line interface can be used to easily run server scans: `-t www.example.com` @@ -58,6 +58,3 @@ Options: -z zap_options ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd" --hook path to python file that define your custom hooks ``` - -[SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze -[SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ From de350842c7435d160349bd08857589ff7ec0e5f9 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 4 Sep 2020 13:49:24 +0200 Subject: [PATCH 062/235] Fix time interval o match docs --- operator/internal/telemetry/telemetry.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go index db2c47eb..4ad69b46 100644 --- a/operator/internal/telemetry/telemetry.go +++ b/operator/internal/telemetry/telemetry.go @@ -45,8 +45,8 @@ type telemetryData struct { func Loop(apiClient client.Client, log logr.Logger) { log.Info("The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry") - // Wait until controller cache is initialized - time.Sleep(10 * time.Second) + // Wait 1hour to give users time to uninstall / disable telemetry + time.Sleep(1 * time.Hour) for { var version string From 57e9c1f6734a8085afa7a0928c3cc3951e685185 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 4 Sep 2020 13:57:55 +0200 Subject: [PATCH 063/235] Mount version from helm chart version instead of at build time --- .github/workflows/ci.yaml | 4 ---- operator/Dockerfile | 3 +-- operator/templates/manager/manager.yaml | 2 ++ 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index df05aaf0..3b06348d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -63,16 +63,12 @@ jobs: cd operator/ go fmt ./... go vet ./... - - name: Parse Tag - id: parse-tag - run: echo ::set-output name=version::${GITHUB_REF#refs/*/} - name: "Build'n Push Operator" uses: docker/build-push-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} repository: scbexperimental/operator - build_args: VERSION=`${{ steps.parse-tag.outputs.version }} tag_with_ref: true tag_with_sha: true path: ./operator/ diff --git a/operator/Dockerfile b/operator/Dockerfile index 202cb7df..0257cc0d 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -23,8 +23,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot -ARG VERSION=unkown -ENV VERSION ENV ${BRANCH} +ENV VERSION=unkown ENV TELEMETRY_ENABLED "true" WORKDIR / diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index 721f70d1..575e5a26 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -34,6 +34,8 @@ spec: {{- if .Values.minio.enabled }} - name: S3_USE_SSL value: 'false' + - name: VERSION + value: {{ .Chart.Version | quote }} - name: S3_ENDPOINT value: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc.cluster.local" - name: S3_PORT From 5c957231b4b2ff34652691aabff8edb50224c90c Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 7 Sep 2020 11:35:34 +0200 Subject: [PATCH 064/235] Update to Amass v3.10.3 --- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 12242fc7..1d60655e 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.10.2 +appVersion: 3.10.3 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 9995965d..5509ba4f 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.10.2" +appVersion: "3.10.3" usecase: "Subdomain Enumeration Scanner" --- From 2d14ae2170c5246b2b731da90d5b65ed43e9146a Mon Sep 17 00:00:00 2001 From: sebie Date: Mon, 7 Sep 2020 15:45:53 +0200 Subject: [PATCH 065/235] Ncrack CI Co-authored-by: Jannik Hollenbach --- .github/workflows/ci.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b3c51c6a..c6f03b33 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -131,6 +131,16 @@ jobs: tag_with_ref: true tag_with_sha: true build_args: baseImageTag=ci-local + - uses: docker/build-push-action@v1 + name: "Build & Push Ncrack Parser Image" + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + repository: scbexperimental/parser-ncrack + path: ./scanners/ncrack/parser/ + tag_with_ref: true + tag_with_sha: true + build_args: baseImageTag=ci-local - uses: docker/build-push-action@v1 name: "Build & Push Nikto Parser Image" with: @@ -278,6 +288,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + - uses: docker/build-push-action@v1 + name: "Build & Push Ncrack Scanner Image" + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + repository: scbexperimental/ncrack + path: ./scanners/ncrack/scanner/ + # Note: not prefixed with a "v" as this seems to match ncrack versioning standards + tags: "0.7,latest" - uses: docker/build-push-action@v1 name: "Build & Push Nmap Scanner Image" with: From 019fccd36bbbe5a378ff496b11419e06ee7b20d9 Mon Sep 17 00:00:00 2001 From: sebie Date: Mon, 7 Sep 2020 15:59:12 +0200 Subject: [PATCH 066/235] ncrack integration test --- .github/workflows/ci.yaml | 11 ++++++++-- tests/integration/scanner/ncrack.test.js | 26 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 tests/integration/scanner/ncrack.test.js diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c6f03b33..c45e2cbe 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -399,11 +399,20 @@ jobs: cd tests/integration/ npx jest --ci --color read-only-hook helm -n integration-tests uninstall test-scan http-webhook ro-hook + - name: "Install Demo Apps" + run: | + # Install dummy-ssh app + helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait - name: "nmap Integration Tests" run: | helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color nmap + - name: "ncrack Integration Tests" + run: | + helm -n integration-tests install ncrack ./scanners/ncrack/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + cd tests/integration/ + npx jest --ci --color ncrack - name: "kube-hunter Integration Tests" run: | helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" @@ -412,8 +421,6 @@ jobs: - name: "ssh-scan Integration Tests" run: | helm -n integration-tests install ssh-scan ./scanners/ssh_scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" - # Install dummy-ssh app - helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait cd tests/integration/ npx jest --ci --color ssh-scan - name: Inspect Post Failure diff --git a/tests/integration/scanner/ncrack.test.js b/tests/integration/scanner/ncrack.test.js new file mode 100644 index 00000000..2e9a3050 --- /dev/null +++ b/tests/integration/scanner/ncrack.test.js @@ -0,0 +1,26 @@ +const { scan } = require('../helpers') + +test( + "localhost port scan should only find a host finding", + async () => { + const { categories, severities, count } = await scan( + "ncrack-dummy-ssh", + "ncrack", + ["--user", "root,admin", "--pass", "password,123456,THEPASSWORDYOUCREATED", "ssh://dummy-ssh.demo-apps.svc"], + 90 + ); + + expect(count).toBe(1); + expect(categories).toMatchInlineSnapshot(` + Object { + "Discovered Credentials": 1, + } + `); + expect(severities).toMatchInlineSnapshot(` + Object { + "high": 1, + } + `); + }, + 3 * 60 * 1000 +); \ No newline at end of file From af142e47e4c43fcebb0fff643c2fbc7097a86ed8 Mon Sep 17 00:00:00 2001 From: sebie Date: Mon, 7 Sep 2020 16:02:22 +0200 Subject: [PATCH 067/235] ncrack integration fix --- scanners/ncrack/parser/parser.test.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scanners/ncrack/parser/parser.test.js b/scanners/ncrack/parser/parser.test.js index ae1f52ef..34ad0813 100644 --- a/scanners/ncrack/parser/parser.test.js +++ b/scanners/ncrack/parser/parser.test.js @@ -1,5 +1,4 @@ const { parse } = require('./parser'); -const uuid = require('uuid/v4'); const fs = require('fs'); it('should return no findings when ncrack has not found credentials', async () => { From f8e1f1bea53501a9c37881ba0b3845b4b7772a09 Mon Sep 17 00:00:00 2001 From: sebie Date: Mon, 7 Sep 2020 16:14:22 +0200 Subject: [PATCH 068/235] Fixed test name --- tests/integration/scanner/ncrack.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/scanner/ncrack.test.js b/tests/integration/scanner/ncrack.test.js index 2e9a3050..bfbf002d 100644 --- a/tests/integration/scanner/ncrack.test.js +++ b/tests/integration/scanner/ncrack.test.js @@ -1,7 +1,7 @@ const { scan } = require('../helpers') test( - "localhost port scan should only find a host finding", + "ncrack should find 1 credential in vulnerable ssh service", async () => { const { categories, severities, count } = await scan( "ncrack-dummy-ssh", From 406fa548a7becc4c755dc576221330c27b242f03 Mon Sep 17 00:00:00 2001 From: sebie Date: Tue, 8 Sep 2020 12:58:42 +0200 Subject: [PATCH 069/235] ncrack Integration Test Fix --- scanners/ncrack/scanner/Dockerfile | 2 +- tests/integration/helpers.js | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scanners/ncrack/scanner/Dockerfile b/scanners/ncrack/scanner/Dockerfile index 2615013b..8d8c0379 100644 --- a/scanners/ncrack/scanner/Dockerfile +++ b/scanners/ncrack/scanner/Dockerfile @@ -4,4 +4,4 @@ RUN apt-get update \ && apt-get install ncrack=0.7+debian-1build1 -y \ && rm -rf /var/lib/apt/lists/* -ENTRYPOINT [ "ncrack" ] \ No newline at end of file +CMD [ "ncrack" ] \ No newline at end of file diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 28308a26..7beba406 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -54,6 +54,7 @@ async function logJobs() { * @param {string} scanType type of the scan. Must match the name of a ScanType CRD * @param {string[]} parameters cli argument to be passed to the scanner * @param {number} timeout in seconds + * @returns {scan.findings} returns findings { categories, severities, count } */ async function scan(name, scanType, parameters = [], timeout = 180) { const scanDefinition = { From 849cbca5b8334750ce2af85aea62b95e4712fbd5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Sat, 20 Jun 2020 21:29:05 +0200 Subject: [PATCH 070/235] Add presigned download links to the scans status --- operator/apis/execution/v1/scan_types.go | 5 +++++ ...tion.experimental.securecodebox.io_scans.yaml | 8 ++++++++ .../execution/scans/hook_reconciler.go | 12 ++++++------ .../execution/scans/parse_reconciler.go | 4 ++-- .../execution/scans/scan_controller.go | 10 ++++++---- .../execution/scans/scan_reconciler.go | 16 +++++++++++++++- 6 files changed, 42 insertions(+), 13 deletions(-) diff --git a/operator/apis/execution/v1/scan_types.go b/operator/apis/execution/v1/scan_types.go index 4d32f283..1d66a05f 100644 --- a/operator/apis/execution/v1/scan_types.go +++ b/operator/apis/execution/v1/scan_types.go @@ -52,6 +52,11 @@ type ScanStatus struct { // RawResultFile Filename of the result file of the scanner. e.g. `nmap-result.xml` RawResultFile string `json:"rawResultFile,omitempty"` + // FindingDownloadLink link to download the finding json file from. Valid for 7 days + FindingDownloadLink string `json:"findingDownloadLink,omitempty"` + // RawResultDownloadLink link to download the raw result file from. Valid for 7 days + RawResultDownloadLink string `json:"rawResultDownloadLink,omitempty"` + Findings FindingStats `json:"findings,omitempty"` ReadAndWriteHookStatus []HookStatus `json:"readAndWriteHookStatus,omitempty"` diff --git a/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml b/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml index 01e02e48..0c7b47c3 100644 --- a/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml +++ b/operator/config/crd/bases/execution.experimental.securecodebox.io_scans.yaml @@ -218,6 +218,10 @@ spec: properties: errorDescription: type: string + findingDownloadLink: + description: FindingDownloadLink link to download the finding json file + from. Valid for 7 days + type: string findings: description: FindingStats contains the general stats about the results of the scan @@ -257,6 +261,10 @@ spec: parser & hooks) has been marked as "Done" format: date-time type: string + rawResultDownloadLink: + description: RawResultDownloadLink link to download the raw result file + from. Valid for 7 days + type: string rawResultFile: description: RawResultFile Filename of the result file of the scanner. e.g. `nmap-result.xml` diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index f9df89be..28e0d4ee 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -82,20 +82,20 @@ func (r *ScanReconciler) executeReadAndWriteHooks(scan *executionv1.Scan) error switch nonCompletedHook.State { case executionv1.Pending: - rawFileURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile) + rawFileURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile, defaultPresignDuration) if err != nil { return err } - findingsFileURL, err := r.PresignedGetURL(scan.UID, "findings.json") + findingsFileURL, err := r.PresignedGetURL(scan.UID, "findings.json", defaultPresignDuration) if err != nil { return err } - rawFileUploadURL, err := r.PresignedPutURL(scan.UID, scan.Status.RawResultFile) + rawFileUploadURL, err := r.PresignedPutURL(scan.UID, scan.Status.RawResultFile, defaultPresignDuration) if err != nil { return err } - findingsUploadURL, err := r.PresignedPutURL(scan.UID, "findings.json") + findingsUploadURL, err := r.PresignedPutURL(scan.UID, "findings.json", defaultPresignDuration) if err != nil { return err } @@ -242,11 +242,11 @@ func (r *ScanReconciler) startReadOnlyHooks(scan *executionv1.Scan) error { continue } - rawFileURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile) + rawFileURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile, defaultPresignDuration) if err != nil { return err } - findingsFileURL, err := r.PresignedGetURL(scan.UID, "findings.json") + findingsFileURL, err := r.PresignedGetURL(scan.UID, "findings.json", defaultPresignDuration) if err != nil { return err } diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index bed741a8..09a88bd3 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -49,12 +49,12 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error { } log.Info("Matching ParseDefinition Found", "ParseDefinition", parseType) - findingsUploadURL, err := r.PresignedPutURL(scan.UID, "findings.json") + findingsUploadURL, err := r.PresignedPutURL(scan.UID, "findings.json", defaultPresignDuration) if err != nil { r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider") return err } - rawResultDownloadURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile) + rawResultDownloadURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile, defaultPresignDuration) if err != nil { return err } diff --git a/operator/controllers/execution/scans/scan_controller.go b/operator/controllers/execution/scans/scan_controller.go index 1755147d..a2aaa569 100644 --- a/operator/controllers/execution/scans/scan_controller.go +++ b/operator/controllers/execution/scans/scan_controller.go @@ -52,6 +52,8 @@ var ( // https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#finalizers var s3StorageFinalizer = "s3.storage.experimental.securecodebox.io" +const defaultPresignDuration = 12 * time.Hour + // +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scans,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scans/status,verbs=get;update;patch // +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scantypes,verbs=get;list;watch @@ -147,11 +149,11 @@ func (r *ScanReconciler) handleFinalizer(scan *executionv1.Scan) error { } // PresignedGetURL returns a presigned URL from the s3 (or compatible) serice. -func (r *ScanReconciler) PresignedGetURL(scanID types.UID, filename string) (string, error) { +func (r *ScanReconciler) PresignedGetURL(scanID types.UID, filename string, duration time.Duration) (string, error) { bucketName := os.Getenv("S3_BUCKET") reqParams := make(url.Values) - rawResultDownloadURL, err := r.MinioClient.PresignedGetObject(bucketName, fmt.Sprintf("scan-%s/%s", string(scanID), filename), 12*time.Hour, reqParams) + rawResultDownloadURL, err := r.MinioClient.PresignedGetObject(bucketName, fmt.Sprintf("scan-%s/%s", string(scanID), filename), duration, reqParams) if err != nil { r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider") return "", err @@ -160,10 +162,10 @@ func (r *ScanReconciler) PresignedGetURL(scanID types.UID, filename string) (str } // PresignedPutURL returns a presigned URL from the s3 (or compatible) serice. -func (r *ScanReconciler) PresignedPutURL(scanID types.UID, filename string) (string, error) { +func (r *ScanReconciler) PresignedPutURL(scanID types.UID, filename string, duration time.Duration) (string, error) { bucketName := os.Getenv("S3_BUCKET") - rawResultDownloadURL, err := r.MinioClient.PresignedPutObject(bucketName, fmt.Sprintf("scan-%s/%s", string(scanID), filename), 12*time.Hour) + rawResultDownloadURL, err := r.MinioClient.PresignedPutObject(bucketName, fmt.Sprintf("scan-%s/%s", string(scanID), filename), duration) if err != nil { r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider") return "", err diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 2f10da56..c30151c0 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "strings" + "time" executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" @@ -89,6 +90,19 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error { scan.Status.State = "Scanning" scan.Status.RawResultType = scanType.Spec.ExtractResults.Type scan.Status.RawResultFile = filepath.Base(scanType.Spec.ExtractResults.Location) + + findingsDownloadURL, err := r.PresignedGetURL(scan.UID, "findings.json", 7*24*time.Hour) + if err != nil { + r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider") + return err + } + scan.Status.FindingDownloadLink = findingsDownloadURL + rawResultDownloadURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile, 7*24*time.Hour) + if err != nil { + return err + } + scan.Status.RawResultDownloadLink = rawResultDownloadURL + if err := r.Status().Update(ctx, scan); err != nil { log.Error(err, "unable to update Scan status") return err @@ -129,7 +143,7 @@ func (r *ScanReconciler) checkIfScanIsCompleted(scan *executionv1.Scan) error { func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *executionv1.ScanType) (*batch.Job, error) { filename := filepath.Base(scanType.Spec.ExtractResults.Location) - resultUploadURL, err := r.PresignedPutURL(scan.UID, filename) + resultUploadURL, err := r.PresignedPutURL(scan.UID, filename, defaultPresignDuration) if err != nil { r.Log.Error(err, "Could not get presigned url from s3 or compatible storage provider") return nil, err From 5eb051818462fc1a1d0ed775270b66ae5f54ca56 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 8 Sep 2020 17:41:19 +0200 Subject: [PATCH 071/235] Delete remaining references to Target CRD type --- operator/PROJECT | 3 --- operator/config/crd/kustomization.yaml | 15 +++++++------- operator/config/rbac/host_editor_role.yaml | 24 ---------------------- operator/config/rbac/host_viewer_role.yaml | 20 ------------------ 4 files changed, 7 insertions(+), 55 deletions(-) delete mode 100644 operator/config/rbac/host_editor_role.yaml delete mode 100644 operator/config/rbac/host_viewer_role.yaml diff --git a/operator/PROJECT b/operator/PROJECT index 20f5bd19..75f7a9ff 100644 --- a/operator/PROJECT +++ b/operator/PROJECT @@ -17,9 +17,6 @@ resources: - group: execution kind: ScheduledScan version: v1 -- group: targets - kind: Host - version: v1 - group: cascading kind: CascadingRule version: v1 diff --git a/operator/config/crd/kustomization.yaml b/operator/config/crd/kustomization.yaml index 7a1e9496..016f539a 100644 --- a/operator/config/crd/kustomization.yaml +++ b/operator/config/crd/kustomization.yaml @@ -2,13 +2,12 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/execution.experimental.securecodebox.io_scans.yaml -- bases/execution.experimental.securecodebox.io_scantypes.yaml -- bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml -- bases/execution.experimental.securecodebox.io_parsedefinitions.yaml -- bases/execution.experimental.securecodebox.io_scheduledscans.yaml -- bases/targets.experimental.securecodebox.io_hosts.yaml -- bases/cascading.experimental.securecodebox.io_cascadingrules.yaml + - bases/execution.experimental.securecodebox.io_scans.yaml + - bases/execution.experimental.securecodebox.io_scantypes.yaml + - bases/execution.experimental.securecodebox.io_scancompletionhooks.yaml + - bases/execution.experimental.securecodebox.io_parsedefinitions.yaml + - bases/execution.experimental.securecodebox.io_scheduledscans.yaml + - bases/cascading.experimental.securecodebox.io_cascadingrules.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -36,4 +35,4 @@ patchesStrategicMerge: # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/operator/config/rbac/host_editor_role.yaml b/operator/config/rbac/host_editor_role.yaml deleted file mode 100644 index 95ef4241..00000000 --- a/operator/config/rbac/host_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit hosts. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: host-editor-role -rules: -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get diff --git a/operator/config/rbac/host_viewer_role.yaml b/operator/config/rbac/host_viewer_role.yaml deleted file mode 100644 index a8d063cb..00000000 --- a/operator/config/rbac/host_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view hosts. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: host-viewer-role -rules: -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - get - - list - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get From 75283e86927d8b66fb22bd6a6d314b3ca4f1aeb0 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Wed, 9 Sep 2020 21:43:27 +0200 Subject: [PATCH 072/235] Fix version injection if minio is disabled --- operator/templates/manager/manager.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index 575e5a26..176566bf 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -30,12 +30,12 @@ spec: env: - name: TELEMETRY_ENABLED value: {{ .Values.telemetryEnabled | quote }} + - name: VERSION + value: {{ .Chart.Version | quote }} # TODO: integrate with cert manager and auto gen a cert for minio {{- if .Values.minio.enabled }} - name: S3_USE_SSL value: 'false' - - name: VERSION - value: {{ .Chart.Version | quote }} - name: S3_ENDPOINT value: "{{ .Release.Name }}-minio.{{ .Release.Namespace }}.svc.cluster.local" - name: S3_PORT From 31ac6c0c62b34ef5e60e965f69504c450a4c0b8c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 10 Sep 2020 00:16:28 +0000 Subject: [PATCH 073/235] fix: upgrade @elastic/elasticsearch from 7.8.0 to 7.9.0 Snyk has created this PR to upgrade @elastic/elasticsearch from 7.8.0 to 7.9.0. See this package in npm: https://www.npmjs.com/package/@elastic/elasticsearch See this project in Snyk: https://app.snyk.io/org/securecodebox/project/c5781d78-eb0e-49a7-bbd6-c5629984717d?utm_source=github&utm_medium=upgrade-pr --- hooks/persistence-elastic/package-lock.json | 6 +++--- hooks/persistence-elastic/package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hooks/persistence-elastic/package-lock.json b/hooks/persistence-elastic/package-lock.json index ec6a8f85..2f4c5072 100644 --- a/hooks/persistence-elastic/package-lock.json +++ b/hooks/persistence-elastic/package-lock.json @@ -330,9 +330,9 @@ } }, "@elastic/elasticsearch": { - "version": "7.8.0", - "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-7.8.0.tgz", - "integrity": "sha512-rUOTNN1At0KoN0Fcjd6+J7efghuURnoMTB/od9EMK6Mcdebi6N3z5ulShTsKRn6OanS9Eq3l/OmheQY1Y+WLcg==", + "version": "7.9.0", + "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-7.9.0.tgz", + "integrity": "sha512-iSLQvQafspN03YayzccShkKgJeRsUbncbtIhIL2SeiH01xwdnOZcp0nCvSNaMsH28A3YQ4ogTs9K8eXe42UaUA==", "requires": { "debug": "^4.1.1", "decompress-response": "^4.2.0", diff --git a/hooks/persistence-elastic/package.json b/hooks/persistence-elastic/package.json index e1f345b5..68257875 100644 --- a/hooks/persistence-elastic/package.json +++ b/hooks/persistence-elastic/package.json @@ -10,7 +10,7 @@ "author": "", "license": "ISC", "dependencies": { - "@elastic/elasticsearch": "^7.8.0", + "@elastic/elasticsearch": "^7.9.0", "lodash.chunk": "^4.2.0", "lodash.flatmap": "^4.5.0" }, From fb1c1eb738a22065ce8860d91741f3a871186d50 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Sep 2020 04:23:56 +0000 Subject: [PATCH 074/235] fix: upgrade axios from 0.19.2 to 0.20.0 Snyk has created this PR to upgrade axios from 0.19.2 to 0.20.0. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/securecodebox/project/6ff3af81-2b12-4f85-97f7-b35884bcfed7?utm_source=github&utm_medium=upgrade-pr --- hook-sdk/nodejs/package-lock.json | 28 +++++++++------------------- hook-sdk/nodejs/package.json | 2 +- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/hook-sdk/nodejs/package-lock.json b/hook-sdk/nodejs/package-lock.json index baef7025..5d589805 100644 --- a/hook-sdk/nodejs/package-lock.json +++ b/hook-sdk/nodejs/package-lock.json @@ -921,11 +921,11 @@ "integrity": "sha512-wMHVg2EOHaMRxbzgFJ9gtjOOCrI80OHLG14rxi28XwOW8ux6IiEbRCGGGqCtdAIg4FQCbW20k9RsT4y3gJlFug==" }, "axios": { - "version": "0.19.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.2.tgz", - "integrity": "sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA==", + "version": "0.20.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.20.0.tgz", + "integrity": "sha512-ANA4rr2BDcmmAQLOKft2fufrtuvlqR+cXNNinUmvfeSNCOF98PZL+7M/v1zIdGo7OLjEA9J2gXJL+j4zGsl0bA==", "requires": { - "follow-redirects": "1.5.10" + "follow-redirects": "^1.10.0" } }, "babel-jest": { @@ -1402,14 +1402,6 @@ "whatwg-url": "^7.0.0" } }, - "debug": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", - "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", - "requires": { - "ms": "2.0.0" - } - }, "decamelize": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", @@ -1802,12 +1794,9 @@ } }, "follow-redirects": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", - "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", - "requires": { - "debug": "=3.1.0" - } + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz", + "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==" }, "for-in": { "version": "1.0.2", @@ -3249,7 +3238,8 @@ "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true }, "nanomatch": { "version": "1.2.13", diff --git a/hook-sdk/nodejs/package.json b/hook-sdk/nodejs/package.json index 1051b4fd..e4c8cad1 100644 --- a/hook-sdk/nodejs/package.json +++ b/hook-sdk/nodejs/package.json @@ -11,7 +11,7 @@ "license": "Apache-2.0", "dependencies": { "@kubernetes/client-node": "^0.12.0", - "axios": "^0.19.2", + "axios": "^0.20.0", "ws": "^7.3.1" }, "devDependencies": { From c70d147d4145818f7da4267733784c4b6054b3db Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Sep 2020 06:02:42 +0000 Subject: [PATCH 075/235] fix: upgrade axios from 0.19.2 to 0.20.0 Snyk has created this PR to upgrade axios from 0.19.2 to 0.20.0. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/securecodebox/project/496cf235-20ad-49d5-b270-36fd4026579c?utm_source=github&utm_medium=upgrade-pr --- hooks/generic-webhook/package-lock.json | 32 ++++++------------------- hooks/generic-webhook/package.json | 2 +- 2 files changed, 8 insertions(+), 26 deletions(-) diff --git a/hooks/generic-webhook/package-lock.json b/hooks/generic-webhook/package-lock.json index 748ee3d6..9a9dff3b 100644 --- a/hooks/generic-webhook/package-lock.json +++ b/hooks/generic-webhook/package-lock.json @@ -920,11 +920,11 @@ "dev": true }, "axios": { - "version": "0.19.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.2.tgz", - "integrity": "sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA==", + "version": "0.20.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.20.0.tgz", + "integrity": "sha512-ANA4rr2BDcmmAQLOKft2fufrtuvlqR+cXNNinUmvfeSNCOF98PZL+7M/v1zIdGo7OLjEA9J2gXJL+j4zGsl0bA==", "requires": { - "follow-redirects": "1.5.10" + "follow-redirects": "^1.10.0" } }, "babel-jest": { @@ -1776,27 +1776,9 @@ } }, "follow-redirects": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", - "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", - "requires": { - "debug": "=3.1.0" - }, - "dependencies": { - "debug": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", - "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", - "requires": { - "ms": "2.0.0" - } - }, - "ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" - } - } + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz", + "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==" }, "for-in": { "version": "1.0.2", diff --git a/hooks/generic-webhook/package.json b/hooks/generic-webhook/package.json index 50f268ed..60ef3404 100644 --- a/hooks/generic-webhook/package.json +++ b/hooks/generic-webhook/package.json @@ -10,7 +10,7 @@ "author": "", "license": "ISC", "dependencies": { - "axios": "^0.19.2" + "axios": "^0.20.0" }, "devDependencies": { "jest": "^25.1.0" From f73810a7de5e2c6adc67ae520c02e84aa8677ea3 Mon Sep 17 00:00:00 2001 From: sebie Date: Fri, 11 Sep 2020 15:26:24 +0200 Subject: [PATCH 076/235] Fixed ncrack integration test --- tests/integration/scanner/ncrack.test.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/integration/scanner/ncrack.test.js b/tests/integration/scanner/ncrack.test.js index bfbf002d..fa2a1ca0 100644 --- a/tests/integration/scanner/ncrack.test.js +++ b/tests/integration/scanner/ncrack.test.js @@ -6,21 +6,21 @@ test( const { categories, severities, count } = await scan( "ncrack-dummy-ssh", "ncrack", - ["--user", "root,admin", "--pass", "password,123456,THEPASSWORDYOUCREATED", "ssh://dummy-ssh.demo-apps.svc"], + ["-v","--user=root,admin", "--pass=THEPASSWORDYOUCREATED,12345", "ssh://dummy-ssh.demo-apps.svc"], 90 ); expect(count).toBe(1); - expect(categories).toMatchInlineSnapshot(` - Object { + expect(categories).toEqual( + { "Discovered Credentials": 1, } - `); - expect(severities).toMatchInlineSnapshot(` - Object { + ); + expect(severities).toEqual( + { "high": 1, } - `); + ); }, 3 * 60 * 1000 ); \ No newline at end of file From bce3f12d159d96968214e06cc238e6691cb38fd6 Mon Sep 17 00:00:00 2001 From: sebie Date: Fri, 11 Sep 2020 15:40:48 +0200 Subject: [PATCH 077/235] Dummy-ssh example --- scanners/ncrack/examples/dummy-ssh/README.md | 12 ++++++++++++ scanners/ncrack/examples/dummy-ssh/scan.yaml | 11 +++++++++++ 2 files changed, 23 insertions(+) create mode 100644 scanners/ncrack/examples/dummy-ssh/README.md create mode 100644 scanners/ncrack/examples/dummy-ssh/scan.yaml diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md new file mode 100644 index 00000000..0bb806f3 --- /dev/null +++ b/scanners/ncrack/examples/dummy-ssh/README.md @@ -0,0 +1,12 @@ +In this example we execute an ncrack scan against the intentional vulnerable ssh service (dummy-ssh) + +## Install dummy-ssh + +Before executing the scan, make sure to have dummy-ssh installed: + +```bash +helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait +``` + + + diff --git a/scanners/ncrack/examples/dummy-ssh/scan.yaml b/scanners/ncrack/examples/dummy-ssh/scan.yaml new file mode 100644 index 00000000..662dde99 --- /dev/null +++ b/scanners/ncrack/examples/dummy-ssh/scan.yaml @@ -0,0 +1,11 @@ +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "dummy-ssh" +spec: + scanType: "ncrack" + parameters: + - -v + - --user=root,admin + - --pass=THEPASSWORDYOUCREATED,12345 + - ssh://dummy-ssh \ No newline at end of file From c6f048123fe2743faea3daf5abeed3d5ee796c0e Mon Sep 17 00:00:00 2001 From: sebie Date: Fri, 11 Sep 2020 15:41:06 +0200 Subject: [PATCH 078/235] Delete raspberry example --- scanners/ncrack/examples/raspberry/scan.yaml | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 scanners/ncrack/examples/raspberry/scan.yaml diff --git a/scanners/ncrack/examples/raspberry/scan.yaml b/scanners/ncrack/examples/raspberry/scan.yaml deleted file mode 100644 index e37f073f..00000000 --- a/scanners/ncrack/examples/raspberry/scan.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "execution.experimental.securecodebox.io/v1" -kind: Scan -metadata: - name: "raspberry" -spec: - scanType: "ncrack" - parameters: - - ssh://192.168.178.83 \ No newline at end of file From 5fe372aa4916aa59c1c3abda046528c11b597d05 Mon Sep 17 00:00:00 2001 From: SebieF Date: Fri, 11 Sep 2020 16:25:17 +0200 Subject: [PATCH 079/235] Test Commit User Name --- scanners/ncrack/examples/dummy-ssh/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md index 0bb806f3..eca25b2b 100644 --- a/scanners/ncrack/examples/dummy-ssh/README.md +++ b/scanners/ncrack/examples/dummy-ssh/README.md @@ -1,6 +1,6 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh service (dummy-ssh) -## Install dummy-ssh +### Install dummy-ssh Before executing the scan, make sure to have dummy-ssh installed: From f32e11b146f10d240eb57afae664c7d58856542e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 11 Sep 2020 21:58:15 +0000 Subject: [PATCH 080/235] fix: upgrade axios from 0.19.2 to 0.20.0 Snyk has created this PR to upgrade axios from 0.19.2 to 0.20.0. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/securecodebox/project/b03219dd-9bee-4ecf-927a-443799dfc6dc?utm_source=github&utm_medium=upgrade-pr --- parser-sdk/nodejs/package-lock.json | 28 +++++++++------------------- parser-sdk/nodejs/package.json | 2 +- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/parser-sdk/nodejs/package-lock.json b/parser-sdk/nodejs/package-lock.json index 993fb019..5bdc911f 100644 --- a/parser-sdk/nodejs/package-lock.json +++ b/parser-sdk/nodejs/package-lock.json @@ -803,11 +803,11 @@ "integrity": "sha512-wMHVg2EOHaMRxbzgFJ9gtjOOCrI80OHLG14rxi28XwOW8ux6IiEbRCGGGqCtdAIg4FQCbW20k9RsT4y3gJlFug==" }, "axios": { - "version": "0.19.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.19.2.tgz", - "integrity": "sha512-fjgm5MvRHLhx+osE2xoekY70AhARk3a6hkN+3Io1jc00jtquGvxYlKlsFUhmUET0V5te6CcZI7lcv2Ym61mjHA==", + "version": "0.20.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.20.0.tgz", + "integrity": "sha512-ANA4rr2BDcmmAQLOKft2fufrtuvlqR+cXNNinUmvfeSNCOF98PZL+7M/v1zIdGo7OLjEA9J2gXJL+j4zGsl0bA==", "requires": { - "follow-redirects": "1.5.10" + "follow-redirects": "^1.10.0" } }, "babel-jest": { @@ -1312,14 +1312,6 @@ } } }, - "debug": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz", - "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==", - "requires": { - "ms": "2.0.0" - } - }, "decamelize": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", @@ -1774,12 +1766,9 @@ } }, "follow-redirects": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz", - "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==", - "requires": { - "debug": "=3.1.0" - } + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.0.tgz", + "integrity": "sha512-aq6gF1BEKje4a9i9+5jimNFIpq4Q1WiwBToeRK5NvZBd/TRsmW8BsJfOEGkr76TbOyPVD3OVDN910EcUNtRYEA==" }, "for-in": { "version": "1.0.2", @@ -3769,7 +3758,8 @@ "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true }, "nan": { "version": "2.14.0", diff --git a/parser-sdk/nodejs/package.json b/parser-sdk/nodejs/package.json index 365741a0..2368aa60 100644 --- a/parser-sdk/nodejs/package.json +++ b/parser-sdk/nodejs/package.json @@ -11,7 +11,7 @@ "license": "Apache-2.0", "dependencies": { "@kubernetes/client-node": "^0.12.0", - "axios": "^0.19.0", + "axios": "^0.20.0", "uuid": "^3.3.3", "ws": "^7.3.1" }, From 3ceec9f22d89031dc0c3bc9b78e9423e345fd816 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Sat, 12 Sep 2020 17:15:16 +0200 Subject: [PATCH 081/235] Added correct licence informations to the npm package files. --- .../declarative-subsequent-scans/package.json | 32 ++++++++++++++-- hooks/generic-webhook/package.json | 34 +++++++++++++++-- .../imperative-subsequent-scans/package.json | 34 +++++++++++++++-- hooks/package.json | 34 +++++++++++++++-- hooks/persistence-elastic/package.json | 38 ++++++++++++++++--- hooks/update-field/package.json | 34 +++++++++++++++-- package.json | 31 +++++++++++---- scanners/package.json | 37 ++++++++++++++---- 8 files changed, 236 insertions(+), 38 deletions(-) diff --git a/hooks/declarative-subsequent-scans/package.json b/hooks/declarative-subsequent-scans/package.json index 8decdbfa..13cc4b48 100644 --- a/hooks/declarative-subsequent-scans/package.json +++ b/hooks/declarative-subsequent-scans/package.json @@ -1,14 +1,40 @@ { "name": "declarative-subsequent-scans", "version": "1.0.0", - "description": "", + "description": "secureCodeBox v2 Hook to cascade scan in an declarative manner.", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "hook.js", "scripts": { "build": "npx typescript hook.ts --sourceMap", "test": "jest ." }, - "keywords": [], - "author": "", + "keywords": [ + "secureCodeBox", + "security", + "hook" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, "license": "Apache-2.0", "dependencies": { "@kubernetes/client-node": "^0.12.0", diff --git a/hooks/generic-webhook/package.json b/hooks/generic-webhook/package.json index 60ef3404..21abaf9f 100644 --- a/hooks/generic-webhook/package.json +++ b/hooks/generic-webhook/package.json @@ -1,14 +1,40 @@ { "name": "scb-generic-webhook", "version": "1.0.0", - "description": "", + "description": "secureCodeBox v2 Generic WebHook.", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "hook.js", "scripts": { "test": "jest ." }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "hook" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "dependencies": { "axios": "^0.20.0" }, diff --git a/hooks/imperative-subsequent-scans/package.json b/hooks/imperative-subsequent-scans/package.json index ddcc03bb..ce2dd0c6 100644 --- a/hooks/imperative-subsequent-scans/package.json +++ b/hooks/imperative-subsequent-scans/package.json @@ -1,14 +1,40 @@ { "name": "imperative-subsequent-scans", "version": "1.0.0", - "description": "", + "description": "secureCodeBox v2 Hook to cascade scan in an imperative manner.", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "hook.js", "scripts": { "test": "jest ." }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "hook" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "dependencies": { "@kubernetes/client-node": "^0.12.0", "lodash.set": "^4.3.2" diff --git a/hooks/package.json b/hooks/package.json index cb681ce8..6a4a960a 100644 --- a/hooks/package.json +++ b/hooks/package.json @@ -1,7 +1,12 @@ { "name": "securecodebox-hooks", "version": "1.0.0", - "description": "", + "description": "NPM library to easily set up new hooks for the secureCodeBox v2", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "index.js", "directories": { "example": "example" @@ -9,9 +14,30 @@ "scripts": { "test": "jest" }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "hooks" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "devDependencies": { "jest": "^25.1.0" } diff --git a/hooks/persistence-elastic/package.json b/hooks/persistence-elastic/package.json index 68257875..1fe1e7be 100644 --- a/hooks/persistence-elastic/package.json +++ b/hooks/persistence-elastic/package.json @@ -1,14 +1,42 @@ { "name": "persistence-elastic", "version": "1.0.0", - "description": "", - "main": "index.js", + "description": "secureCodeBox v2 Hook to persist results to elasticsearch.", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, + "main": "hook.js", "scripts": { "test": "jest ." }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "hook", + "elasticsearch", + "persistence" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "dependencies": { "@elastic/elasticsearch": "^7.9.0", "lodash.chunk": "^4.2.0", diff --git a/hooks/update-field/package.json b/hooks/update-field/package.json index 73ced215..94e65c30 100644 --- a/hooks/update-field/package.json +++ b/hooks/update-field/package.json @@ -1,14 +1,40 @@ { "name": "scb-update-field", "version": "1.0.0", - "description": "", + "description": "secureCodeBox v2 Update Field Hook", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "hook.js", "scripts": { "test": "jest ." }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "scanner" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "dependencies": { "lodash.set": "^4.3.2" }, diff --git a/package.json b/package.json index afa424a5..e8abf5b9 100644 --- a/package.json +++ b/package.json @@ -2,22 +2,39 @@ "name": "securecodebox", "version": "1.0.0", "description": "", + "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2#readme", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + }, "main": "index.js", "scripts": { "test": "jest", "lint": "eslint **/*.js" }, - "repository": { - "type": "git", - "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" + "keywords": [ + "secureCodeBox", + "security" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" }, - "keywords": [], - "author": "", - "license": "ISC", + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], "bugs": { "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" }, - "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2#readme", + "license": "Apache-2.0", "devDependencies": { "eslint": "^6.8.0", "eslint-config-oclif": "^3.1.0", diff --git a/scanners/package.json b/scanners/package.json index e5d640a4..557c39d1 100644 --- a/scanners/package.json +++ b/scanners/package.json @@ -1,17 +1,40 @@ { "name": "securecodebox-scanner", "version": "1.0.0", - "description": "", - "main": "index.js", - "directories": { - "example": "example" + "description": "NPM library to easily set up new scanners for the secureCodeBox v2", + "homepage": "https://www.secureCodeBox.io", + "repository": { + "type": "git", + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" }, + "main": "index.js", "scripts": { "test": "jest" }, - "keywords": [], - "author": "", - "license": "ISC", + "keywords": [ + "secureCodeBox", + "security", + "scanner" + ], + "author": { + "name": "iteratec GmbH", + "email": "security@iteratec.com", + "url": "https://www.iteratec.com" + }, + "contributors": [ + { + "name" : "Jannik Hollenbach", + "url" : "https://github.com/J12934" + }, + { + "name" : "Robert Seedorff", + "url" : "https://github.com/rseedorff" + } + ], + "bugs": { + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" + }, + "license": "Apache-2.0", "devDependencies": { "jest": "^25.5.4" } From e36fda39df164ff40600764eb67cde2cf049d94e Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 14 Sep 2020 10:50:27 +0200 Subject: [PATCH 082/235] Include actual namespace in error message --- operator/controllers/execution/scans/scan_reconciler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index c30151c0..e8c7a65f 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -50,7 +50,7 @@ func (r *ScanReconciler) startScan(scan *executionv1.Scan) error { log.V(7).Info("Unable to fetch ScanType") scan.Status.State = "Errored" - scan.Status.ErrorDescription = fmt.Sprintf("Configured ScanType '%s' not found in Scans Namespace. You'll likely need to deploy the ScanType.", scan.Spec.ScanType) + scan.Status.ErrorDescription = fmt.Sprintf("Configured ScanType '%s' not found in '%s' namespace. You'll likely need to deploy the ScanType.", scan.Spec.ScanType, scan.Namespace) if err := r.Status().Update(ctx, scan); err != nil { r.Log.Error(err, "unable to update Scan status") return err From 5a174f4e264c35117e84256a99287b2068002e7d Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 14 Sep 2020 11:05:06 +0200 Subject: [PATCH 083/235] Update expected error message in integration tests --- .../generic/no-scan-definition-error.test.js | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/tests/integration/generic/no-scan-definition-error.test.js b/tests/integration/generic/no-scan-definition-error.test.js index 1bde65e6..8ff8e3d3 100644 --- a/tests/integration/generic/no-scan-definition-error.test.js +++ b/tests/integration/generic/no-scan-definition-error.test.js @@ -1,14 +1,13 @@ -const { scan } = require('../helpers') +const { scan } = require("../helpers"); test( - "scan without a matching ScanType should be marked as errored", - async () => { - await expect(scan( - "scan-type-not-found", - "this-type-does-not-exists", - [], - 30 - )).rejects.toThrow(`Scan failed with description "Configured ScanType 'this-type-does-not-exists' not found in Scans Namespace. You'll likely need to deploy the ScanType."`); - }, - 1 * 60 * 1000 - ); \ No newline at end of file + "scan without a matching ScanType should be marked as errored", + async () => { + await expect( + scan("scan-type-not-found", "this-type-does-not-exists", [], 30) + ).rejects.toThrow( + `Scan failed with description "Configured ScanType 'this-type-does-not-exists' not found in 'integration-tests' namespace. You'll likely need to deploy the ScanType."` + ); + }, + 1 * 60 * 1000 +); From 86fdf87c511ec3b8791336b051f49eb4eec8c93a Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 15 Sep 2020 11:40:35 +0200 Subject: [PATCH 084/235] Add note about having to clone down the repo --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 36edf449..2a899479 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,8 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Deployment (based on Helm) -There are shorthand scripts to un-/install everything in the `bin` directory. +> The install instrucions require you to have the repository cloned and to have your terminal located in the folder of repository. +> There are shorthand scripts to un-/install everything in the `bin` directory. Deploy the secureCodeBox operator first: From f37b8e9e533a4830ac149f3bfb1e48ab785ee6a9 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 15 Sep 2020 11:45:14 +0200 Subject: [PATCH 085/235] Update Slack invite link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2a899479..4de6ab54 100644 --- a/README.md +++ b/README.md @@ -199,5 +199,5 @@ Sponsored by [iteratec GmbH](https://www.iteratec.de/) - [secureCodeBox.io](http [scb-github]: https://github.com/secureCodeBox/ [scb-engine]: https://github.com/secureCodeBox/engine [scb-twitter]: https://twitter.com/secureCodeBox -[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTJiNzg3MmU2ZDY2NDFiMGI0Y2FkM2I5Mzc2ZmEzYTcyN2FlN2Y2NDFiZDE5NjAxMjg1M2IxNDViNzE3OTIxMGU +[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU [scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE From 209a31ffd1797a2385069cd26d2bac3073429906 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 15 Sep 2020 11:58:27 +0200 Subject: [PATCH 086/235] Update ZAP Weekly Docker images used --- scanners/zap/templates/zap-scan-type.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/zap/templates/zap-scan-type.yaml b/scanners/zap/templates/zap-scan-type.yaml index 3dae4acf..12d77aae 100644 --- a/scanners/zap/templates/zap-scan-type.yaml +++ b/scanners/zap/templates/zap-scan-type.yaml @@ -48,7 +48,7 @@ spec: restartPolicy: Never containers: - name: zap-api-scan - image: owasp/zap2docker-weekly:w2020-06-24 + image: owasp/zap2docker-weekly:w2020-09-08 command: - "zap-api-scan.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. @@ -82,7 +82,7 @@ spec: restartPolicy: Never containers: - name: zap-full-scan - image: owasp/zap2docker-weekly:w2020-06-24 + image: owasp/zap2docker-weekly:w2020-09-08 command: - "zap-full-scan.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. From 4dcc5c9c125a549e1a2ecdf12b00dd2c48f1e663 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 15 Sep 2020 11:58:37 +0200 Subject: [PATCH 087/235] Update to OWASP Juice Shop v12.0.2 --- demo-apps/juice-shop/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo-apps/juice-shop/Chart.yaml b/demo-apps/juice-shop/Chart.yaml index 2515627a..9dd7d12d 100644 --- a/demo-apps/juice-shop/Chart.yaml +++ b/demo-apps/juice-shop/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 version: 0.1.0 -appVersion: "v11.1.2" +appVersion: "v12.0.2" name: juice-shop description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application" type: application From f7db280334aeb77b62d363e5d5b2e5bbb7d9fae7 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 15 Sep 2020 12:52:21 +0200 Subject: [PATCH 088/235] Copyedit README.md Applying changes from: https://github.com/secureCodeBox/secureCodeBox/pull/126 Co-authored-by: Sam Reed --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4de6ab54..82a26b68 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@

**NOTE**: This Repository contains the stable beta preview of the next major secureCodeBox (SCB) Release v2. -You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). +You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox). _The major release of SCB version 2.0 will be available in the next weeks._ The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles. @@ -38,7 +38,7 @@ _The major release of SCB version 2.0 will be available in the next weeks._ The - [Local Scan Examples](#local-scan-examples) - [Public Scan Examples](#public-scan-examples) - [Then get the current State of the Scan by running:](#then-get-the-current-state-of-the-scan-by-running) - - [To delete a scan, use ```kubectl delete```, e.g. for localhost nmap scan:](#to-delete-a-scan-use-kubectl-delete-eg-for-localhost-nmap-scan) + - [To delete a scan, use `kubectl delete`, e.g. for localhost nmap scan:](#to-delete-a-scan-use-kubectl-delete-eg-for-localhost-nmap-scan) - [Access Services](#access-services) - [How does it work?](#how-does-it-work) - [Architecture](#architecture) @@ -59,11 +59,11 @@ For additional documentation aspects please have a look at our: The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application for security bugs and vulnerabilities. Usually, this check is done at a later stage of the project and has two major drawbacks: 1. Nowadays, a lot of projects do continuous delivery, which means the developers deploy new versions multiple times each day. The penetration tester is only able to check a single snapshot, but some further commits could introduce new security issues. To ensure ongoing application security, the penetration tester should also continuously test the application. Unfortunately, such an approach is rarely financially feasible. -2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruits) and therefore will not address the serious, non-obvious ones. +2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruit) and therefore will probably not address the serious, non-obvious ones. With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues. -The purpose of _secureCodeBox_ **is not** to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications. +The purpose of _secureCodeBox_ **is not** to replace the penetration testers or make them obsolete. We strongly recommend running extensive tests by experienced penetration testers on all your applications. **Important note**: The _secureCodeBox_ is no simple one-button-click-solution! You must have a deep understanding of security and how to configure the scanners. Furthermore, an understanding of the scan results and how to interpret them is also necessary. @@ -77,7 +77,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Deployment (based on Helm) -> The install instrucions require you to have the repository cloned and to have your terminal located in the folder of repository. +> The install instructions require you to have the repository cloned and to have your terminal located in the folder of repository. > There are shorthand scripts to un-/install everything in the `bin` directory. Deploy the secureCodeBox operator first: @@ -150,7 +150,8 @@ kubectl apply -f scanners/nmap/examples/scan.nmap.org/scan.yaml kubectl get scans ``` -#### To delete a scan, use ```kubectl delete```, e.g. for localhost nmap scan: +#### To delete a scan, use `kubectl delete`, e.g. for localhost nmap scan: + ``` kubectl delete -f scanners/nmap/examples/localhost/scan.yaml ``` From 3478df6a2e5f43f74d3e1077d82396290c96a6da Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 12:37:55 +0200 Subject: [PATCH 089/235] Automatically use Chart Version to pull the correct operator version --- operator/Chart.yaml | 9 ++------- operator/templates/manager/manager.yaml | 15 +++------------ operator/values.yaml | 12 +++++------- 3 files changed, 10 insertions(+), 26 deletions(-) diff --git a/operator/Chart.yaml b/operator/Chart.yaml index 7436aef8..6c7699b0 100644 --- a/operator/Chart.yaml +++ b/operator/Chart.yaml @@ -4,13 +4,8 @@ description: secureCodeBox Operator to automate the execution of security scans type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.2.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 1.18.0 +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: v2.0.0-alpha1 dependencies: - name: minio diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index 176566bf..f75d7541 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -20,11 +20,7 @@ spec: - /manager args: - --enable-leader-election - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager env: @@ -74,14 +70,9 @@ spec: secretKeyRef: name: {{ .Values.s3.keySecret }} key: secretkey - {{- end }} - {{- if .Values.lurcher.image.digest }} - - name: LURCHER_IMAGE - value: "{{ .Values.lurcher.image.registry }}/{{ .Values.lurcher.image.repository }}@{{ .Values.lurcher.image.digest }}" - {{- else }} + {{- end }} - name: LURCHER_IMAGE - value: "{{ .Values.lurcher.image.registry }}/{{ .Values.lurcher.image.repository }}:{{ .Values.lurcher.image.tag }}" - {{- end }} + value: "{{ .Values.lurcher.image.repository }}:{{ .Values.lurcher.image.tag | default .Chart.Version }}" - name: LURCHER_PULL_POLICY value: {{ .Values.lurcher.image.pullPolicy }} resources: diff --git a/operator/values.yaml b/operator/values.yaml index c2e7a44d..840a5314 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -6,18 +6,16 @@ telemetryEnabled: true image: - registry: docker.io - repository: scbexperimental/operator - tag: latest - digest: null + repository: docker.io/scbexperimental/operator + # image.tag -- defaults to the charts version + tag: null pullPolicy: Always lurcher: image: - registry: docker.io - repository: scbexperimental/lurcher + repository: docker.io/scbexperimental/lurcher + # lurcher.image.tag -- defaults to the charts version tag: null - digest: "sha256:0e9f18f85809fb8c042543657d340949db14e81fc727bf9fab4421befd317850" pullPolicy: IfNotPresent minio: From a281f12cfffd8f832cda5477a1c56e999faea1ec Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 12:42:17 +0200 Subject: [PATCH 090/235] Add note about auto-versioning to Chart yamls --- hooks/declarative-subsequent-scans/Chart.yaml | 3 +-- hooks/generic-webhook/Chart.yaml | 3 +-- hooks/imperative-subsequent-scans/Chart.yaml | 3 +-- hooks/persistence-elastic/Chart.yaml | 3 ++- hooks/update-field/Chart.yaml | 3 +-- scanners/amass/Chart.yaml | 1 + scanners/kube-hunter/Chart.yaml | 15 ++++++++------- scanners/nikto/Chart.yaml | 15 ++++++++------- scanners/nmap/Chart.yaml | 15 ++++++++------- scanners/ssh_scan/Chart.yaml | 16 ++++++++-------- scanners/sslyze/Chart.yaml | 15 ++++++++------- scanners/test-scan/Chart.yaml | 18 +++++++++--------- scanners/trivy/Chart.yaml | 1 + scanners/wpscan/Chart.yaml | 17 +++++++++-------- scanners/zap/Chart.yaml | 18 +++++++++--------- 15 files changed, 75 insertions(+), 71 deletions(-) diff --git a/hooks/declarative-subsequent-scans/Chart.yaml b/hooks/declarative-subsequent-scans/Chart.yaml index c04e7d9e..eb76bb21 100644 --- a/hooks/declarative-subsequent-scans/Chart.yaml +++ b/hooks/declarative-subsequent-scans/Chart.yaml @@ -4,8 +4,7 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: latest - dependencies: [] diff --git a/hooks/generic-webhook/Chart.yaml b/hooks/generic-webhook/Chart.yaml index 821f54f1..908c48e7 100644 --- a/hooks/generic-webhook/Chart.yaml +++ b/hooks/generic-webhook/Chart.yaml @@ -4,8 +4,7 @@ description: Lets you send http webhooks after scans are completed type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: latest - dependencies: [] diff --git a/hooks/imperative-subsequent-scans/Chart.yaml b/hooks/imperative-subsequent-scans/Chart.yaml index 554c41d9..06ffb6f7 100644 --- a/hooks/imperative-subsequent-scans/Chart.yaml +++ b/hooks/imperative-subsequent-scans/Chart.yaml @@ -4,8 +4,7 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: 0.1.0 - dependencies: [] diff --git a/hooks/persistence-elastic/Chart.yaml b/hooks/persistence-elastic/Chart.yaml index 855f4818..67b6f580 100644 --- a/hooks/persistence-elastic/Chart.yaml +++ b/hooks/persistence-elastic/Chart.yaml @@ -4,9 +4,10 @@ description: The elastic persistence provider persists secureCodeBox findings in type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: latest +appVersion: 7.6.1 dependencies: - name: elasticsearch diff --git a/hooks/update-field/Chart.yaml b/hooks/update-field/Chart.yaml index 462870b1..38ce338d 100644 --- a/hooks/update-field/Chart.yaml +++ b/hooks/update-field/Chart.yaml @@ -4,8 +4,7 @@ description: Lets you add or override a field to every finding type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: latest - dependencies: [] diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 1d60655e..8cdae3b0 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -3,6 +3,7 @@ name: amass description: A Helm chart for the Amass security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: 3.10.3 diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml index 78d55e6e..5926ebf1 100644 --- a/scanners/kube-hunter/Chart.yaml +++ b/scanners/kube-hunter/Chart.yaml @@ -3,18 +3,19 @@ name: kube-hunter description: A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: 0.1.0 keywords: -- security -- kube-hunter -- scanner -- secureCodeBox + - security + - kube-hunter + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/kube-hunter icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/nikto/Chart.yaml b/scanners/nikto/Chart.yaml index 89079341..0f903fe0 100644 --- a/scanners/nikto/Chart.yaml +++ b/scanners/nikto/Chart.yaml @@ -3,18 +3,19 @@ name: nikto description: A Helm chart for the Nikto security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: latest keywords: -- security -- nikto -- scanner -- secureCodeBox + - security + - nikto + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/nikto icon: https://www.securecodebox.io/scannerIcons/Nikto.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/nmap/Chart.yaml b/scanners/nmap/Chart.yaml index 92e0155c..88d78e2a 100644 --- a/scanners/nmap/Chart.yaml +++ b/scanners/nmap/Chart.yaml @@ -3,18 +3,19 @@ name: nmap description: A Helm chart for the NMAP security Scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: 7.80-r2 keywords: -- security -- nmap -- scanner -- secureCodeBox + - security + - nmap + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/nmap icon: https://www.securecodebox.io/scannerIcons/Nmap.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/ssh_scan/Chart.yaml b/scanners/ssh_scan/Chart.yaml index 3bda96c0..6b7f6f3a 100644 --- a/scanners/ssh_scan/Chart.yaml +++ b/scanners/ssh_scan/Chart.yaml @@ -3,19 +3,19 @@ name: ssh-scan description: A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: latest keywords: -- security -- ssh -- scanner -- secureCodeBox + - security + - ssh + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/ssh icon: https://www.securecodebox.io/scannerIcons/SSH.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com - + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml index 4e9cc892..70781939 100644 --- a/scanners/sslyze/Chart.yaml +++ b/scanners/sslyze/Chart.yaml @@ -3,18 +3,19 @@ name: sslyze description: A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: 3.0.6 keywords: -- security -- ssl -- scanner -- secureCodeBox + - security + - ssl + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/sslyze icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/test-scan/Chart.yaml b/scanners/test-scan/Chart.yaml index ef063cb1..ba195e6d 100644 --- a/scanners/test-scan/Chart.yaml +++ b/scanners/test-scan/Chart.yaml @@ -3,17 +3,17 @@ name: test-scan description: A Helm chart to test the secureCodeBox operator type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 -appVersion: 0.1.0 keywords: -- security -- scanner -- secureCodeBox -- integrationTest -- test + - security + - scanner + - secureCodeBox + - integrationTest + - test sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 83c5b8e4..c0a0d216 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -3,6 +3,7 @@ name: trivy description: A Helm chart for the trivy security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: latest diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index 7f780597..e264642e 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -3,19 +3,20 @@ name: wpscan description: A Helm chart for the WordPress security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: latest keywords: -- security -- wpscan -- wordpress -- scanner -- secureCodeBox + - security + - wpscan + - wordpress + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/wpscan icon: https://www.securecodebox.io/scannerIcons/WPScan.svg sources: -- https://github.com/secureCodeBox/scanner-infrastructure-wpscan + - https://github.com/secureCodeBox/scanner-infrastructure-wpscan maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index a7b43f75..391aed32 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -3,20 +3,20 @@ name: zap description: A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox. type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: 0.1.0 appVersion: latest keywords: -- security -- Zap -- OWASP -- scanner -- secureCodeBox + - security + - Zap + - OWASP + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/zap icon: https://www.securecodebox.io/scannerIcons/ZAP.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com - + - name: iteratec GmbH + email: security@iteratec.com From e551e8104d30e3c4153c239d43272926512c8ffb Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Fri, 18 Sep 2020 14:22:56 +0200 Subject: [PATCH 091/235] Remove unused restrictions --- scanners/ncrack/values.yaml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index 3f71e04a..86b8e29d 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -5,11 +5,4 @@ parserImage: scannerJob: resources: {} -# scannerJob: -# resources: -# requests: -# memory: "256Mi" -# cpu: "250m" -# limits: -# memory: "512Mi" -# cpu: "500m" + From 1a22ba2f93fe4b91136cc95a17dcebb988469ef1 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Fri, 18 Sep 2020 14:26:48 +0200 Subject: [PATCH 092/235] Introduce newline at the end of the file --- scanners/ncrack/.helmignore | 3 ++- scanners/ncrack/examples/dummy-ssh/scan.yaml | 3 ++- scanners/ncrack/parser/.dockerignore | 3 ++- scanners/ncrack/parser/.gitignore | 3 ++- scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml | 1 + .../__testFiles__/ncrack_two_services_with_results.xml | 3 ++- scanners/ncrack/parser/parser.test.js | 3 ++- scanners/ncrack/scanner/Dockerfile | 7 ++++--- tests/integration/scanner/ncrack.test.js | 3 ++- 9 files changed, 19 insertions(+), 10 deletions(-) diff --git a/scanners/ncrack/.helmignore b/scanners/ncrack/.helmignore index 2b6e53d7..bfc32a88 100644 --- a/scanners/ncrack/.helmignore +++ b/scanners/ncrack/.helmignore @@ -2,4 +2,5 @@ parser/ scanner/ -examples/ \ No newline at end of file +examples/ + diff --git a/scanners/ncrack/examples/dummy-ssh/scan.yaml b/scanners/ncrack/examples/dummy-ssh/scan.yaml index 662dde99..06deba3f 100644 --- a/scanners/ncrack/examples/dummy-ssh/scan.yaml +++ b/scanners/ncrack/examples/dummy-ssh/scan.yaml @@ -8,4 +8,5 @@ spec: - -v - --user=root,admin - --pass=THEPASSWORDYOUCREATED,12345 - - ssh://dummy-ssh \ No newline at end of file + - ssh://dummy-ssh + diff --git a/scanners/ncrack/parser/.dockerignore b/scanners/ncrack/parser/.dockerignore index 40b878db..d5700888 100644 --- a/scanners/ncrack/parser/.dockerignore +++ b/scanners/ncrack/parser/.dockerignore @@ -1 +1,2 @@ -node_modules/ \ No newline at end of file +node_modules/ + diff --git a/scanners/ncrack/parser/.gitignore b/scanners/ncrack/parser/.gitignore index 40b878db..d5700888 100644 --- a/scanners/ncrack/parser/.gitignore +++ b/scanners/ncrack/parser/.gitignore @@ -1 +1,2 @@ -node_modules/ \ No newline at end of file +node_modules/ + diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml index ad309335..3f6e7f75 100644 --- a/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml +++ b/scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml @@ -9,3 +9,4 @@ + diff --git a/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml index f57b19f0..444a918e 100644 --- a/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml +++ b/scanners/ncrack/parser/__testFiles__/ncrack_two_services_with_results.xml @@ -14,4 +14,5 @@ - \ No newline at end of file + + diff --git a/scanners/ncrack/parser/parser.test.js b/scanners/ncrack/parser/parser.test.js index 34ad0813..2de0f9e6 100644 --- a/scanners/ncrack/parser/parser.test.js +++ b/scanners/ncrack/parser/parser.test.js @@ -97,4 +97,5 @@ it('should return findings when ncrack found two credentials scanning two servic }, ] `); -}); \ No newline at end of file +}); + diff --git a/scanners/ncrack/scanner/Dockerfile b/scanners/ncrack/scanner/Dockerfile index 8d8c0379..ff58283d 100644 --- a/scanners/ncrack/scanner/Dockerfile +++ b/scanners/ncrack/scanner/Dockerfile @@ -1,7 +1,8 @@ FROM ubuntu:20.04 -RUN apt-get update \ +RUN apt-get update \ && apt-get install ncrack=0.7+debian-1build1 -y \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* + +CMD [ "ncrack" ] -CMD [ "ncrack" ] \ No newline at end of file diff --git a/tests/integration/scanner/ncrack.test.js b/tests/integration/scanner/ncrack.test.js index fa2a1ca0..1d186123 100644 --- a/tests/integration/scanner/ncrack.test.js +++ b/tests/integration/scanner/ncrack.test.js @@ -23,4 +23,5 @@ test( ); }, 3 * 60 * 1000 -); \ No newline at end of file +); + From 7d9426b2a1e0a7d21380f19353d68a5803fa4ba2 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:28:57 +0200 Subject: [PATCH 093/235] Use correct Helm chart version in hook images --- hooks/declarative-subsequent-scans/Chart.yaml | 2 +- .../declerative-subsequent-scans-hook.yaml | 14 +------------- hooks/declarative-subsequent-scans/values.yaml | 7 +++---- hooks/generic-webhook/Chart.yaml | 2 +- hooks/generic-webhook/templates/webhook-hook.yaml | 6 +----- hooks/generic-webhook/values.yaml | 7 +++---- hooks/imperative-subsequent-scans/Chart.yaml | 2 +- .../imperative-subsequent-scans-hook.yaml | 14 +------------- hooks/imperative-subsequent-scans/values.yaml | 7 +++---- hooks/persistence-elastic/Chart.yaml | 2 +- .../templates/persistence-provider.yaml | 7 +------ hooks/persistence-elastic/values.yaml | 7 +++---- hooks/update-field/Chart.yaml | 2 +- .../update-field/templates/update-field-hook.yaml | 6 +----- hooks/update-field/values.yaml | 7 +++---- 15 files changed, 25 insertions(+), 67 deletions(-) diff --git a/hooks/declarative-subsequent-scans/Chart.yaml b/hooks/declarative-subsequent-scans/Chart.yaml index eb76bb21..fdc20d99 100644 --- a/hooks/declarative-subsequent-scans/Chart.yaml +++ b/hooks/declarative-subsequent-scans/Chart.yaml @@ -5,6 +5,6 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest dependencies: [] diff --git a/hooks/declarative-subsequent-scans/templates/declerative-subsequent-scans-hook.yaml b/hooks/declarative-subsequent-scans/templates/declerative-subsequent-scans-hook.yaml index 321b8747..c4eaf627 100644 --- a/hooks/declarative-subsequent-scans/templates/declerative-subsequent-scans-hook.yaml +++ b/hooks/declarative-subsequent-scans/templates/declerative-subsequent-scans-hook.yaml @@ -4,17 +4,5 @@ metadata: name: {{ include "declarative-subsequent-scans.fullname" . }} spec: type: ReadOnly - {{- if .Values.image.registry }} - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - {{- else }} - {{- if .Values.image.digest }} - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" serviceAccountName: declarative-combined-scans \ No newline at end of file diff --git a/hooks/declarative-subsequent-scans/values.yaml b/hooks/declarative-subsequent-scans/values.yaml index 230c9bbe..df7baf1d 100644 --- a/hooks/declarative-subsequent-scans/values.yaml +++ b/hooks/declarative-subsequent-scans/values.yaml @@ -3,7 +3,6 @@ # Declare variables to be passed into your templates. image: - registry: docker.io - repository: scbexperimental/hook-declarative-subsequent-scans - tag: latest - digest: null + repository: docker.io/scbexperimental/hook-declarative-subsequent-scans + # image.tag - defaults to the charts version + tag: null diff --git a/hooks/generic-webhook/Chart.yaml b/hooks/generic-webhook/Chart.yaml index 908c48e7..3b494501 100644 --- a/hooks/generic-webhook/Chart.yaml +++ b/hooks/generic-webhook/Chart.yaml @@ -5,6 +5,6 @@ description: Lets you send http webhooks after scans are completed type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest dependencies: [] diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml index 863610a4..1c5d0afa 100644 --- a/hooks/generic-webhook/templates/webhook-hook.yaml +++ b/hooks/generic-webhook/templates/webhook-hook.yaml @@ -4,11 +4,7 @@ metadata: name: {{ include "generic-webhook.fullname" . }} spec: type: ReadOnly - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" env: - name: WEBHOOK_URL value: {{ .Values.webhookUrl | quote }} \ No newline at end of file diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml index 545b7851..1084e8f6 100644 --- a/hooks/generic-webhook/values.yaml +++ b/hooks/generic-webhook/values.yaml @@ -5,7 +5,6 @@ webhookUrl: "http://example.com" image: - registry: docker.io - repository: scbexperimental/generic-webhook - tag: latest - digest: null + repository: docker.io/scbexperimental/generic-webhook + # image.tag - defaults to the charts version + tag: null diff --git a/hooks/imperative-subsequent-scans/Chart.yaml b/hooks/imperative-subsequent-scans/Chart.yaml index 06ffb6f7..024265e8 100644 --- a/hooks/imperative-subsequent-scans/Chart.yaml +++ b/hooks/imperative-subsequent-scans/Chart.yaml @@ -5,6 +5,6 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest dependencies: [] diff --git a/hooks/imperative-subsequent-scans/templates/imperative-subsequent-scans-hook.yaml b/hooks/imperative-subsequent-scans/templates/imperative-subsequent-scans-hook.yaml index e397f629..872bd34f 100644 --- a/hooks/imperative-subsequent-scans/templates/imperative-subsequent-scans-hook.yaml +++ b/hooks/imperative-subsequent-scans/templates/imperative-subsequent-scans-hook.yaml @@ -4,19 +4,7 @@ metadata: name: {{ .Release.Name }} spec: type: ReadOnly - {{- if .Values.image.registry }} - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - {{- else }} - {{- if .Values.image.digest }} - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - {{- end }} + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" serviceAccountName: imperative-combined-scans env: - name: CASCADE_AMASS_NMAP diff --git a/hooks/imperative-subsequent-scans/values.yaml b/hooks/imperative-subsequent-scans/values.yaml index 23f83f7e..2372d5d2 100644 --- a/hooks/imperative-subsequent-scans/values.yaml +++ b/hooks/imperative-subsequent-scans/values.yaml @@ -17,7 +17,6 @@ cascade: nmapZapBaseline: false image: - registry: docker.io - repository: scbexperimental/hook-imperative-subsequent-scans - tag: latest - digest: null + repository: docker.io/scbexperimental/hook-imperative-subsequent-scans + # image.tag - defaults to the charts version + tag: null diff --git a/hooks/persistence-elastic/Chart.yaml b/hooks/persistence-elastic/Chart.yaml index 67b6f580..52216b01 100644 --- a/hooks/persistence-elastic/Chart.yaml +++ b/hooks/persistence-elastic/Chart.yaml @@ -5,7 +5,7 @@ description: The elastic persistence provider persists secureCodeBox findings in type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest appVersion: 7.6.1 diff --git a/hooks/persistence-elastic/templates/persistence-provider.yaml b/hooks/persistence-elastic/templates/persistence-provider.yaml index 330198d3..21f8f4b5 100644 --- a/hooks/persistence-elastic/templates/persistence-provider.yaml +++ b/hooks/persistence-elastic/templates/persistence-provider.yaml @@ -6,12 +6,7 @@ metadata: type: Structured spec: type: ReadOnly - image: "scbexperimental/persistence-elastic:latest" - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" env: - name: ELASTICSEARCH_INDEX_PREFIX value: {{ .Values.indexPrefix | quote }} diff --git a/hooks/persistence-elastic/values.yaml b/hooks/persistence-elastic/values.yaml index 697a617b..4f77b409 100644 --- a/hooks/persistence-elastic/values.yaml +++ b/hooks/persistence-elastic/values.yaml @@ -3,10 +3,9 @@ # Declare variables to be passed into your templates. image: - registry: docker.io - repository: scbexperimental/persistence-elastic - tag: latest - digest: null + repository: docker.io/scbexperimental/persistence-elastic + # image.tag - defaults to the charts version + tag: null # Define a specific index prefix indexPrefix: "scbv2" diff --git a/hooks/update-field/Chart.yaml b/hooks/update-field/Chart.yaml index 38ce338d..7d4fbc9f 100644 --- a/hooks/update-field/Chart.yaml +++ b/hooks/update-field/Chart.yaml @@ -5,6 +5,6 @@ description: Lets you add or override a field to every finding type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest dependencies: [] diff --git a/hooks/update-field/templates/update-field-hook.yaml b/hooks/update-field/templates/update-field-hook.yaml index 105b17b4..66e45b8d 100644 --- a/hooks/update-field/templates/update-field-hook.yaml +++ b/hooks/update-field/templates/update-field-hook.yaml @@ -4,11 +4,7 @@ metadata: name: {{ .Release.Name }} spec: type: ReadAndWrite - {{- if .Values.image.digest }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" - {{- else }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" env: - name: ATTRIBUTE_NAME value: {{ .Values.attribute.name | quote }} diff --git a/hooks/update-field/values.yaml b/hooks/update-field/values.yaml index 8ee928d1..4e09ffa5 100644 --- a/hooks/update-field/values.yaml +++ b/hooks/update-field/values.yaml @@ -7,7 +7,6 @@ attribute: value: my-own-category image: - registry: docker.io - repository: scbexperimental/update-field - tag: latest - digest: null + repository: docker.io/scbexperimental/update-field + # image.tag - defaults to the charts version + tag: null From ecf959b25af356dc3a0fd614cf2ec7628fca2bf3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:29:25 +0200 Subject: [PATCH 094/235] Use correct Helm chart version in scanner / parser images --- scanners/amass/Chart.yaml | 2 +- scanners/amass/templates/amass-parse-definition.yaml | 2 +- scanners/amass/values.yaml | 6 +++--- scanners/kube-hunter/Chart.yaml | 4 ++-- .../kube-hunter/templates/kube-hunter-parse-definition.yaml | 2 +- scanners/kube-hunter/values.yaml | 6 +++--- scanners/nikto/Chart.yaml | 3 ++- scanners/nikto/templates/nikto-parse-definition.yaml | 2 +- scanners/nikto/values.yaml | 6 +++--- scanners/nmap/Chart.yaml | 2 +- scanners/nmap/templates/nmap-parse-definition.yaml | 2 +- scanners/nmap/values.yaml | 6 +++--- scanners/ssh_scan/Chart.yaml | 4 ++-- scanners/ssh_scan/templates/ssh-scan-parse-definition.yaml | 2 +- scanners/ssh_scan/values.yaml | 6 +++--- scanners/sslyze/Chart.yaml | 4 ++-- scanners/sslyze/templates/sslyze-parse-definition.yaml | 6 +++--- scanners/sslyze/values.yaml | 6 +++--- scanners/test-scan/Chart.yaml | 2 +- .../test-scan/templates/test-scan-parse-definition.yaml | 2 +- scanners/test-scan/values.yaml | 6 +++--- scanners/trivy/Chart.yaml | 4 ++-- scanners/trivy/templates/trivy-parse-definition.yaml | 2 +- scanners/trivy/values.yaml | 6 +++--- scanners/wpscan/Chart.yaml | 2 +- scanners/wpscan/templates/wpscan-parse-definition.yaml | 2 +- scanners/wpscan/values.yaml | 6 +++--- scanners/zap/Chart.yaml | 4 ++-- scanners/zap/templates/zap-parse-definition.yaml | 2 +- scanners/zap/values.yaml | 6 +++--- 30 files changed, 58 insertions(+), 57 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 8cdae3b0..0bb5a0cd 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest appVersion: 3.10.3 keywords: diff --git a/scanners/amass/templates/amass-parse-definition.yaml b/scanners/amass/templates/amass-parse-definition.yaml index 5b23234b..88c0d0a7 100644 --- a/scanners/amass/templates/amass-parse-definition.yaml +++ b/scanners/amass/templates/amass-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "amass-jsonl" spec: handlesResultsType: amass-jsonl - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml index 52a79560..f41a8499 100644 --- a/scanners/amass/values.yaml +++ b/scanners/amass/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-amass - tag: latest + repository: docker.io/scbexperimental/parser-amass + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml index 5926ebf1..facdf8f6 100644 --- a/scanners/kube-hunter/Chart.yaml +++ b/scanners/kube-hunter/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for the kube-hunter security scanner that integrates w type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 -appVersion: 0.1.0 +version: latest +appVersion: v0.3.0 keywords: - security diff --git a/scanners/kube-hunter/templates/kube-hunter-parse-definition.yaml b/scanners/kube-hunter/templates/kube-hunter-parse-definition.yaml index 872c952c..67dd9bbe 100644 --- a/scanners/kube-hunter/templates/kube-hunter-parse-definition.yaml +++ b/scanners/kube-hunter/templates/kube-hunter-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "kube-hunter-json" spec: handlesResultsType: kube-hunter-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index b19fabbe..68cedd55 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-kube-hunter - tag: latest + repository: docker.io/scbexperimental/parser-kube-hunter + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/nikto/Chart.yaml b/scanners/nikto/Chart.yaml index 0f903fe0..80a2d6d5 100644 --- a/scanners/nikto/Chart.yaml +++ b/scanners/nikto/Chart.yaml @@ -4,7 +4,8 @@ description: A Helm chart for the Nikto security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest +# appVersion - Nikto doesn't really version its releases appVersion: latest keywords: diff --git a/scanners/nikto/templates/nikto-parse-definition.yaml b/scanners/nikto/templates/nikto-parse-definition.yaml index 1fbf993d..fcaa5d7c 100644 --- a/scanners/nikto/templates/nikto-parse-definition.yaml +++ b/scanners/nikto/templates/nikto-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "nikto-json" spec: handlesResultsType: nikto-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml index 55cfaa64..a7ecdec8 100644 --- a/scanners/nikto/values.yaml +++ b/scanners/nikto/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-nikto - tag: latest + repository: docker.io/scbexperimental/parser-nikto + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/nmap/Chart.yaml b/scanners/nmap/Chart.yaml index 88d78e2a..3269630f 100644 --- a/scanners/nmap/Chart.yaml +++ b/scanners/nmap/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the NMAP security Scanner that integrates with the type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest appVersion: 7.80-r2 keywords: diff --git a/scanners/nmap/templates/nmap-parse-definition.yaml b/scanners/nmap/templates/nmap-parse-definition.yaml index 405ac5e2..d11b3d3a 100644 --- a/scanners/nmap/templates/nmap-parse-definition.yaml +++ b/scanners/nmap/templates/nmap-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "nmap-xml" spec: handlesResultsType: nmap-xml - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml index 069241bb..0ebd1b90 100644 --- a/scanners/nmap/values.yaml +++ b/scanners/nmap/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-nmap - tag: latest + repository: docker.io/scbexperimental/parser-nmap + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/ssh_scan/Chart.yaml b/scanners/ssh_scan/Chart.yaml index 6b7f6f3a..71925b79 100644 --- a/scanners/ssh_scan/Chart.yaml +++ b/scanners/ssh_scan/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for the SSH_Scan security scanner that integrates with type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 -appVersion: latest +version: latest +appVersion: "0.0.43" keywords: - security diff --git a/scanners/ssh_scan/templates/ssh-scan-parse-definition.yaml b/scanners/ssh_scan/templates/ssh-scan-parse-definition.yaml index 33c3bac0..10fdd8d5 100644 --- a/scanners/ssh_scan/templates/ssh-scan-parse-definition.yaml +++ b/scanners/ssh_scan/templates/ssh-scan-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "ssh-scan-json" spec: handlesResultsType: ssh-scan-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/ssh_scan/values.yaml b/scanners/ssh_scan/values.yaml index 34f1a41b..b36eb3ba 100644 --- a/scanners/ssh_scan/values.yaml +++ b/scanners/ssh_scan/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-ssh-scan - tag: latest + repository: docker.io/scbexperimental/parser-ssh-scan + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml index 70781939..a7625208 100644 --- a/scanners/sslyze/Chart.yaml +++ b/scanners/sslyze/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for the SSLyze security scanner that integrates with t type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 -appVersion: 3.0.6 +version: latest +appVersion: v3.0.6 keywords: - security diff --git a/scanners/sslyze/templates/sslyze-parse-definition.yaml b/scanners/sslyze/templates/sslyze-parse-definition.yaml index d5eddc10..6272a413 100644 --- a/scanners/sslyze/templates/sslyze-parse-definition.yaml +++ b/scanners/sslyze/templates/sslyze-parse-definition.yaml @@ -1,7 +1,7 @@ -apiVersion: 'execution.experimental.securecodebox.io/v1' +apiVersion: "execution.experimental.securecodebox.io/v1" kind: ParseDefinition metadata: - name: 'sslyze-json' + name: "sslyze-json" spec: handlesResultsType: sslyze-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/sslyze/values.yaml b/scanners/sslyze/values.yaml index 0b8985f7..2a59b032 100644 --- a/scanners/sslyze/values.yaml +++ b/scanners/sslyze/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-sslyze - tag: latest + repository: docker.io/scbexperimental/parser-sslyze + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/test-scan/Chart.yaml b/scanners/test-scan/Chart.yaml index ba195e6d..f71ff9c2 100644 --- a/scanners/test-scan/Chart.yaml +++ b/scanners/test-scan/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart to test the secureCodeBox operator type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest keywords: - security diff --git a/scanners/test-scan/templates/test-scan-parse-definition.yaml b/scanners/test-scan/templates/test-scan-parse-definition.yaml index 3b4442c0..47822982 100644 --- a/scanners/test-scan/templates/test-scan-parse-definition.yaml +++ b/scanners/test-scan/templates/test-scan-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "test-txt" spec: handlesResultsType: test-txt - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/test-scan/values.yaml b/scanners/test-scan/values.yaml index f5ea0688..2bc4f998 100644 --- a/scanners/test-scan/values.yaml +++ b/scanners/test-scan/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-test-scan - tag: latest + repository: docker.io/scbexperimental/parser-test-scan + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index c0a0d216..d96f7d29 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for the trivy security scanner that integrates with th type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 -appVersion: latest +version: latest +appVersion: v0.6.0 keywords: - security diff --git a/scanners/trivy/templates/trivy-parse-definition.yaml b/scanners/trivy/templates/trivy-parse-definition.yaml index 4c1dcd38..bb0841ad 100644 --- a/scanners/trivy/templates/trivy-parse-definition.yaml +++ b/scanners/trivy/templates/trivy-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "trivy-json" spec: handlesResultsType: trivy-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/trivy/values.yaml b/scanners/trivy/values.yaml index 4aa12943..165ac509 100644 --- a/scanners/trivy/values.yaml +++ b/scanners/trivy/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-trivy - tag: latest + repository: docker.io/scbexperimental/parser-trivy + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index e264642e..60ae4400 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the WordPress security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 +version: latest appVersion: latest keywords: diff --git a/scanners/wpscan/templates/wpscan-parse-definition.yaml b/scanners/wpscan/templates/wpscan-parse-definition.yaml index c999b050..33aa6912 100644 --- a/scanners/wpscan/templates/wpscan-parse-definition.yaml +++ b/scanners/wpscan/templates/wpscan-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "wpscan-json" spec: handlesResultsType: wpscan-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 6f83e2b4..f6a735fc 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-wpscan - tag: latest + repository: docker.io/scbexperimental/parser-wpscan + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index 391aed32..599d6e95 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for the OWASP ZAP security scanner that integrates wit type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: 0.1.0 -appVersion: latest +version: latest +appVersion: v2.9.0 keywords: - security diff --git a/scanners/zap/templates/zap-parse-definition.yaml b/scanners/zap/templates/zap-parse-definition.yaml index a7d195e7..a65bf9e6 100644 --- a/scanners/zap/templates/zap-parse-definition.yaml +++ b/scanners/zap/templates/zap-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "zap-json" spec: handlesResultsType: zap-json - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/zap/values.yaml b/scanners/zap/values.yaml index 4a39ff4c..c67f415a 100644 --- a/scanners/zap/values.yaml +++ b/scanners/zap/values.yaml @@ -1,7 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-zap - tag: latest + repository: docker.io/scbexperimental/parser-zap + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} From 25eaf722f8fe9d5cd309fab9ae3e8c991848d53d Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:29:50 +0200 Subject: [PATCH 095/235] Set version in demo-apps to latest to match the other Helm charts --- demo-apps/bodgeit/Chart.yaml | 17 +++++++------- demo-apps/dummy-ssh/Chart.yaml | 13 +++++------ demo-apps/http-webhook/Chart.yaml | 2 +- demo-apps/juice-shop/Chart.yaml | 32 +++++++++++++-------------- demo-apps/old-wordpress/Chart.yaml | 14 ++++++------ demo-apps/swagger-petstore/Chart.yaml | 14 ++++++------ 6 files changed, 45 insertions(+), 47 deletions(-) diff --git a/demo-apps/bodgeit/Chart.yaml b/demo-apps/bodgeit/Chart.yaml index 2c8173c8..9b3030ad 100644 --- a/demo-apps/bodgeit/Chart.yaml +++ b/demo-apps/bodgeit/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 0.1.0 +version: latest type: application appVersion: "v1.4.0" name: bodgeit @@ -7,13 +7,12 @@ description: "The BodgeIt Store is a vulnerable web app which is aimed at people home: https://github.com/psiinon/bodgeit icon: https://scb-art.j12934.now.sh/bodgeit.png keywords: -- vulnerable -- webapp -- demo + - vulnerable + - webapp + - demo sources: -- https://github.com/secureCodeBox/helm -- https://github.com/psiinon/bodgeit + - https://github.com/secureCodeBox/helm + - https://github.com/psiinon/bodgeit maintainers: -- name: iteratec GmbH - email: security@iteratec.com - + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/dummy-ssh/Chart.yaml b/demo-apps/dummy-ssh/Chart.yaml index 31fc115c..1f9faae1 100644 --- a/demo-apps/dummy-ssh/Chart.yaml +++ b/demo-apps/dummy-ssh/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 0.1.0 +version: latest type: application appVersion: "v1.0.0" name: dummy-ssh @@ -7,11 +7,10 @@ description: "SSH Server for scan testing." home: https://wordpress.org icon: https://www.securecodebox.io/integrationIcons/SSH.svg keywords: -- vulnerable -- ssh + - vulnerable + - ssh sources: -- https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/dummy-ssh + - https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/dummy-ssh maintainers: -- name: iteratec GmbH - email: security@iteratec.com - + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/http-webhook/Chart.yaml b/demo-apps/http-webhook/Chart.yaml index dfd68ec9..70cca92e 100644 --- a/demo-apps/http-webhook/Chart.yaml +++ b/demo-apps/http-webhook/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: latest # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/demo-apps/juice-shop/Chart.yaml b/demo-apps/juice-shop/Chart.yaml index 9dd7d12d..35ed028a 100644 --- a/demo-apps/juice-shop/Chart.yaml +++ b/demo-apps/juice-shop/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 0.1.0 +version: latestt appVersion: "v12.0.2" name: juice-shop description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application" @@ -7,20 +7,20 @@ type: application home: https://owasp.org/www-project-juice-shop/ icon: https://raw.githubusercontent.com/bkimminich/juice-shop/bdbcc0ea4484a2dd6b8ca243daa34c882129cdd4/frontend/src/assets/public/images/JuiceShop_Logo_400px.png keywords: -- owasp -- javascript -- vulnerable -- hacking -- application-security -- owasp-top-10 -- owasp-top-ten -- pentesting -- vulnapp -- appsec -- ctf + - owasp + - javascript + - vulnerable + - hacking + - application-security + - owasp-top-10 + - owasp-top-ten + - pentesting + - vulnapp + - appsec + - ctf sources: -- https://github.com/secureCodeBox/helm -- https://github.com/bkimminich/juice-shop + - https://github.com/secureCodeBox/helm + - https://github.com/bkimminich/juice-shop maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/old-wordpress/Chart.yaml b/demo-apps/old-wordpress/Chart.yaml index d797deb9..f85ac87e 100644 --- a/demo-apps/old-wordpress/Chart.yaml +++ b/demo-apps/old-wordpress/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 0.1.0 +version: latesttt appVersion: "4.0" name: old-wordpress description: "Insecure & Outdated Wordpress Instance: Never expose it to the internet!" @@ -7,11 +7,11 @@ type: application home: https://wordpress.org icon: https://s.w.org/style/images/about/WordPress-logotype-alternative.png keywords: -- vulnerable -- wordpress + - vulnerable + - wordpress sources: -- https://github.com/secureCodeBox/helm -- https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/old-wordpress + - https://github.com/secureCodeBox/helm + - https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/old-wordpress maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/swagger-petstore/Chart.yaml b/demo-apps/swagger-petstore/Chart.yaml index d8fdc799..2e78d458 100644 --- a/demo-apps/swagger-petstore/Chart.yaml +++ b/demo-apps/swagger-petstore/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 0.1.0 +version: latestt appVersion: "1.0.3" name: swagger-petstore description: "This is the sample petstore application" @@ -7,11 +7,11 @@ type: application home: https://github.com/swagger-api/swagger-petstore icon: https://static1.smartbear.co/swagger/media/assets/images/swagger_logo.svg keywords: -- swagger -- openapi + - swagger + - openapi sources: -- https://github.com/secureCodeBox/helm -- https://github.com/swagger-api/swagger-petstore + - https://github.com/secureCodeBox/helm + - https://github.com/swagger-api/swagger-petstore maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com From d6c0e4f47fad599225522205a302488d205a5f8d Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:30:08 +0200 Subject: [PATCH 096/235] Remove uneccesary setting lurcher digest to null --- .github/workflows/ci.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3b06348d..9e20fae1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -336,9 +336,7 @@ jobs: # Install Operator using the images of the current commit helm -n securecodebox-system install securecodebox-operator ./operator/ --wait \ --set="image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="image.digest=null" \ --set="lurcher.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="lurcher.image.digest=null" - name: "Inspect Operator" run: | echo "Deployment in namespace 'securecodebox-system'" From c0d58221b6cdef1c73b74a9b1108a68967efcd81 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:34:59 +0200 Subject: [PATCH 097/235] Apply changes to recently added ncrack chart --- scanners/ncrack/Chart.yaml | 17 +++++++++-------- .../templates/ncrack-parse-definition.yaml | 2 +- scanners/ncrack/values.yaml | 7 +++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/scanners/ncrack/Chart.yaml b/scanners/ncrack/Chart.yaml index 683f24ea..61ccd633 100644 --- a/scanners/ncrack/Chart.yaml +++ b/scanners/ncrack/Chart.yaml @@ -3,18 +3,19 @@ name: ncrack description: A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. type: application -version: 0.1.0 +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest appVersion: 0.7 keywords: -- security -- ncrack -- scanner -- secureCodeBox + - security + - ncrack + - scanner + - secureCodeBox home: https://www.securecodebox.io/scanners/ncrack icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg sources: -- https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox maintainers: -- name: iteratec GmbH - email: security@iteratec.com + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/ncrack/templates/ncrack-parse-definition.yaml b/scanners/ncrack/templates/ncrack-parse-definition.yaml index c7b3f7df..048b1ca6 100644 --- a/scanners/ncrack/templates/ncrack-parse-definition.yaml +++ b/scanners/ncrack/templates/ncrack-parse-definition.yaml @@ -4,4 +4,4 @@ metadata: name: "ncrack-xml" spec: handlesResultsType: ncrack-xml - image: "{{ .Values.parserImage.registry }}/{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag }}" + image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}" diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index 86b8e29d..73659b0a 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -1,8 +1,7 @@ parserImage: - registry: docker.io - repository: scbexperimental/parser-ncrack - tag: latest + repository: docker.io/scbexperimental/parser-ncrack + # parserImage.tag - defaults to the charts version + tag: null scannerJob: resources: {} - From b663d5314abb7dc05af488e6ff3634b8f2dde7b8 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 18 Sep 2020 15:37:44 +0200 Subject: [PATCH 098/235] Remove weird char repeats --- demo-apps/juice-shop/Chart.yaml | 2 +- demo-apps/old-wordpress/Chart.yaml | 2 +- demo-apps/swagger-petstore/Chart.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/demo-apps/juice-shop/Chart.yaml b/demo-apps/juice-shop/Chart.yaml index 35ed028a..a18c5350 100644 --- a/demo-apps/juice-shop/Chart.yaml +++ b/demo-apps/juice-shop/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: latestt +version: latest appVersion: "v12.0.2" name: juice-shop description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application" diff --git a/demo-apps/old-wordpress/Chart.yaml b/demo-apps/old-wordpress/Chart.yaml index f85ac87e..f8bd97f5 100644 --- a/demo-apps/old-wordpress/Chart.yaml +++ b/demo-apps/old-wordpress/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: latesttt +version: latest appVersion: "4.0" name: old-wordpress description: "Insecure & Outdated Wordpress Instance: Never expose it to the internet!" diff --git a/demo-apps/swagger-petstore/Chart.yaml b/demo-apps/swagger-petstore/Chart.yaml index 2e78d458..7c25ccb8 100644 --- a/demo-apps/swagger-petstore/Chart.yaml +++ b/demo-apps/swagger-petstore/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: latestt +version: latest appVersion: "1.0.3" name: swagger-petstore description: "This is the sample petstore application" From 5f6e04a38512d839fc99192edebd90847268553b Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 21 Sep 2020 11:45:45 +0200 Subject: [PATCH 099/235] Build wpscan-parser Image in CI --- .github/workflows/ci.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cd500c63..d68c1713 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -211,6 +211,17 @@ jobs: tag_with_ref: true tag_with_sha: true build_args: baseImageTag=ci-local + - uses: docker/build-push-action@v1 + name: "Build & Push wpscan Parser Image" + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + repository: scbexperimental/wpscan-parser + path: ./scanners/wpscan/parser/ + tag_with_ref: true + tag_with_sha: true + build_args: baseImageTag=ci-local + hookImages: name: "Build / Hooks" runs-on: ubuntu-latest From 804cb65269332151fb90f38201e122e940f8f7b8 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 11:54:29 +0200 Subject: [PATCH 100/235] Override accidental test version --- operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/Chart.yaml b/operator/Chart.yaml index 6c7699b0..7b436ba3 100644 --- a/operator/Chart.yaml +++ b/operator/Chart.yaml @@ -5,7 +5,7 @@ description: secureCodeBox Operator to automate the execution of security scans type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: v2.0.0-alpha1 +version: latest dependencies: - name: minio From 8cc7b210bef4a453804c0ec55e334c4683300bfe Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 12:37:55 +0200 Subject: [PATCH 101/235] Add basic ZAP integration test --- .github/workflows/ci.yaml | 8 ++++++++ tests/integration/scanner/zap.test.js | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 tests/integration/scanner/zap.test.js diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cd500c63..ed189315 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -403,6 +403,9 @@ jobs: run: | # Install dummy-ssh app helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait + # Install plain nginx server + kubectl create deployment --image nginx:alpine nginx --namespace demo-apps + kubectl expose deployment nginx --port 80 --namespace demo-apps - name: "nmap Integration Tests" run: | helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" @@ -423,6 +426,11 @@ jobs: helm -n integration-tests install ssh-scan ./scanners/ssh_scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color ssh-scan + - name: "ssh-scan Integration Tests" + run: | + helm -n integration-tests install zap ./scanners/zap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + cd tests/integration/ + npx jest --ci --color zap - name: Inspect Post Failure if: failure() run: | diff --git a/tests/integration/scanner/zap.test.js b/tests/integration/scanner/zap.test.js new file mode 100644 index 00000000..9d4f601d --- /dev/null +++ b/tests/integration/scanner/zap.test.js @@ -0,0 +1,25 @@ +const { scan } = require("../helpers"); + +test( + "zap baseline scan against a plain nginx container should only find couple findings", + async () => { + const { categories, severities } = await scan( + "zap-nginx-baseline", + "zap-baseline", + ["-t", "http://nginx.demo-apps.svc"], + 60 * 4 + ); + + expect(categories).toMatchObject({ + "Content Security Policy (CSP) Header Not Set": 1, + 'Server Leaks Version Information via "Server" HTTP Response Header Field': 1, + "X-Content-Type-Options Header Missing": 1, + "X-Frame-Options Header Not Set": 1, + }); + expect(severities).toMatchObject({ + low: 3, + medium: 1, + }); + }, + 5 * 60 * 1000 +); From 022157723d0d43ade8a0558981da4bc476118341 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 12:52:11 +0200 Subject: [PATCH 102/235] Properly set name on zap scan step --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ed189315..05bbc340 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -426,7 +426,7 @@ jobs: helm -n integration-tests install ssh-scan ./scanners/ssh_scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color ssh-scan - - name: "ssh-scan Integration Tests" + - name: "zap Integration Tests" run: | helm -n integration-tests install zap ./scanners/zap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ From cd262080fcbb55dc24055e8c5db49093e179f95e Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 21 Sep 2020 13:31:40 +0200 Subject: [PATCH 103/235] Fix Image Name for wpscan-parser --- scanners/wpscan/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 6f83e2b4..c5450382 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -1,6 +1,6 @@ parserImage: registry: docker.io - repository: scbexperimental/parser-wpscan + repository: scbexperimental/wpscan-parser tag: latest scannerJob: From 5dbb7d7e20d7ab0f68a5dc8ad52537cb4c793b97 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 21 Sep 2020 13:35:14 +0200 Subject: [PATCH 104/235] Add Example wpscan for old-wordpress --- .../examples/old-wordpress/findings.yml | 101 +++++++++++++ .../wpscan/examples/old-wordpress/scan.yaml | 13 ++ .../old-wordpress/wpscan-results.json | 134 ++++++++++++++++++ 3 files changed, 248 insertions(+) create mode 100644 scanners/wpscan/examples/old-wordpress/findings.yml create mode 100644 scanners/wpscan/examples/old-wordpress/scan.yaml create mode 100644 scanners/wpscan/examples/old-wordpress/wpscan-results.json diff --git a/scanners/wpscan/examples/old-wordpress/findings.yml b/scanners/wpscan/examples/old-wordpress/findings.yml new file mode 100644 index 00000000..49e4510a --- /dev/null +++ b/scanners/wpscan/examples/old-wordpress/findings.yml @@ -0,0 +1,101 @@ +[ + { + "name": "WordPress Service", + "description": "WordPress Service Information", + "category": "WordPress Service", + "location": "http://old-wordpress.demo-apps.svc.cluster.local/", + "osi_layer": "APPLICATION", + "severity": "INFORMATIONAL", + "reference": {}, + "confidence": 100, + "attributes": { + "ip_address": "10.99.82.140", + "wpscan_version": "3.8.7", + "wpscan_requests": 4777, + "wp_version": "4.0.31", + "wp_release_date": "2020-06-10", + "wp_release_status": "latest", + "wp_interesting_entries": [ + "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'" + ], + "wp_found_by": "Meta Generator (Passive Detection)", + "wp_confirmed_by": { + "Atom Generator (Aggressive Detection)": { + "confidence": 80, + "interesting_entries": [ + "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, WordPress" + ] + } + }, + "wp_vulnerabilities": [] + }, + "id": "35e61c23-d525-4509-a024-d1aef37a1623" + }, + { + "name": "WordPress finding 'headers'", + "description": "Headers", + "category": "WordPress headers", + "location": "http://old-wordpress.demo-apps.svc.cluster.local/", + "osi_layer": "APPLICATION", + "severity": "INFORMATIONAL", + "confidence": 100, + "reference": {}, + "attributes": { + "wp_interesting_entries": [ + "Server: nginx/1.7.7", + "X-Powered-By: PHP/5.4.34-0+deb7u1" + ], + "wp_found_by": "Headers (Passive Detection)", + "wp_confirmed_by": {} + }, + "id": "ca074030-2e55-4a10-bf8f-039c1b8978d9" + }, + { + "name": "WordPress finding 'xmlrpc'", + "description": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", + "category": "WordPress xmlrpc", + "location": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", + "osi_layer": "APPLICATION", + "severity": "INFORMATIONAL", + "confidence": 100, + "reference": {}, + "attributes": { + "wp_interesting_entries": [], + "wp_found_by": "Direct Access (Aggressive Detection)", + "wp_confirmed_by": {} + }, + "id": "9b521d88-4018-4069-971d-7a020eebab51" + }, + { + "name": "WordPress finding 'readme'", + "description": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html", + "category": "WordPress readme", + "location": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html", + "osi_layer": "APPLICATION", + "severity": "INFORMATIONAL", + "confidence": 100, + "reference": {}, + "attributes": { + "wp_interesting_entries": [], + "wp_found_by": "Direct Access (Aggressive Detection)", + "wp_confirmed_by": {} + }, + "id": "7160e807-b6bb-4994-9477-22cac8e2f549" + }, + { + "name": "WordPress finding 'wp_cron'", + "description": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", + "category": "WordPress wp_cron", + "location": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", + "osi_layer": "APPLICATION", + "severity": "INFORMATIONAL", + "confidence": 60, + "reference": {}, + "attributes": { + "wp_interesting_entries": [], + "wp_found_by": "Direct Access (Aggressive Detection)", + "wp_confirmed_by": {} + }, + "id": "828bf907-da73-4076-994b-a46652b1f972" + } +] diff --git a/scanners/wpscan/examples/old-wordpress/scan.yaml b/scanners/wpscan/examples/old-wordpress/scan.yaml new file mode 100644 index 00000000..cb85fa15 --- /dev/null +++ b/scanners/wpscan/examples/old-wordpress/scan.yaml @@ -0,0 +1,13 @@ +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "wpscan-old-wordpress-internal" +spec: + scanType: "wpscan" + parameters: + - "--url" + - old-wordpress.demo-apps.svc.cluster.local + - "-e" + - "vp" + - "--plugins-detection" + - "mixed" diff --git a/scanners/wpscan/examples/old-wordpress/wpscan-results.json b/scanners/wpscan/examples/old-wordpress/wpscan-results.json new file mode 100644 index 00000000..c4ac50b6 --- /dev/null +++ b/scanners/wpscan/examples/old-wordpress/wpscan-results.json @@ -0,0 +1,134 @@ +{ + "banner": { + "description": "WordPress Security Scanner by the WPScan Team", + "version": "3.8.7", + "authors": [ + "@_WPScan_", + "@ethicalhack3r", + "@erwan_lr", + "@firefart" + ], + "sponsor": "Sponsored by Automattic - https://automattic.com/" + }, + "start_time": 1600682567, + "start_memory": 42774528, + "target_url": "http://old-wordpress.demo-apps.svc.cluster.local/", + "target_ip": "10.99.82.140", + "effective_url": "http://old-wordpress.demo-apps.svc.cluster.local/", + "interesting_findings": [ + { + "url": "http://old-wordpress.demo-apps.svc.cluster.local/", + "to_s": "Headers", + "type": "headers", + "found_by": "Headers (Passive Detection)", + "confidence": 100, + "confirmed_by": { + + }, + "references": { + + }, + "interesting_entries": [ + "Server: nginx/1.7.7", + "X-Powered-By: PHP/5.4.34-0+deb7u1" + ] + }, + { + "url": "http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", + "to_s": "XML-RPC seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/xmlrpc.php", + "type": "xmlrpc", + "found_by": "Direct Access (Aggressive Detection)", + "confidence": 100, + "confirmed_by": { + + }, + "references": { + "url": [ + "http://codex.wordpress.org/XML-RPC_Pingback_API" + ], + "metasploit": [ + "auxiliary/scanner/http/wordpress_ghost_scanner", + "auxiliary/dos/http/wordpress_xmlrpc_dos", + "auxiliary/scanner/http/wordpress_xmlrpc_login", + "auxiliary/scanner/http/wordpress_pingback_access" + ] + }, + "interesting_entries": [ + + ] + }, + { + "url": "http://old-wordpress.demo-apps.svc.cluster.local/readme.html", + "to_s": "WordPress readme found: http://old-wordpress.demo-apps.svc.cluster.local/readme.html", + "type": "readme", + "found_by": "Direct Access (Aggressive Detection)", + "confidence": 100, + "confirmed_by": { + + }, + "references": { + + }, + "interesting_entries": [ + + ] + }, + { + "url": "http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", + "to_s": "The external WP-Cron seems to be enabled: http://old-wordpress.demo-apps.svc.cluster.local/wp-cron.php", + "type": "wp_cron", + "found_by": "Direct Access (Aggressive Detection)", + "confidence": 60, + "confirmed_by": { + + }, + "references": { + "url": [ + "https://www.iplocation.net/defend-wordpress-from-ddos", + "https://github.com/wpscanteam/wpscan/issues/1299" + ] + }, + "interesting_entries": [ + + ] + } + ], + "version": { + "number": "4.0.31", + "release_date": "2020-06-10", + "status": "latest", + "found_by": "Meta Generator (Passive Detection)", + "confidence": 100, + "interesting_entries": [ + "http://old-wordpress.demo-apps.svc.cluster.local/, Match: 'WordPress 4.0.31'" + ], + "confirmed_by": { + "Atom Generator (Aggressive Detection)": { + "confidence": 80, + "interesting_entries": [ + "http://old-wordpress.demo-apps.svc.cluster.local/?feed=atom, WordPress" + ] + } + }, + "vulnerabilities": [ + + ] + }, + "main_theme": null, + "plugins": { + + }, + "vuln_api": { + "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up" + }, + "stop_time": 1600682792, + "elapsed": 225, + "requests_done": 4777, + "cached_requests": 4, + "data_sent": 1459447, + "data_sent_humanised": "1.392 MB", + "data_received": 18563423, + "data_received_humanised": "17.703 MB", + "used_memory": 299765760, + "used_memory_humanised": "285.879 MB" +} From fca85a58133bdb7f475a685d5be5dcf8acbb3492 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 21 Sep 2020 13:49:20 +0200 Subject: [PATCH 105/235] Change File Extension to match other YAML Files --- .../wpscan/examples/old-wordpress/{findings.yml => findings.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scanners/wpscan/examples/old-wordpress/{findings.yml => findings.yaml} (100%) diff --git a/scanners/wpscan/examples/old-wordpress/findings.yml b/scanners/wpscan/examples/old-wordpress/findings.yaml similarity index 100% rename from scanners/wpscan/examples/old-wordpress/findings.yml rename to scanners/wpscan/examples/old-wordpress/findings.yaml From 4282da5d60f03fd22a84197fd8cf42ffb2820022 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 14:06:09 +0200 Subject: [PATCH 106/235] Add example how to mount user & password lists into ncrack scans Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com> --- scanners/ncrack/examples/dummy-ssh/README.md | 23 ++++++++++++++++--- scanners/ncrack/examples/dummy-ssh/scan.yaml | 8 ++++--- .../ncrack/templates/ncrack-scan-type.yaml | 9 ++++++++ scanners/ncrack/values.yaml | 3 ++- 4 files changed, 36 insertions(+), 7 deletions(-) diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md index eca25b2b..5dfea1c0 100644 --- a/scanners/ncrack/examples/dummy-ssh/README.md +++ b/scanners/ncrack/examples/dummy-ssh/README.md @@ -2,11 +2,28 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh ### Install dummy-ssh -Before executing the scan, make sure to have dummy-ssh installed: +Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists: ```bash -helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait -``` +# Create user & password list files, you can edit them later if you want +echo "root\nadmin" > users.txt +echo "THEPASSWORDYOUCREATED\n123456\npassword" > passwords.txt +# Create a Kubernetes secret containing these files +kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists +# Install dummy-ssh app. We'll use ncrack to enumerate its ssh username and password +helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait +# Install the ncrack scanType and set mount the files from the ncrack-lists Kubernetes secret +cat < Date: Mon, 21 Sep 2020 14:19:17 +0200 Subject: [PATCH 107/235] Delete unnecessary ncrack/parser gitignore --- scanners/ncrack/parser/.gitignore | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 scanners/ncrack/parser/.gitignore diff --git a/scanners/ncrack/parser/.gitignore b/scanners/ncrack/parser/.gitignore deleted file mode 100644 index d5700888..00000000 --- a/scanners/ncrack/parser/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -node_modules/ - From 0e6c3b597c781f5b8edca55cbccf6d97f956dcac Mon Sep 17 00:00:00 2001 From: SebieF Date: Mon, 21 Sep 2020 14:21:19 +0200 Subject: [PATCH 108/235] Delete unnecessary nmap/parser gitignore --- scanners/nmap/parser/.gitignore | 1 - 1 file changed, 1 deletion(-) delete mode 100644 scanners/nmap/parser/.gitignore diff --git a/scanners/nmap/parser/.gitignore b/scanners/nmap/parser/.gitignore deleted file mode 100644 index 40b878db..00000000 --- a/scanners/nmap/parser/.gitignore +++ /dev/null @@ -1 +0,0 @@ -node_modules/ \ No newline at end of file From 2128e54aa81a3b877bd41a2b679ff91eda478d12 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 14:52:31 +0200 Subject: [PATCH 109/235] Better debugging of failed scans during ci --- tests/integration/helpers.js | 51 ++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 7beba406..aa5da5c1 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -5,6 +5,7 @@ kc.loadFromDefault(); const k8sCRDApi = kc.makeApiClient(k8s.CustomObjectsApi); const k8sBatchApi = kc.makeApiClient(k8s.BatchV1Api); +const k8sPodsApi = kc.makeApiClient(k8s.CoreV1Api); const namespace = "integration-tests"; @@ -33,28 +34,65 @@ async function getScan(name) { return scan; } +async function displayAllLogsForJob(jobName) { + console.log(`Listing logs for Job ${jobName}:`); + const { + body: { items: pods }, + } = await k8sPodsApi.listNamespacedPod( + "default", + true, + undefined, + undefined, + undefined, + `job-name=${jobName}` + ); + + for (const pod of pods) { + for (const container of pod.spec.containers) { + const response = await k8sPodsApi.readNamespacedPodLog( + pod.metadata.name, + "default", + container.name + ); + console.log(`Container ${container.name}:`); + console.log(response.body); + } + } +} + async function logJobs() { try { const { body: jobs } = await k8sBatchApi.listNamespacedJob(namespace); + console.log("Logging spec & status of jobs in namespace"); + for (const job of jobs.items) { console.log(`Job: '${job.metadata.name}' Spec:`); console.dir(job.spec); console.log(`Job: '${job.metadata.name}' Status:`); console.dir(job.status); + + await displayAllLogsForJob(job.metadata.name); } } catch (error) { console.info(`Failed to list Jobs'`); } } +async function disasterRecovery(scanName) { + const scan = await getScan(scanName); + console.error("Last Scan State:"); + console.dir(scan); + await logJobs(); +} + /** * * @param {string} name name of the scan. Actual name will be sufixed with a random number to avoid conflicts * @param {string} scanType type of the scan. Must match the name of a ScanType CRD * @param {string[]} parameters cli argument to be passed to the scanner * @param {number} timeout in seconds - * @returns {scan.findings} returns findings { categories, severities, count } + * @returns {scan.findings} returns findings { categories, severities, count } */ async function scan(name, scanType, parameters = [], timeout = 180) { const scanDefinition = { @@ -88,19 +126,16 @@ async function scan(name, scanType, parameters = [], timeout = 180) { await deleteScan(actualName); return status.findings; } else if (status && status.state === "Errored") { - await deleteScan(actualName); + console.error("Scan Errored"); + await disasterRecovery(actualName); + throw new Error( `Scan failed with description "${status.errorDescription}"` ); } } - console.error("Scan Timed out!"); - - const scan = await getScan(actualName); - console.log("Last Scan State:"); - console.dir(scan); - await logJobs(); + await disasterRecovery(actualName); throw new Error("timed out while waiting for scan results"); } From 5cf93146ac299595442de6faa72a67c927bca3e3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 14:57:57 +0200 Subject: [PATCH 110/235] Fix issue on ncrack installation when no volumes are mounted --- scanners/ncrack/templates/ncrack-scan-type.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml index e8c5587d..84a6dc9e 100644 --- a/scanners/ncrack/templates/ncrack-scan-type.yaml +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -20,11 +20,7 @@ spec: resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} volumeMounts: - {{- if .Values.scannerJob.extraVolumeMounts }} - {{- toYaml .Values.scannerJob.extraVolumeMounts | nindent 14 }} - {{- end }} + {{- toYaml .Values.scannerJob.extraVolumeMounts | nindent 16 }} volumes: - {{- if .Values.scannerJob.extraVolumes }} - {{- toYaml .Values.scannerJob.extraVolumes | nindent 10 }} - {{- end }} + {{- toYaml .Values.scannerJob.extraVolumes | nindent 12 }} From 30b1cacdf7bfd7c2616b16c2b4f45fdb40a34126 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 15:12:58 +0200 Subject: [PATCH 111/235] Try to reduce flaky tests --- tests/integration/helpers.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index aa5da5c1..06f52172 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -124,6 +124,9 @@ async function scan(name, scanType, parameters = [], timeout = 180) { if (status && status.state === "Done") { await deleteScan(actualName); + // Wait a couple seconds to give kubernetes more time to update the fields + await sleep(2000); + const { status } = await getScan(actualName); return status.findings; } else if (status && status.state === "Errored") { console.error("Scan Errored"); From ead9eb7f43ce1e7e7363138da5d1d8789f2e992f Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 15:26:30 +0200 Subject: [PATCH 112/235] =?UTF-8?q?Duration=20is=20in=20sec=20not=20ms=20?= =?UTF-8?q?=F0=9F=A4=A6=E2=80=8D=E2=99=82=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/integration/helpers.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 06f52172..918cab49 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -9,8 +9,7 @@ const k8sPodsApi = kc.makeApiClient(k8s.CoreV1Api); const namespace = "integration-tests"; -const sleep = (duration) => - new Promise((resolve) => setTimeout(resolve, duration * 1000)); +const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms * 1000)); async function deleteScan(name) { await k8sCRDApi.deleteNamespacedCustomObject( @@ -125,7 +124,7 @@ async function scan(name, scanType, parameters = [], timeout = 180) { if (status && status.state === "Done") { await deleteScan(actualName); // Wait a couple seconds to give kubernetes more time to update the fields - await sleep(2000); + await sleep(2); const { status } = await getScan(actualName); return status.findings; } else if (status && status.state === "Errored") { From 77d024466a9a13f5b0f1736761d96626a4e73dfe Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 15:40:30 +0200 Subject: [PATCH 113/235] Get scan before deleting it --- tests/integration/helpers.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 918cab49..682138da 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -122,10 +122,10 @@ async function scan(name, scanType, parameters = [], timeout = 180) { const { status } = await getScan(actualName); if (status && status.state === "Done") { - await deleteScan(actualName); // Wait a couple seconds to give kubernetes more time to update the fields await sleep(2); const { status } = await getScan(actualName); + await deleteScan(actualName); return status.findings; } else if (status && status.state === "Errored") { console.error("Scan Errored"); From 641a4fa31103dd3facc52e25eb1a8f97b64b0a51 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 16:20:20 +0200 Subject: [PATCH 114/235] More debugging --- tests/integration/helpers.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 682138da..8bdcf5d0 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -34,7 +34,7 @@ async function getScan(name) { } async function displayAllLogsForJob(jobName) { - console.log(`Listing logs for Job ${jobName}:`); + console.log(`Listing logs for Job '${jobName}':`); const { body: { items: pods }, } = await k8sPodsApi.listNamespacedPod( @@ -46,7 +46,15 @@ async function displayAllLogsForJob(jobName) { `job-name=${jobName}` ); + if (pods.length === 0) { + console.log(`No Pods found for Job '${jobName}'`); + } + for (const pod of pods) { + console.log( + `Listing logs for Job '${jobName}' > Pod '${pod.metadata.name}':` + ); + for (const container of pod.spec.containers) { const response = await k8sPodsApi.readNamespacedPodLog( pod.metadata.name, @@ -67,14 +75,14 @@ async function logJobs() { for (const job of jobs.items) { console.log(`Job: '${job.metadata.name}' Spec:`); - console.dir(job.spec); + console.log(JSON.stringify(job.spec, null, 2)); console.log(`Job: '${job.metadata.name}' Status:`); - console.dir(job.status); + console.log(JSON.stringify(job.status, null, 2)); await displayAllLogsForJob(job.metadata.name); } } catch (error) { - console.info(`Failed to list Jobs'`); + console.error(`Failed to list Jobs'`); } } From af3da2adaf824e45db591d694338173070b83ca5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 16:37:06 +0200 Subject: [PATCH 115/235] Fix namespace --- tests/integration/helpers.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 8bdcf5d0..cf8db805 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -38,7 +38,7 @@ async function displayAllLogsForJob(jobName) { const { body: { items: pods }, } = await k8sPodsApi.listNamespacedPod( - "default", + namespace, true, undefined, undefined, @@ -58,7 +58,7 @@ async function displayAllLogsForJob(jobName) { for (const container of pod.spec.containers) { const response = await k8sPodsApi.readNamespacedPodLog( pod.metadata.name, - "default", + namespace, container.name ); console.log(`Container ${container.name}:`); From f458f5f21c87dc5fa6cef1be784eb4749588a20d Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 17:39:08 +0200 Subject: [PATCH 116/235] Only apply `ttlSecondsAfterFinished` when set in values --- scanners/amass/templates/amass-scan-type.yaml | 4 +++- scanners/amass/values.yaml | 1 + .../kube-hunter/templates/kubehunter-scan-type.yaml | 4 +++- scanners/kube-hunter/values.yaml | 1 + scanners/ncrack/templates/ncrack-scan-type.yaml | 4 +++- scanners/ncrack/values.yaml | 2 +- scanners/nikto/templates/nikto-scan-type.yaml | 4 +++- scanners/nikto/values.yaml | 1 + scanners/nmap/templates/nmap-scan-type.yaml | 4 +++- scanners/nmap/values.yaml | 1 + scanners/ssh_scan/templates/ssh-scan-scan-type.yaml | 4 +++- scanners/ssh_scan/values.yaml | 1 + scanners/sslyze/templates/sslyze-scan-type.yaml | 4 +++- scanners/sslyze/values.yaml | 1 + .../test-scan/templates/test-scan-scan-type.yaml | 4 +++- scanners/test-scan/values.yaml | 1 + scanners/trivy/templates/trivy-scan-type.yaml | 4 +++- scanners/trivy/values.yaml | 1 + scanners/wpscan/templates/wpscan-scan-type.yaml | 4 +++- scanners/wpscan/values.yaml | 1 + scanners/zap/templates/zap-scan-type.yaml | 12 +++++++++--- 21 files changed, 49 insertions(+), 14 deletions(-) diff --git a/scanners/amass/templates/amass-scan-type.yaml b/scanners/amass/templates/amass-scan-type.yaml index 6387eb03..a52b7cb7 100644 --- a/scanners/amass/templates/amass-scan-type.yaml +++ b/scanners/amass/templates/amass-scan-type.yaml @@ -10,7 +10,9 @@ spec: location: "/home/securecodebox/amass-results.jsonl" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: OnFailure diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml index 52a79560..5d931ed4 100644 --- a/scanners/amass/values.yaml +++ b/scanners/amass/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml index 34ecc29f..dff32f2b 100644 --- a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml +++ b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: '/home/securecodebox/kube-hunter-results.json' jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: Never diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index b19fabbe..44f63a4f 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -4,4 +4,5 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml index a0233b72..df2899cc 100644 --- a/scanners/ncrack/templates/ncrack-scan-type.yaml +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: "/home/securecodebox/ncrack-results.xml" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} backoffLimit: 3 template: spec: diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index 86b8e29d..07c693ab 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -4,5 +4,5 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} - diff --git a/scanners/nikto/templates/nikto-scan-type.yaml b/scanners/nikto/templates/nikto-scan-type.yaml index f6d0066d..e59604bb 100644 --- a/scanners/nikto/templates/nikto-scan-type.yaml +++ b/scanners/nikto/templates/nikto-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: '/home/securecodebox/nikto-results.json' jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: Never diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml index 55cfaa64..3a006551 100644 --- a/scanners/nikto/values.yaml +++ b/scanners/nikto/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/nmap/templates/nmap-scan-type.yaml b/scanners/nmap/templates/nmap-scan-type.yaml index e273234b..9be99c02 100644 --- a/scanners/nmap/templates/nmap-scan-type.yaml +++ b/scanners/nmap/templates/nmap-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: "/home/securecodebox/nmap-results.xml" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} backoffLimit: 3 template: spec: diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml index 069241bb..19619b94 100644 --- a/scanners/nmap/values.yaml +++ b/scanners/nmap/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/ssh_scan/templates/ssh-scan-scan-type.yaml b/scanners/ssh_scan/templates/ssh-scan-scan-type.yaml index 787c16cd..f06cf0c6 100644 --- a/scanners/ssh_scan/templates/ssh-scan-scan-type.yaml +++ b/scanners/ssh_scan/templates/ssh-scan-scan-type.yaml @@ -9,7 +9,9 @@ spec: location: "/home/securecodebox/ssh-scan-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: OnFailure diff --git a/scanners/ssh_scan/values.yaml b/scanners/ssh_scan/values.yaml index 34f1a41b..dbcd18ab 100644 --- a/scanners/ssh_scan/values.yaml +++ b/scanners/ssh_scan/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/sslyze/templates/sslyze-scan-type.yaml b/scanners/sslyze/templates/sslyze-scan-type.yaml index a5d48cce..4536159c 100644 --- a/scanners/sslyze/templates/sslyze-scan-type.yaml +++ b/scanners/sslyze/templates/sslyze-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: '/home/securecodebox/sslyze-results.json' jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: OnFailure diff --git a/scanners/sslyze/values.yaml b/scanners/sslyze/values.yaml index 0b8985f7..72ad5f45 100644 --- a/scanners/sslyze/values.yaml +++ b/scanners/sslyze/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/test-scan/templates/test-scan-scan-type.yaml b/scanners/test-scan/templates/test-scan-scan-type.yaml index 9cc0b25d..72053da3 100644 --- a/scanners/test-scan/templates/test-scan-scan-type.yaml +++ b/scanners/test-scan/templates/test-scan-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: "/home/securecodebox/hello-world.txt" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} backoffLimit: 3 template: spec: diff --git a/scanners/test-scan/values.yaml b/scanners/test-scan/values.yaml index f5ea0688..735ddd89 100644 --- a/scanners/test-scan/values.yaml +++ b/scanners/test-scan/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/trivy/templates/trivy-scan-type.yaml b/scanners/trivy/templates/trivy-scan-type.yaml index 200318f1..854ec819 100644 --- a/scanners/trivy/templates/trivy-scan-type.yaml +++ b/scanners/trivy/templates/trivy-scan-type.yaml @@ -9,7 +9,9 @@ spec: location: "/home/securecodebox/trivy-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: OnFailure diff --git a/scanners/trivy/values.yaml b/scanners/trivy/values.yaml index 4aa12943..47e292d0 100644 --- a/scanners/trivy/values.yaml +++ b/scanners/trivy/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/wpscan/templates/wpscan-scan-type.yaml b/scanners/wpscan/templates/wpscan-scan-type.yaml index 9da6b8f0..530f9d03 100644 --- a/scanners/wpscan/templates/wpscan-scan-type.yaml +++ b/scanners/wpscan/templates/wpscan-scan-type.yaml @@ -9,7 +9,9 @@ spec: location: "/home/securecodebox/wpscan-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: OnFailure diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 6f83e2b4..abdadb7c 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -4,6 +4,7 @@ parserImage: tag: latest scannerJob: + ttlSecondsAfterFinished: null resources: {} # scannerJob: # resources: diff --git a/scanners/zap/templates/zap-scan-type.yaml b/scanners/zap/templates/zap-scan-type.yaml index 12d77aae..a108594d 100644 --- a/scanners/zap/templates/zap-scan-type.yaml +++ b/scanners/zap/templates/zap-scan-type.yaml @@ -8,7 +8,9 @@ spec: location: "/home/securecodebox/zap-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: Never @@ -42,7 +44,9 @@ spec: location: "/home/securecodebox/zap-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: Never @@ -76,7 +80,9 @@ spec: location: "/home/securecodebox/zap-results.json" jobTemplate: spec: - ttlSecondsAfterFinished: 10 + {{- if .Values.scannerJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.scannerJob.ttlSecondsAfterFinished }} + {{- end }} template: spec: restartPolicy: Never From 971eee5bf7e03e9c99d103c0849aeddca6cf77bb Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 18:07:55 +0200 Subject: [PATCH 117/235] Print out error --- tests/integration/helpers.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index cf8db805..2e604295 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -82,7 +82,8 @@ async function logJobs() { await displayAllLogsForJob(job.metadata.name); } } catch (error) { - console.error(`Failed to list Jobs'`); + console.error("Failed to list Jobs"); + console.error(error); } } From d4260d80a75444e0f1c588ddc38c547af2b7c8a3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 18:26:37 +0200 Subject: [PATCH 118/235] Echo out logging exception error --- tests/integration/helpers.js | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/integration/helpers.js b/tests/integration/helpers.js index 2e604295..7781a7cd 100644 --- a/tests/integration/helpers.js +++ b/tests/integration/helpers.js @@ -56,13 +56,19 @@ async function displayAllLogsForJob(jobName) { ); for (const container of pod.spec.containers) { - const response = await k8sPodsApi.readNamespacedPodLog( - pod.metadata.name, - namespace, - container.name - ); - console.log(`Container ${container.name}:`); - console.log(response.body); + try { + const response = await k8sPodsApi.readNamespacedPodLog( + pod.metadata.name, + namespace, + container.name + ); + console.log(`Container ${container.name}:`); + console.log(response.body); + } catch (exception) { + console.error( + `Failed to display logs of container ${container.name}: ${exception.body.message}` + ); + } } } } From 0b228ce5217601f46e7f1204661c2af92f83399e Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 21 Sep 2020 20:38:27 +0200 Subject: [PATCH 119/235] Also switch zap baseline image to wekly Required to run zap on non docker (e.g. containerd clusters) Also updated the used zap image --- scanners/zap/templates/zap-scan-type.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/zap/templates/zap-scan-type.yaml b/scanners/zap/templates/zap-scan-type.yaml index a108594d..b04a1210 100644 --- a/scanners/zap/templates/zap-scan-type.yaml +++ b/scanners/zap/templates/zap-scan-type.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never containers: - name: zap-baseline - image: owasp/zap2docker-stable:2.9.0 + image: owasp/zap2docker-weekly:w2020-09-15 command: - "zap-baseline.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. @@ -52,7 +52,7 @@ spec: restartPolicy: Never containers: - name: zap-api-scan - image: owasp/zap2docker-weekly:w2020-09-08 + image: owasp/zap2docker-weekly:w2020-09-15 command: - "zap-api-scan.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. @@ -88,7 +88,7 @@ spec: restartPolicy: Never containers: - name: zap-full-scan - image: owasp/zap2docker-weekly:w2020-09-08 + image: owasp/zap2docker-weekly:w2020-09-15 command: - "zap-full-scan.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. From defa7b1db0abec17775ce7c640117d2235c2a6b7 Mon Sep 17 00:00:00 2001 From: Daniel Patanin <44839597+dpatanin@users.noreply.github.com> Date: Tue, 22 Sep 2020 16:09:57 +0200 Subject: [PATCH 120/235] Update README.md --- scanners/amass/examples/example.com/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scanners/amass/examples/example.com/README.md b/scanners/amass/examples/example.com/README.md index 978d5f21..dfc0783e 100644 --- a/scanners/amass/examples/example.com/README.md +++ b/scanners/amass/examples/example.com/README.md @@ -2,8 +2,6 @@ title: "example.com" --- - - > ✍ **Page under construction.** -the frontmatter requires the name of the scantarget as 'title' \ No newline at end of file +the frontmatter requires the name of the scantarget as 'title' From a3f504b5bd0128da5bb1f0ab39fd4edd180c2f75 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 23 Sep 2020 08:10:32 +0200 Subject: [PATCH 121/235] Change Image Name for Wpscan To comply with the other Images for Parsers i changed the Name for the wpscan to parser-wpscan --- .github/workflows/ci.yaml | 2 +- scanners/wpscan/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d68c1713..d6a744c7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -216,7 +216,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/wpscan-parser + repository: scbexperimental/parser-wpscan path: ./scanners/wpscan/parser/ tag_with_ref: true tag_with_sha: true diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index c5450382..6f83e2b4 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -1,6 +1,6 @@ parserImage: registry: docker.io - repository: scbexperimental/wpscan-parser + repository: scbexperimental/parser-wpscan tag: latest scannerJob: From 697a5b5c9144a7761ec895447fef773fa889caae Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 23 Sep 2020 11:00:28 +0200 Subject: [PATCH 122/235] Add Hostname Attribute To be able to group wpscan findings I added the hostname attribute --- scanners/wpscan/parser/parser.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scanners/wpscan/parser/parser.js b/scanners/wpscan/parser/parser.js index d3bb1427..67c8869c 100644 --- a/scanners/wpscan/parser/parser.js +++ b/scanners/wpscan/parser/parser.js @@ -24,6 +24,7 @@ async function parse(scanResults) { reference: {}, confidence: wp.confidence, attributes: { + hostname: targetUrl, ip_address: targetIp, wpscan_version: wpscanVersion, wpscan_requests: wpscanRequestsDone, @@ -50,6 +51,7 @@ async function parse(scanResults) { confidence: interestingFinding.confidence, reference: {}, attributes: { + hostname: targetUrl, wp_interesting_entries: interestingFinding.interesting_entries, wp_found_by: interestingFinding.found_by, wp_confirmed_by: interestingFinding.confirmed_by From 77bb473ed227c85c35b0240295a2446ce380af55 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Wed, 23 Sep 2020 13:40:08 +0200 Subject: [PATCH 123/235] Add Example Dashboard for WordPress / wpscan --- .../dashboards/wordpress-overview.json | 218 ++++++++++++++++++ .../dashboardImporter/export-dashboards.sh | 3 +- 2 files changed, 220 insertions(+), 1 deletion(-) create mode 100644 hooks/persistence-elastic/dashboardImporter/dashboards/wordpress-overview.json diff --git a/hooks/persistence-elastic/dashboardImporter/dashboards/wordpress-overview.json b/hooks/persistence-elastic/dashboardImporter/dashboards/wordpress-overview.json new file mode 100644 index 00000000..b062bf00 --- /dev/null +++ b/hooks/persistence-elastic/dashboardImporter/dashboards/wordpress-overview.json @@ -0,0 +1,218 @@ +{ + "version": "7.6.1", + "objects": [ + { + "id": "12b72880-fc09-11ea-a91c-5358dd402fdc", + "type": "dashboard", + "updated_at": "2020-09-23T11:36:21.793Z", + "version": "WzU2LDFd", + "attributes": { + "title": "WordPress Overview (WPScan)", + "hits": 0, + "description": "", + "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"a884a6e4-f79d-473c-9cee-6852b7ccb262\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"a884a6e4-f79d-473c-9cee-6852b7ccb262\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"4179832b-c365-44d6-ad05-bc5143fd20e1\",\"w\":20,\"x\":8,\"y\":0},\"panelIndex\":\"4179832b-c365-44d6-ad05-bc5143fd20e1\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"ea2a79e4-43f7-45e4-8bd9-43eac8e207d5\",\"w\":20,\"x\":28,\"y\":0},\"panelIndex\":\"ea2a79e4-43f7-45e4-8bd9-43eac8e207d5\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"a6a33782-1ad5-4005-ad42-f97c5cea44ab\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"a6a33782-1ad5-4005-ad42-f97c5cea44ab\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"c9018376-6bdf-44a2-a9bc-f2044d1a0abe\",\"w\":48,\"x\":0,\"y\":32},\"panelIndex\":\"c9018376-6bdf-44a2-a9bc-f2044d1a0abe\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"}]", + "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + } + }, + "references": [ + { + "name": "panel_0", + "type": "visualization", + "id": "b70123d0-fc06-11ea-a91c-5358dd402fdc" + }, + { + "name": "panel_1", + "type": "visualization", + "id": "a55a03b0-fc04-11ea-a91c-5358dd402fdc" + }, + { + "name": "panel_2", + "type": "visualization", + "id": "1525d810-fd89-11ea-a23c-bdbeb8721271" + }, + { + "name": "panel_3", + "type": "visualization", + "id": "4005af70-fc02-11ea-a91c-5358dd402fdc" + }, + { + "name": "panel_4", + "type": "visualization", + "id": "574594f0-fd8f-11ea-a23c-bdbeb8721271" + } + ], + "migrationVersion": { + "dashboard": "7.3.0" + } + }, + { + "id": "b70123d0-fc06-11ea-a91c-5358dd402fdc", + "type": "visualization", + "updated_at": "2020-09-23T11:31:35.007Z", + "version": "WzUwLDFd", + "attributes": { + "title": "WPScan Findings Count", + "visState": "{\"title\":\"WPScan Findings Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Findings\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"scan_type.keyword\",\"negate\":false,\"params\":{\"query\":\"wpscan\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"scan_type.keyword\":\"wpscan\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + }, + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + } + ], + "migrationVersion": { + "visualization": "7.4.2" + } + }, + { + "id": "a55a03b0-fc04-11ea-a91c-5358dd402fdc", + "type": "visualization", + "updated_at": "2020-09-23T11:35:34.007Z", + "version": "WzU1LDFd", + "attributes": { + "title": "WPScan WordPress Version Overview", + "visState": "{\"title\":\"WPScan WordPress Version Overview\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Location\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Wordpress Version\",\"aggType\":\"terms\"}]},\"isDonut\":true,\"labels\":{\"last_level\":false,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"attributes.wp_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Wordpress Version\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"location.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Location\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + } + ], + "migrationVersion": { + "visualization": "7.4.2" + } + }, + { + "id": "1525d810-fd89-11ea-a23c-bdbeb8721271", + "type": "visualization", + "updated_at": "2020-09-23T11:33:44.733Z", + "version": "WzUzLDFd", + "attributes": { + "title": "WPScan Findings Category Overview", + "visState": "{\"title\":\"WPScan Findings Category Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"category.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Host\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"attributes.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"scan_type.keyword\",\"negate\":false,\"params\":{\"query\":\"wpscan\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"scan_type.keyword\":\"wpscan\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + }, + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + } + ], + "migrationVersion": { + "visualization": "7.4.2" + } + }, + { + "id": "4005af70-fc02-11ea-a91c-5358dd402fdc", + "type": "visualization", + "updated_at": "2020-09-23T11:32:09.774Z", + "version": "WzUxLDFd", + "attributes": { + "title": "WPScan Findings Table", + "visState": "{\"title\":\"WPScan Findings Table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"URL\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Description\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Confidence\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"location.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"confidence\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Confidence\"}}]}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"scan_type.keyword\",\"params\":{\"query\":\"wpscan\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"scan_type.keyword\":\"wpscan\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + }, + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + } + ], + "migrationVersion": { + "visualization": "7.4.2" + } + }, + { + "id": "574594f0-fd8f-11ea-a23c-bdbeb8721271", + "type": "visualization", + "updated_at": "2020-09-23T11:34:38.538Z", + "version": "WzU0LDFd", + "attributes": { + "title": "WPScan Findings over Time", + "visState": "{\"title\":\"WPScan Findings over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT5M\",\"intervalESValue\":5,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-09-23T07:25:21.102Z\",\"max\":\"2020-09-23T11:25:21.102Z\"}},\"label\":\"@timestamp per 5 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"http://localhost:5601\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"Hostname\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-4h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"12h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"attributes.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}", + "uiStateJSON": "{}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"scan_type.keyword\",\"negate\":false,\"params\":{\"query\":\"wpscan\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"scan_type.keyword\":\"wpscan\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + } + }, + "references": [ + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + }, + { + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern", + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664" + } + ], + "migrationVersion": { + "visualization": "7.4.2" + } + }, + { + "id": "60ee6af0-6e78-11ea-bdc0-35f8aa7c4664", + "type": "index-pattern", + "updated_at": "2020-09-23T10:35:14.568Z", + "version": "WzE5LDFd", + "attributes": { + "title": "scbv2_*", + "timeFieldName": "@timestamp", + "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"attributes.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.hostname\"}}},{\"name\":\"attributes.ip_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.ip_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.ip_address\"}}},{\"name\":\"attributes.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.method\"}}},{\"name\":\"attributes.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attributes.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.protocol\"}}},{\"name\":\"attributes.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.service\"}}},{\"name\":\"attributes.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.state\"}}},{\"name\":\"attributes.wp_confirmed_by.Atom Generator (Aggressive Detection).confidence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attributes.wp_confirmed_by.Atom Generator (Aggressive Detection).interesting_entries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wp_confirmed_by.Atom Generator (Aggressive Detection).interesting_entries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wp_confirmed_by.Atom Generator (Aggressive Detection).interesting_entries\"}}},{\"name\":\"attributes.wp_found_by\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wp_found_by.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wp_found_by\"}}},{\"name\":\"attributes.wp_interesting_entries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wp_interesting_entries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wp_interesting_entries\"}}},{\"name\":\"attributes.wp_release_date\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attributes.wp_release_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wp_release_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wp_release_status\"}}},{\"name\":\"attributes.wp_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wp_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wp_version\"}}},{\"name\":\"attributes.wpscan_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attributes.wpscan_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attributes.wpscan_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"attributes.wpscan_version\"}}},{\"name\":\"category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"category\"}}},{\"name\":\"confidence\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"description\"}}},{\"name\":\"id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"id\"}}},{\"name\":\"location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"location\"}}},{\"name\":\"name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"name\"}}},{\"name\":\"osi_layer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osi_layer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osi_layer\"}}},{\"name\":\"parameters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parameters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"parameters\"}}},{\"name\":\"scan_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan_id\"}}},{\"name\":\"scan_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan_name\"}}},{\"name\":\"scan_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan_type\"}}},{\"name\":\"severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"severity\"}}},{\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"type\"}}}]" + }, + "references": [], + "migrationVersion": { + "index-pattern": "7.6.0" + } + } + ] +} \ No newline at end of file diff --git a/hooks/persistence-elastic/dashboardImporter/export-dashboards.sh b/hooks/persistence-elastic/dashboardImporter/export-dashboards.sh index 95adb1c8..0c1bad93 100755 --- a/hooks/persistence-elastic/dashboardImporter/export-dashboards.sh +++ b/hooks/persistence-elastic/dashboardImporter/export-dashboards.sh @@ -8,4 +8,5 @@ exportDashboard() { curl ${kibanaURL}/api/kibana/dashboards/export?dashboard=${id} > ./dashboards/${filename} } -exportDashboard "daily-summary.json" "34c734b0-6e79-11ea-bdc0-35f8aa7c4664" \ No newline at end of file +exportDashboard "daily-summary.json" "34c734b0-6e79-11ea-bdc0-35f8aa7c4664" +exportDashboard "wordpress-overview.json" "12b72880-fc09-11ea-a91c-5358dd402fdc" From 3abb9d112f44541042b98f5c54c2497d227f6c52 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 24 Sep 2020 11:06:16 +0200 Subject: [PATCH 124/235] Add hostname to wpscan snapshots --- scanners/wpscan/parser/parser.test.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scanners/wpscan/parser/parser.test.js b/scanners/wpscan/parser/parser.test.js index 3490bd46..80dd1aaf 100644 --- a/scanners/wpscan/parser/parser.test.js +++ b/scanners/wpscan/parser/parser.test.js @@ -27,6 +27,7 @@ test("WPScan parser parses a successfull scan result with at least one informati Array [ Object { "attributes": Object { + "hostname": "https://www.example.com/", "ip_address": "192.168.200.100", "wp_confirmed_by": Object {}, "wp_found_by": "Rss Generator (Passive Detection)", @@ -52,6 +53,7 @@ test("WPScan parser parses a successfull scan result with at least one informati }, Object { "attributes": Object { + "hostname": "https://www.example.com/", "wp_confirmed_by": Object {}, "wp_found_by": "Headers (Passive Detection)", "wp_interesting_entries": Array [ @@ -69,6 +71,7 @@ test("WPScan parser parses a successfull scan result with at least one informati }, Object { "attributes": Object { + "hostname": "https://www.example.com/", "wp_confirmed_by": Object {}, "wp_found_by": "Robots Txt (Aggressive Detection)", "wp_interesting_entries": Array [ @@ -87,6 +90,7 @@ test("WPScan parser parses a successfull scan result with at least one informati }, Object { "attributes": Object { + "hostname": "https://www.example.com/", "wp_confirmed_by": Object {}, "wp_found_by": "Direct Access (Aggressive Detection)", "wp_interesting_entries": Array [], @@ -102,6 +106,7 @@ test("WPScan parser parses a successfull scan result with at least one informati }, Object { "attributes": Object { + "hostname": "https://www.example.com/", "wp_confirmed_by": Object {}, "wp_found_by": "Direct Access (Aggressive Detection)", "wp_interesting_entries": Array [], @@ -117,6 +122,7 @@ test("WPScan parser parses a successfull scan result with at least one informati }, Object { "attributes": Object { + "hostname": "https://www.example.com/", "wp_confirmed_by": Object {}, "wp_found_by": "Direct Access (Aggressive Detection)", "wp_interesting_entries": Array [], @@ -132,4 +138,4 @@ test("WPScan parser parses a successfull scan result with at least one informati }, ] `); -}); \ No newline at end of file +}); From 74c7ad00e0b1a78836ef58d258657b2ddbd99bc8 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 24 Sep 2020 13:01:16 +0200 Subject: [PATCH 125/235] =?UTF-8?q?Remove=20helm=20chart=20linting=20?= =?UTF-8?q?=F0=9F=98=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is conflicting with the non semver conform "latest" version in the chart yaml... This gets overriden on release anyway --- .github/workflows/helm-charts.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml index 7773d5f7..655fa538 100644 --- a/.github/workflows/helm-charts.yaml +++ b/.github/workflows/helm-charts.yaml @@ -26,7 +26,6 @@ jobs: dir="$(dirname "${chart}")" cd "${dir}" || exit echo "Processing Chart in $dir" - helm lint . helm package --version $RELEASE_VERSION . NAME=$(yq read - name < Chart.yaml) curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts" From 38535ed4c5cd521517014373b3e3a545844557b5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 24 Sep 2020 13:15:58 +0200 Subject: [PATCH 126/235] Decrease headline height to better match websites structure --- scanners/ncrack/examples/dummy-ssh/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md index 5dfea1c0..cfbb99d7 100644 --- a/scanners/ncrack/examples/dummy-ssh/README.md +++ b/scanners/ncrack/examples/dummy-ssh/README.md @@ -1,6 +1,6 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh service (dummy-ssh) -### Install dummy-ssh +#### Install dummy-ssh Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists: From e824f7d1ad0e383c06b55f61232fa4d6075b51de Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 24 Sep 2020 13:16:10 +0200 Subject: [PATCH 127/235] Fix trivy link wording --- scanners/trivy/README.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index fc76cb9a..3472551f 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -13,7 +13,7 @@ A software vulnerability is a glitch, flaw, or weakness present in the software `Trivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). `Trivy` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container. -To learn more about the Trivy scanner itself visit or [Trivy GitHub]. +To learn more about the Trivy scanner itself visit on [Trivy's GitHub Repository](https://github.com/aquasecurity/trivy). @@ -29,10 +29,7 @@ helm upgrade --install trivy ./scanners/trivy/ The following security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. -* Filter the vulnerabilities by severities `trivy image --severity HIGH,CRITICAL ruby:2.4.0` -* Filter the vulnerabilities by type (`os` or `library`) `trivy image --vuln-type os ruby:2.4.0` -* Skip update of vulnerability DB: `trivy image --skip-update python:3.4-alpine3.9` -* Ignore unfixed vulnerabilities:`trivy image --ignore-unfixed ruby:2.4.0` By default, Trivy also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the `--ignore-unfixed` option. - -[Trivy GitHub]: https://github.com/aquasecurity/trivy -[Trivy Documentation]: https://github.com/aquasecurity/trivy#examples +- Filter the vulnerabilities by severities `trivy image --severity HIGH,CRITICAL ruby:2.4.0` +- Filter the vulnerabilities by type (`os` or `library`) `trivy image --vuln-type os ruby:2.4.0` +- Skip update of vulnerability DB: `trivy image --skip-update python:3.4-alpine3.9` +- Ignore unfixed vulnerabilities:`trivy image --ignore-unfixed ruby:2.4.0` By default, Trivy also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the `--ignore-unfixed` option. From 25b548d47795dba2891f45c7d11381ab69275ac5 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 25 Sep 2020 10:27:12 +0200 Subject: [PATCH 128/235] Update @kubernetes/client-node to fix vulnerability --- hook-sdk/nodejs/package-lock.json | 725 +++++++--------- hook-sdk/nodejs/package.json | 2 +- .../package-lock.json | 707 +++++++--------- .../declarative-subsequent-scans/package.json | 14 +- .../package-lock.json | 710 +++++++--------- .../imperative-subsequent-scans/package.json | 14 +- parser-sdk/nodejs/package-lock.json | 732 ++++++++-------- parser-sdk/nodejs/package.json | 2 +- tests/integration/package-lock.json | 790 ++++++++---------- tests/integration/package.json | 2 +- 10 files changed, 1668 insertions(+), 2030 deletions(-) diff --git a/hook-sdk/nodejs/package-lock.json b/hook-sdk/nodejs/package-lock.json index 5d589805..6ba49aa3 100644 --- a/hook-sdk/nodejs/package-lock.json +++ b/hook-sdk/nodejs/package-lock.json @@ -550,13 +550,15 @@ } }, "@kubernetes/client-node": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.0.tgz", - "integrity": "sha512-u57q5IaZl91f7YZoZOsgCa31hHyowHxFG88XZXd8arI8heSxbdHWHineo/8mLZbeSbHkge9Awae1stQZzuTnjg==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.2.tgz", + "integrity": "sha512-J0UwyFl1Iv/IZ6WMP7LaizBEoKPnqwtc8tIO2q/X+EuDT7eGpPPAMHXSEOC/EI9JGIf0FaJEcDHhB/Dio/mKhw==", "requires": { "@types/js-yaml": "^3.12.1", "@types/node": "^10.12.0", "@types/request": "^2.47.1", + "@types/stream-buffers": "^3.0.3", + "@types/tar": "^4.0.3", "@types/underscore": "^1.8.9", "@types/ws": "^6.0.1", "byline": "^5.0.0", @@ -564,29 +566,27 @@ "isomorphic-ws": "^4.0.1", "js-yaml": "^3.13.1", "jsonpath-plus": "^0.19.0", - "openid-client": "2.5.0", + "openid-client": "^4.1.1", "request": "^2.88.0", "rfc4648": "^1.3.0", "shelljs": "^0.8.2", + "stream-buffers": "^3.0.2", + "tar": "^6.0.2", + "tmp-promise": "^3.0.2", "tslib": "^1.9.3", "underscore": "^1.9.1", - "ws": "^6.1.0" - }, - "dependencies": { - "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", - "requires": { - "async-limiter": "~1.0.0" - } - } + "ws": "^7.3.1" } }, + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==" + }, "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==" + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.2.tgz", + "integrity": "sha512-JiX9vxoKMmu8Y3Zr2RVathBL1Cdu4Nt4MuNWemt1Nc06A0RAin9c5FArkhGsyMBWfCu4zj+9b+GxtjAnE4qqLQ==" }, "@sinonjs/commons": { "version": "1.7.1", @@ -597,6 +597,14 @@ "type-detect": "4.0.8" } }, + "@szmarczak/http-timer": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", + "integrity": "sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==", + "requires": { + "defer-to-connect": "^2.0.0" + } + }, "@types/babel__core": { "version": "7.1.6", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.6.tgz", @@ -638,6 +646,17 @@ "@babel/types": "^7.3.0" } }, + "@types/cacheable-request": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", + "integrity": "sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==", + "requires": { + "@types/http-cache-semantics": "*", + "@types/keyv": "*", + "@types/node": "*", + "@types/responselike": "*" + } + }, "@types/caseless": { "version": "0.12.2", "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz", @@ -649,6 +668,11 @@ "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==", "dev": true }, + "@types/http-cache-semantics": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", + "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==" + }, "@types/istanbul-lib-coverage": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.1.tgz", @@ -675,14 +699,30 @@ } }, "@types/js-yaml": { - "version": "3.12.4", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", - "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==" + "version": "3.12.5", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz", + "integrity": "sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==" + }, + "@types/keyv": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.1.tgz", + "integrity": "sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==", + "requires": { + "@types/node": "*" + } + }, + "@types/minipass": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@types/minipass/-/minipass-2.2.0.tgz", + "integrity": "sha512-wuzZksN4w4kyfoOv/dlpov4NOunwutLA/q7uc00xU02ZyUY+aoM5PWIXEKBMnm0NHd4a+N71BMjq+x7+2Af1fg==", + "requires": { + "@types/node": "*" + } }, "@types/node": { - "version": "10.17.26", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz", - "integrity": "sha512-myMwkO2Cr82kirHY8uknNRHEVtn0wV3DTQfkrjx17jmkstDRZ24gNUdl8AHXVyVclTYI/bNjgTPTAWvWLqXqkw==" + "version": "10.17.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.35.tgz", + "integrity": "sha512-gXx7jAWpMddu0f7a+L+txMplp3FnHl53OhQIF9puXKq3hDGY/GjH+MF04oWnV/adPSCrbtHumDCFwzq2VhltWA==" }, "@types/prettier": { "version": "1.19.1", @@ -701,21 +741,46 @@ "form-data": "^2.5.0" } }, + "@types/responselike": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz", + "integrity": "sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==", + "requires": { + "@types/node": "*" + } + }, "@types/stack-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-1.0.1.tgz", "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==", "dev": true }, + "@types/stream-buffers": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/stream-buffers/-/stream-buffers-3.0.3.tgz", + "integrity": "sha512-NeFeX7YfFZDYsCfbuaOmFQ0OjSmHreKBpp7MQ4alWQBHeh2USLsj7qyMyn9t82kjqIX516CR/5SRHnARduRtbQ==", + "requires": { + "@types/node": "*" + } + }, + "@types/tar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/tar/-/tar-4.0.3.tgz", + "integrity": "sha512-Z7AVMMlkI8NTWF0qGhC4QIX0zkV/+y0J8x7b/RsHrN0310+YNjoJd8UrApCiGBCWtKjxS9QhNqLi2UJNToh5hA==", + "requires": { + "@types/minipass": "*", + "@types/node": "*" + } + }, "@types/tough-cookie": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.0.tgz", "integrity": "sha512-I99sngh224D0M7XgW1s120zxCt3VYQ3IQsuw3P3jbq5GG4yc79+ZjyKznyOGIQrflfylLgcfekeZW/vk0yng6A==" }, "@types/underscore": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.1.tgz", - "integrity": "sha512-RRQWytGzPUhybKdf7jhfcySkdEHMDsVZ0gU3XVIxeqms1UKu3+ICaTXNaNGAkcUbIJ8SUKpmUIS1z9mDVc7seg==" + "version": "1.10.23", + "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.23.tgz", + "integrity": "sha512-vX1NPekXhrLquFWskH2thcvFAha187F/lM6xYOoEMZWwJ/6alSk0/ttmGP/YRqcqtCv0TMbZjYAdZyHAEcuU4g==" }, "@types/ws": { "version": "6.0.4", @@ -777,12 +842,12 @@ "dev": true }, "aggregate-error": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-1.0.0.tgz", - "integrity": "sha1-iINE2tAiCnLjr1CQYRf0h3GSX6w=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", "requires": { - "clean-stack": "^1.0.0", - "indent-string": "^3.0.0" + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" } }, "ajv": { @@ -894,11 +959,6 @@ "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==", "dev": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -1036,11 +1096,6 @@ } } }, - "base64-js": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", - "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" - }, "base64url": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", @@ -1095,14 +1150,6 @@ } } }, - "browserify-zlib": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", - "requires": { - "pako": "~1.0.5" - } - }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1112,15 +1159,6 @@ "node-int64": "^0.4.0" } }, - "buffer": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", - "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", - "requires": { - "base64-js": "^1.0.2", - "ieee754": "^1.1.4" - } - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -1149,29 +1187,32 @@ "unset-value": "^1.0.0" } }, + "cacheable-lookup": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.3.tgz", + "integrity": "sha512-W+JBqF9SWe18A72XFzN/V/CULFzPm7sBXzzR6ekkE+3tLG72wFZrBiBZhrZuDoYexop4PHJVdFAKb/Nj9+tm9w==" + }, "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.1.tgz", + "integrity": "sha512-lt0mJ6YAnsrBErpTMWeu5kl/tg9xMAWjavYTN6VQXM1A/teBITuNcccXsCxF0tDQQJf9DfAaX5O4e0zp0KlfZw==", + "requires": { + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", + "http-cache-semantics": "^4.0.0", + "keyv": "^4.0.0", + "lowercase-keys": "^2.0.0", + "normalize-url": "^4.1.0", + "responselike": "^2.0.0" }, "dependencies": { "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=" + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "requires": { + "pump": "^3.0.0" + } } } }, @@ -1211,6 +1252,11 @@ "supports-color": "^7.1.0" } }, + "chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==" + }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -1241,9 +1287,9 @@ } }, "clean-stack": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-1.3.0.tgz", - "integrity": "sha1-noIVAa6XmYbEax1m0tQy2y/UrjE=" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==" }, "cliui": { "version": "6.0.0", @@ -1411,14 +1457,22 @@ "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", + "dev": true }, "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "requires": { - "mimic-response": "^1.0.0" + "mimic-response": "^3.1.0" + }, + "dependencies": { + "mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==" + } } }, "deep-is": { @@ -1433,6 +1487,11 @@ "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", "dev": true }, + "defer-to-connect": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.0.tgz", + "integrity": "sha512-bYL2d05vOSf1JEZNx5vSAtPuBMkX8K9EUutg7zlKvTqKXHt7RhWJFbmd7qakVuf13i+IkGmp6FwSsONOf6VYIg==" + }, "define-property": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", @@ -1500,11 +1559,6 @@ "webidl-conversions": "^4.0.2" } }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=" - }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", @@ -1528,11 +1582,6 @@ "once": "^1.4.0" } }, - "es6-promise": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" - }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1828,13 +1877,12 @@ "map-cache": "^0.2.2" } }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", + "fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" + "minipass": "^3.0.0" } }, "fs.realpath": { @@ -1903,34 +1951,21 @@ "dev": true }, "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - } + "version": "11.7.0", + "resolved": "https://registry.npmjs.org/got/-/got-11.7.0.tgz", + "integrity": "sha512-7en2XwH2MEqOsrK0xaKhbWibBoZqy+f1RSUoIeF1BLcnf+pyQdDsljWMfmOh+QKJwuvDIiKx38GtPh5wFdGGjg==", + "requires": { + "@sindresorhus/is": "^3.1.1", + "@szmarczak/http-timer": "^4.0.5", + "@types/cacheable-request": "^6.0.1", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.1", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", + "lowercase-keys": "^2.0.0", + "p-cancelable": "^2.0.0", + "responselike": "^2.0.0" } }, "graceful-fs": { @@ -1966,19 +2001,6 @@ "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==" - }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "requires": { - "has-symbol-support-x": "^1.4.1" - } - }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2047,9 +2069,9 @@ "dev": true }, "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==" + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz", + "integrity": "sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==" }, "http-signature": { "version": "1.2.0", @@ -2061,6 +2083,15 @@ "sshpk": "^1.7.0" } }, + "http2-wrapper": { + "version": "1.0.0-beta.5.2", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.0-beta.5.2.tgz", + "integrity": "sha512-xYz9goEyBnC8XwXDTuC/MZ6t+MrKVQZOk4s7+PaDkwIsQd8IwqvM+0M6bA/2lvG8GHXcPdf+MejTUeO2LCPCeQ==", + "requires": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + } + }, "human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", @@ -2076,11 +2107,6 @@ "safer-buffer": ">= 2.1.2 < 3" } }, - "ieee754": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", - "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" - }, "import-local": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.0.2.tgz", @@ -2098,9 +2124,9 @@ "dev": true }, "indent-string": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz", - "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==" }, "inflight": { "version": "1.0.6", @@ -2121,15 +2147,6 @@ "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==" }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, "ip-regex": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz", @@ -2234,16 +2251,6 @@ "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true }, - "is-object": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.1.tgz", - "integrity": "sha1-iVJojF7C/9awPsyF52ngKQMINHA=" - }, - "is-plain-obj": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", - "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4=" - }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2253,11 +2260,6 @@ "isobject": "^3.0.1" } }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==" - }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", @@ -2284,7 +2286,8 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true }, "isexe": { "version": "2.0.0", @@ -2385,15 +2388,6 @@ "istanbul-lib-report": "^3.0.0" } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", - "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" - } - }, "jest": { "version": "25.2.4", "resolved": "https://registry.npmjs.org/jest/-/jest-25.2.4.tgz", @@ -2918,6 +2912,14 @@ "supports-color": "^7.0.0" } }, + "jose": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.2.tgz", + "integrity": "sha512-yD93lsiMA1go/qxSY/vXWBodmIZJIxeB7QhFi8z1yQ3KUwKENqI9UA8VCHlQ5h3x1zWuWZjoY87ByQzkQbIrQg==", + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -2992,9 +2994,9 @@ "dev": true }, "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" }, "json-schema": { "version": "0.2.3", @@ -3037,11 +3039,11 @@ } }, "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.0.3.tgz", + "integrity": "sha512-zdGa2TOpSZPq5mU6iowDARnMBZgtCqJ11dJROFi6tg6kTn4nuUdU09lFyLFSaHrWqpIJ+EBq4E8/Dc0Vx5vLdA==", "requires": { - "json-buffer": "3.0.0" + "json-buffer": "3.0.1" } }, "kind-of": { @@ -3084,7 +3086,8 @@ "lodash": { "version": "4.17.19", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==", + "dev": true }, "lodash.sortby": { "version": "4.7.0", @@ -3101,22 +3104,17 @@ "@sinonjs/commons": "^1.7.0" } }, - "long": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" - }, "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==" }, "lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "requires": { - "yallist": "^3.0.2" + "yallist": "^4.0.0" } }, "make-dir": { @@ -3136,6 +3134,11 @@ } } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "makeerror": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", @@ -3214,6 +3217,23 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "dev": true }, + "minipass": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", + "integrity": "sha512-Mgd2GdMVzY+x3IJ+oHnVM+KG3lA5c8tnabyJKmHSaG2kAGpudxuOf8ToDkhumF7UzME7DecbQE9uOZhNm7PuJg==", + "requires": { + "yallist": "^4.0.0" + } + }, + "minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "requires": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" + } + }, "mixin-deep": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", @@ -3235,6 +3255,11 @@ } } }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + }, "ms": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", @@ -3271,34 +3296,12 @@ "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" }, - "node-forge": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", - "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==" - }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-jose": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", - "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", - "requires": { - "base64url": "^3.0.1", - "browserify-zlib": "^0.2.0", - "buffer": "^5.5.0", - "es6-promise": "^4.2.8", - "lodash": "^4.17.15", - "long": "^4.0.0", - "node-forge": "^0.8.5", - "process": "^0.11.10", - "react-zlib-js": "^1.0.4", - "uuid": "^3.3.3" - } - }, "node-modules-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", @@ -3335,14 +3338,9 @@ "dev": true }, "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - } + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", + "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==" }, "npm-run-path": { "version": "2.0.2", @@ -3363,11 +3361,6 @@ "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" - }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", @@ -3400,9 +3393,9 @@ } }, "object-hash": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-1.3.1.tgz", - "integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.0.3.tgz", + "integrity": "sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==" }, "object-visit": { "version": "1.0.1", @@ -3423,9 +3416,9 @@ } }, "oidc-token-hash": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-3.0.2.tgz", - "integrity": "sha512-dTzp80/y/da+um+i+sOucNqiPpwRL7M/xPwj7pH1TFA2/bqQ+OK2sJahSXbemEoLtPkHcFLyhLhLWZa9yW5+RA==" + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.0.tgz", + "integrity": "sha512-8Yr4CZSv+Tn8ZkN3iN2i2w2G92mUKClp4z7EGUfdsERiYSbj7P4i/NHm72ft+aUdsiFx9UdIPSTwbyzQ6C4URg==" }, "once": { "version": "1.4.0", @@ -3445,18 +3438,18 @@ } }, "openid-client": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-2.5.0.tgz", - "integrity": "sha512-t3hFD7xEoW1U25RyBcRFaL19fGGs6hNVTysq9pgmiltH0IVUPzH/bQV9w24pM5Q7MunnGv2/5XjIru6BQcWdxg==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-4.1.1.tgz", + "integrity": "sha512-/qch3I3v8UtO0A7wVgyXJJjGX/knR8bv06DQpLuKQqLG5u4AHcgusGuVKPKAcneLZvHKbKovF2+3e2ngXyuudA==", "requires": { - "base64url": "^3.0.0", - "got": "^8.3.2", - "lodash": "^4.17.11", - "lru-cache": "^5.1.1", - "node-jose": "^1.1.0", - "object-hash": "^1.3.1", - "oidc-token-hash": "^3.0.1", - "p-any": "^1.1.0" + "base64url": "^3.0.1", + "got": "^11.6.2", + "jose": "^2.0.2", + "lru-cache": "^6.0.0", + "make-error": "^1.3.6", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.0", + "p-any": "^3.0.0" } }, "optionator": { @@ -3474,17 +3467,18 @@ } }, "p-any": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-any/-/p-any-1.1.0.tgz", - "integrity": "sha512-Ef0tVa4CZ5pTAmKn+Cg3w8ABBXh+hHO1aV8281dKOoUHfX+3tjG2EaFcC+aZyagg9b4EYGsHEjz21DnEE8Og2g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-any/-/p-any-3.0.0.tgz", + "integrity": "sha512-5rqbqfsRWNb0sukt0awwgJMlaep+8jV45S15SKKB34z4UuzjcofIfnriCBhWjZP2jbVtjt9yRl7buB6RlKsu9w==", "requires": { - "p-some": "^2.0.0" + "p-cancelable": "^2.0.0", + "p-some": "^5.0.0" } }, "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.0.0.tgz", + "integrity": "sha512-wvPXDmbMmu2ksjkB4Z3nZWTSkJEb9lqVdMaCKpZUGJG9TMiNp9XcbG3fn9fPKjem04fJMJnXoyFPk2FmgiaiNg==" }, "p-each-series": { "version": "2.1.0", @@ -3497,11 +3491,6 @@ "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=" - }, "p-limit": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.2.tgz", @@ -3521,19 +3510,12 @@ } }, "p-some": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-some/-/p-some-2.0.1.tgz", - "integrity": "sha1-Zdh8ixVO289SIdFnd4ttLhUPbwY=", - "requires": { - "aggregate-error": "^1.0.0" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-some/-/p-some-5.0.0.tgz", + "integrity": "sha512-Js5XZxo6vHjB9NOYAzWDYAIyyiPvva0DWESAIWIK7uhSpGsyg5FwUPxipU/SOQx5x9EqhOh545d1jo6cVkitig==", "requires": { - "p-finally": "^1.0.0" + "aggregate-error": "^3.0.0", + "p-cancelable": "^2.0.0" } }, "p-try": { @@ -3542,11 +3524,6 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", "dev": true }, - "pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" - }, "parse5": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz", @@ -3591,11 +3568,6 @@ "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", "dev": true }, - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=" - }, "pirates": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.1.tgz", @@ -3632,11 +3604,6 @@ "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", "dev": true }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=" - }, "pretty-format": { "version": "25.2.3", "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-25.2.3.tgz", @@ -3657,16 +3624,6 @@ } } }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" - }, - "process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" - }, "prompts": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", @@ -3701,15 +3658,10 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, - "query-string": { + "quick-lru": { "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==" }, "react-is": { "version": "16.13.1", @@ -3717,32 +3669,6 @@ "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", "dev": true }, - "react-zlib-js": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", - "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==" - }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - }, - "dependencies": { - "safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - } - } - }, "realpath-native": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-2.0.0.tgz", @@ -3864,6 +3790,11 @@ "path-parse": "^1.0.6" } }, + "resolve-alpn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.0.0.tgz", + "integrity": "sha512-rTuiIEqFmGxne4IovivKSDzld2lWW9QCjqv80SYjPgf+gS35eaCAjaP54CCwGAwBtnCsvNLYtqxe1Nw+i6JEmA==" + }, "resolve-cwd": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", @@ -3886,11 +3817,11 @@ "dev": true }, "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.0.tgz", + "integrity": "sha512-xH48u3FTB9VsZw7R+vvgaKeLKzT6jOogbQhEe/jewwnZgzPcnyWui2Av6JpoYZF/91uueC+lqhWqeURw5/qhCw==", "requires": { - "lowercase-keys": "^1.0.0" + "lowercase-keys": "^2.0.0" } }, "ret": { @@ -3900,15 +3831,14 @@ "dev": true }, "rfc4648": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.3.0.tgz", - "integrity": "sha512-x36K12jOflpm1V8QjPq3I+pt7Z1xzeZIjiC8J2Oxd7bE1efTrOG241DTYVJByP/SxR9jl1t7iZqYxDX864jgBQ==" + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.4.0.tgz", + "integrity": "sha512-3qIzGhHlMHA6PoT6+cdPKZ+ZqtxkIvg8DZGKA5z6PQ33/uuhoJ+Ws/D/J9rXW6gXodgH8QYlz2UCl+sdUDmNIg==" }, "rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "dev": true, "requires": { "glob": "^7.1.3" } @@ -4291,14 +4221,6 @@ } } }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "requires": { - "is-plain-obj": "^1.0.0" - } - }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -4397,10 +4319,10 @@ "integrity": "sha1-NbCYdbT/SfJqd35QmzCQoyJr8ks=", "dev": true }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=" + "stream-buffers": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz", + "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==" }, "string-length": { "version": "3.1.0", @@ -4434,21 +4356,6 @@ "strip-ansi": "^6.0.0" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - }, - "dependencies": { - "safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - } - } - }, "strip-ansi": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", @@ -4508,6 +4415,19 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, + "tar": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.0.5.tgz", + "integrity": "sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==", + "requires": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^3.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + } + }, "terminal-link": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", @@ -4535,10 +4455,21 @@ "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=" + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "requires": { + "rimraf": "^3.0.0" + } + }, + "tmp-promise": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.2.tgz", + "integrity": "sha512-OyCLAKU1HzBjL6Ev3gxUeraJNlbNingmi8IrHHEsYH8LTmEuhvYfqvhn2F/je+mjf4N58UmZ96OMEy1JanSCpA==", + "requires": { + "tmp": "^0.2.0" + } }, "tmpl": { "version": "1.0.4", @@ -4660,9 +4591,9 @@ } }, "underscore": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz", - "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg==" + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz", + "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw==" }, "union-value": { "version": "1.0.1", @@ -4730,30 +4661,12 @@ "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "dev": true }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "requires": { - "prepend-http": "^2.0.0" - } - }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=" - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true }, - "util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -4921,9 +4834,9 @@ "dev": true }, "yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "yargs": { "version": "15.3.1", diff --git a/hook-sdk/nodejs/package.json b/hook-sdk/nodejs/package.json index e4c8cad1..30ccecba 100644 --- a/hook-sdk/nodejs/package.json +++ b/hook-sdk/nodejs/package.json @@ -10,7 +10,7 @@ "author": "iteratec GmbH", "license": "Apache-2.0", "dependencies": { - "@kubernetes/client-node": "^0.12.0", + "@kubernetes/client-node": "^0.12.2", "axios": "^0.20.0", "ws": "^7.3.1" }, diff --git a/hooks/declarative-subsequent-scans/package-lock.json b/hooks/declarative-subsequent-scans/package-lock.json index 8ea155b9..5b435c96 100644 --- a/hooks/declarative-subsequent-scans/package-lock.json +++ b/hooks/declarative-subsequent-scans/package-lock.json @@ -610,13 +610,15 @@ } }, "@kubernetes/client-node": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.0.tgz", - "integrity": "sha512-u57q5IaZl91f7YZoZOsgCa31hHyowHxFG88XZXd8arI8heSxbdHWHineo/8mLZbeSbHkge9Awae1stQZzuTnjg==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.2.tgz", + "integrity": "sha512-J0UwyFl1Iv/IZ6WMP7LaizBEoKPnqwtc8tIO2q/X+EuDT7eGpPPAMHXSEOC/EI9JGIf0FaJEcDHhB/Dio/mKhw==", "requires": { "@types/js-yaml": "^3.12.1", "@types/node": "^10.12.0", "@types/request": "^2.47.1", + "@types/stream-buffers": "^3.0.3", + "@types/tar": "^4.0.3", "@types/underscore": "^1.8.9", "@types/ws": "^6.0.1", "byline": "^5.0.0", @@ -624,34 +626,39 @@ "isomorphic-ws": "^4.0.1", "js-yaml": "^3.13.1", "jsonpath-plus": "^0.19.0", - "openid-client": "2.5.0", + "openid-client": "^4.1.1", "request": "^2.88.0", "rfc4648": "^1.3.0", "shelljs": "^0.8.2", + "stream-buffers": "^3.0.2", + "tar": "^6.0.2", + "tmp-promise": "^3.0.2", "tslib": "^1.9.3", "underscore": "^1.9.1", - "ws": "^6.1.0" + "ws": "^7.3.1" }, "dependencies": { "@types/node": { - "version": "10.17.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.24.tgz", - "integrity": "sha512-5SCfvCxV74kzR3uWgTYiGxrd69TbT1I6+cMx1A5kEly/IVveJBimtAMlXiEyVFn5DvUFewQWxOOiJhlxeQwxgA==" + "version": "10.17.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.35.tgz", + "integrity": "sha512-gXx7jAWpMddu0f7a+L+txMplp3FnHl53OhQIF9puXKq3hDGY/GjH+MF04oWnV/adPSCrbtHumDCFwzq2VhltWA==" }, "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", - "requires": { - "async-limiter": "~1.0.0" - } + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.1.tgz", + "integrity": "sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==" } } }, + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==" + }, "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==" + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.2.tgz", + "integrity": "sha512-JiX9vxoKMmu8Y3Zr2RVathBL1Cdu4Nt4MuNWemt1Nc06A0RAin9c5FArkhGsyMBWfCu4zj+9b+GxtjAnE4qqLQ==" }, "@sinonjs/commons": { "version": "1.8.0", @@ -662,6 +669,14 @@ "type-detect": "4.0.8" } }, + "@szmarczak/http-timer": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", + "integrity": "sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==", + "requires": { + "defer-to-connect": "^2.0.0" + } + }, "@types/babel__core": { "version": "7.1.7", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.7.tgz", @@ -703,6 +718,17 @@ "@babel/types": "^7.3.0" } }, + "@types/cacheable-request": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", + "integrity": "sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==", + "requires": { + "@types/http-cache-semantics": "*", + "@types/keyv": "*", + "@types/node": "*", + "@types/responselike": "*" + } + }, "@types/caseless": { "version": "0.12.2", "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz", @@ -723,6 +749,11 @@ "@types/node": "*" } }, + "@types/http-cache-semantics": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", + "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==" + }, "@types/istanbul-lib-coverage": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.2.tgz", @@ -749,9 +780,25 @@ } }, "@types/js-yaml": { - "version": "3.12.4", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", - "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==" + "version": "3.12.5", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz", + "integrity": "sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==" + }, + "@types/keyv": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.1.tgz", + "integrity": "sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==", + "requires": { + "@types/node": "*" + } + }, + "@types/minipass": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@types/minipass/-/minipass-2.2.0.tgz", + "integrity": "sha512-wuzZksN4w4kyfoOv/dlpov4NOunwutLA/q7uc00xU02ZyUY+aoM5PWIXEKBMnm0NHd4a+N71BMjq+x7+2Af1fg==", + "requires": { + "@types/node": "*" + } }, "@types/node": { "version": "14.0.14", @@ -793,21 +840,46 @@ } } }, + "@types/responselike": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz", + "integrity": "sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==", + "requires": { + "@types/node": "*" + } + }, "@types/stack-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-1.0.1.tgz", "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==", "dev": true }, + "@types/stream-buffers": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/stream-buffers/-/stream-buffers-3.0.3.tgz", + "integrity": "sha512-NeFeX7YfFZDYsCfbuaOmFQ0OjSmHreKBpp7MQ4alWQBHeh2USLsj7qyMyn9t82kjqIX516CR/5SRHnARduRtbQ==", + "requires": { + "@types/node": "*" + } + }, + "@types/tar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/tar/-/tar-4.0.3.tgz", + "integrity": "sha512-Z7AVMMlkI8NTWF0qGhC4QIX0zkV/+y0J8x7b/RsHrN0310+YNjoJd8UrApCiGBCWtKjxS9QhNqLi2UJNToh5hA==", + "requires": { + "@types/minipass": "*", + "@types/node": "*" + } + }, "@types/tough-cookie": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.0.tgz", "integrity": "sha512-I99sngh224D0M7XgW1s120zxCt3VYQ3IQsuw3P3jbq5GG4yc79+ZjyKznyOGIQrflfylLgcfekeZW/vk0yng6A==" }, "@types/underscore": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.0.tgz", - "integrity": "sha512-ZAbqul7QAKpM2h1PFGa5ETN27ulmqtj0QviYHasw9LffvXZvVHuraOx/FOsIPPDNGZN0Qo1nASxxSfMYOtSoCw==" + "version": "1.10.23", + "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.23.tgz", + "integrity": "sha512-vX1NPekXhrLquFWskH2thcvFAha187F/lM6xYOoEMZWwJ/6alSk0/ttmGP/YRqcqtCv0TMbZjYAdZyHAEcuU4g==" }, "@types/ws": { "version": "6.0.4", @@ -869,12 +941,12 @@ "dev": true }, "aggregate-error": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-1.0.0.tgz", - "integrity": "sha1-iINE2tAiCnLjr1CQYRf0h3GSX6w=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", "requires": { - "clean-stack": "^1.0.0", - "indent-string": "^3.0.0" + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" } }, "ajv": { @@ -994,11 +1066,6 @@ "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==", "dev": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -1148,11 +1215,6 @@ } } }, - "base64-js": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", - "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" - }, "base64url": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", @@ -1207,14 +1269,6 @@ } } }, - "browserify-zlib": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", - "requires": { - "pako": "~1.0.5" - } - }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1224,15 +1278,6 @@ "node-int64": "^0.4.0" } }, - "buffer": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", - "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", - "requires": { - "base64-js": "^1.0.2", - "ieee754": "^1.1.4" - } - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -1261,29 +1306,32 @@ "unset-value": "^1.0.0" } }, + "cacheable-lookup": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.3.tgz", + "integrity": "sha512-W+JBqF9SWe18A72XFzN/V/CULFzPm7sBXzzR6ekkE+3tLG72wFZrBiBZhrZuDoYexop4PHJVdFAKb/Nj9+tm9w==" + }, "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.1.tgz", + "integrity": "sha512-lt0mJ6YAnsrBErpTMWeu5kl/tg9xMAWjavYTN6VQXM1A/teBITuNcccXsCxF0tDQQJf9DfAaX5O4e0zp0KlfZw==", + "requires": { + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", + "http-cache-semantics": "^4.0.0", + "keyv": "^4.0.0", + "lowercase-keys": "^2.0.0", + "normalize-url": "^4.1.0", + "responselike": "^2.0.0" }, "dependencies": { "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=" + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "requires": { + "pump": "^3.0.0" + } } } }, @@ -1323,6 +1371,11 @@ "supports-color": "^7.1.0" } }, + "chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==" + }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -1353,9 +1406,9 @@ } }, "clean-stack": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-1.3.0.tgz", - "integrity": "sha1-noIVAa6XmYbEax1m0tQy2y/UrjE=" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==" }, "cliui": { "version": "6.0.0", @@ -1539,14 +1592,22 @@ "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", + "dev": true }, "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "requires": { - "mimic-response": "^1.0.0" + "mimic-response": "^3.1.0" + }, + "dependencies": { + "mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==" + } } }, "deep-is": { @@ -1561,6 +1622,11 @@ "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", "dev": true }, + "defer-to-connect": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.0.tgz", + "integrity": "sha512-bYL2d05vOSf1JEZNx5vSAtPuBMkX8K9EUutg7zlKvTqKXHt7RhWJFbmd7qakVuf13i+IkGmp6FwSsONOf6VYIg==" + }, "define-property": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", @@ -1628,11 +1694,6 @@ "webidl-conversions": "^4.0.2" } }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=" - }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", @@ -1665,11 +1726,6 @@ "is-arrayish": "^0.2.1" } }, - "es6-promise": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" - }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1966,13 +2022,12 @@ "map-cache": "^0.2.2" } }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", + "fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" + "minipass": "^3.0.0" } }, "fs.realpath": { @@ -2047,34 +2102,21 @@ "dev": true }, "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - } + "version": "11.7.0", + "resolved": "https://registry.npmjs.org/got/-/got-11.7.0.tgz", + "integrity": "sha512-7en2XwH2MEqOsrK0xaKhbWibBoZqy+f1RSUoIeF1BLcnf+pyQdDsljWMfmOh+QKJwuvDIiKx38GtPh5wFdGGjg==", + "requires": { + "@sindresorhus/is": "^3.1.1", + "@szmarczak/http-timer": "^4.0.5", + "@types/cacheable-request": "^6.0.1", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.1", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", + "lowercase-keys": "^2.0.0", + "p-cancelable": "^2.0.0", + "responselike": "^2.0.0" } }, "graceful-fs": { @@ -2110,19 +2152,6 @@ "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==" - }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "requires": { - "has-symbol-support-x": "^1.4.1" - } - }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2197,9 +2226,9 @@ "dev": true }, "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==" + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz", + "integrity": "sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==" }, "http-signature": { "version": "1.2.0", @@ -2211,6 +2240,15 @@ "sshpk": "^1.7.0" } }, + "http2-wrapper": { + "version": "1.0.0-beta.5.2", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.0-beta.5.2.tgz", + "integrity": "sha512-xYz9goEyBnC8XwXDTuC/MZ6t+MrKVQZOk4s7+PaDkwIsQd8IwqvM+0M6bA/2lvG8GHXcPdf+MejTUeO2LCPCeQ==", + "requires": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + } + }, "human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", @@ -2226,11 +2264,6 @@ "safer-buffer": ">= 2.1.2 < 3" } }, - "ieee754": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", - "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" - }, "import-local": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.0.2.tgz", @@ -2248,9 +2281,9 @@ "dev": true }, "indent-string": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz", - "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==" }, "inflight": { "version": "1.0.6", @@ -2271,15 +2304,6 @@ "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==" }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, "ip-regex": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz", @@ -2397,16 +2421,6 @@ "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true }, - "is-object": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.1.tgz", - "integrity": "sha1-iVJojF7C/9awPsyF52ngKQMINHA=" - }, - "is-plain-obj": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", - "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4=" - }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2416,11 +2430,6 @@ "isobject": "^3.0.1" } }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==" - }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", @@ -2450,7 +2459,8 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true }, "isexe": { "version": "2.0.0", @@ -2523,15 +2533,6 @@ "istanbul-lib-report": "^3.0.0" } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", - "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" - } - }, "jest": { "version": "25.5.4", "resolved": "https://registry.npmjs.org/jest/-/jest-25.5.4.tgz", @@ -3032,6 +3033,14 @@ "supports-color": "^7.0.0" } }, + "jose": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.2.tgz", + "integrity": "sha512-yD93lsiMA1go/qxSY/vXWBodmIZJIxeB7QhFi8z1yQ3KUwKENqI9UA8VCHlQ5h3x1zWuWZjoY87ByQzkQbIrQg==", + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -3093,9 +3102,9 @@ "dev": true }, "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" }, "json-parse-better-errors": { "version": "1.0.2", @@ -3144,11 +3153,11 @@ } }, "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.0.3.tgz", + "integrity": "sha512-zdGa2TOpSZPq5mU6iowDARnMBZgtCqJ11dJROFi6tg6kTn4nuUdU09lFyLFSaHrWqpIJ+EBq4E8/Dc0Vx5vLdA==", "requires": { - "json-buffer": "3.0.0" + "json-buffer": "3.0.1" } }, "kind-of": { @@ -3214,22 +3223,17 @@ "@sinonjs/commons": "^1.7.0" } }, - "long": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" - }, "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==" }, "lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "requires": { - "yallist": "^3.0.2" + "yallist": "^4.0.0" } }, "make-dir": { @@ -3241,6 +3245,11 @@ "semver": "^6.0.0" } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "makeerror": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", @@ -3319,6 +3328,23 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "dev": true }, + "minipass": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", + "integrity": "sha512-Mgd2GdMVzY+x3IJ+oHnVM+KG3lA5c8tnabyJKmHSaG2kAGpudxuOf8ToDkhumF7UzME7DecbQE9uOZhNm7PuJg==", + "requires": { + "yallist": "^4.0.0" + } + }, + "minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "requires": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" + } + }, "mixin-deep": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", @@ -3340,6 +3366,11 @@ } } }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", @@ -3381,34 +3412,12 @@ "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" }, - "node-forge": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", - "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==" - }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-jose": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", - "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", - "requires": { - "base64url": "^3.0.1", - "browserify-zlib": "^0.2.0", - "buffer": "^5.5.0", - "es6-promise": "^4.2.8", - "lodash": "^4.17.15", - "long": "^4.0.0", - "node-forge": "^0.8.5", - "process": "^0.11.10", - "react-zlib-js": "^1.0.4", - "uuid": "^3.3.3" - } - }, "node-modules-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", @@ -3468,14 +3477,9 @@ "dev": true }, "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - } + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", + "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==" }, "npm-run-path": { "version": "2.0.2", @@ -3496,11 +3500,6 @@ "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" - }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", @@ -3533,9 +3532,9 @@ } }, "object-hash": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-1.3.1.tgz", - "integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.0.3.tgz", + "integrity": "sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==" }, "object-visit": { "version": "1.0.1", @@ -3556,9 +3555,9 @@ } }, "oidc-token-hash": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-3.0.2.tgz", - "integrity": "sha512-dTzp80/y/da+um+i+sOucNqiPpwRL7M/xPwj7pH1TFA2/bqQ+OK2sJahSXbemEoLtPkHcFLyhLhLWZa9yW5+RA==" + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.0.tgz", + "integrity": "sha512-8Yr4CZSv+Tn8ZkN3iN2i2w2G92mUKClp4z7EGUfdsERiYSbj7P4i/NHm72ft+aUdsiFx9UdIPSTwbyzQ6C4URg==" }, "once": { "version": "1.4.0", @@ -3578,18 +3577,18 @@ } }, "openid-client": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-2.5.0.tgz", - "integrity": "sha512-t3hFD7xEoW1U25RyBcRFaL19fGGs6hNVTysq9pgmiltH0IVUPzH/bQV9w24pM5Q7MunnGv2/5XjIru6BQcWdxg==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-4.1.1.tgz", + "integrity": "sha512-/qch3I3v8UtO0A7wVgyXJJjGX/knR8bv06DQpLuKQqLG5u4AHcgusGuVKPKAcneLZvHKbKovF2+3e2ngXyuudA==", "requires": { - "base64url": "^3.0.0", - "got": "^8.3.2", - "lodash": "^4.17.11", - "lru-cache": "^5.1.1", - "node-jose": "^1.1.0", - "object-hash": "^1.3.1", - "oidc-token-hash": "^3.0.1", - "p-any": "^1.1.0" + "base64url": "^3.0.1", + "got": "^11.6.2", + "jose": "^2.0.2", + "lru-cache": "^6.0.0", + "make-error": "^1.3.6", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.0", + "p-any": "^3.0.0" } }, "optionator": { @@ -3607,17 +3606,18 @@ } }, "p-any": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-any/-/p-any-1.1.0.tgz", - "integrity": "sha512-Ef0tVa4CZ5pTAmKn+Cg3w8ABBXh+hHO1aV8281dKOoUHfX+3tjG2EaFcC+aZyagg9b4EYGsHEjz21DnEE8Og2g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-any/-/p-any-3.0.0.tgz", + "integrity": "sha512-5rqbqfsRWNb0sukt0awwgJMlaep+8jV45S15SKKB34z4UuzjcofIfnriCBhWjZP2jbVtjt9yRl7buB6RlKsu9w==", "requires": { - "p-some": "^2.0.0" + "p-cancelable": "^2.0.0", + "p-some": "^5.0.0" } }, "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.0.0.tgz", + "integrity": "sha512-wvPXDmbMmu2ksjkB4Z3nZWTSkJEb9lqVdMaCKpZUGJG9TMiNp9XcbG3fn9fPKjem04fJMJnXoyFPk2FmgiaiNg==" }, "p-each-series": { "version": "2.1.0", @@ -3630,11 +3630,6 @@ "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=" - }, "p-limit": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", @@ -3654,19 +3649,12 @@ } }, "p-some": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-some/-/p-some-2.0.1.tgz", - "integrity": "sha1-Zdh8ixVO289SIdFnd4ttLhUPbwY=", - "requires": { - "aggregate-error": "^1.0.0" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-some/-/p-some-5.0.0.tgz", + "integrity": "sha512-Js5XZxo6vHjB9NOYAzWDYAIyyiPvva0DWESAIWIK7uhSpGsyg5FwUPxipU/SOQx5x9EqhOh545d1jo6cVkitig==", "requires": { - "p-finally": "^1.0.0" + "aggregate-error": "^3.0.0", + "p-cancelable": "^2.0.0" } }, "p-try": { @@ -3675,11 +3663,6 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", "dev": true }, - "pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" - }, "parse-json": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.0.0.tgz", @@ -3736,11 +3719,6 @@ "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", "dev": true }, - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=" - }, "pirates": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.1.tgz", @@ -3777,11 +3755,6 @@ "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", "dev": true }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=" - }, "pretty-format": { "version": "25.5.0", "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-25.5.0.tgz", @@ -3802,16 +3775,6 @@ } } }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" - }, - "process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" - }, "prompts": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", @@ -3846,15 +3809,10 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, - "query-string": { + "quick-lru": { "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==" }, "react-is": { "version": "16.13.1", @@ -3862,11 +3820,6 @@ "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", "dev": true }, - "react-zlib-js": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", - "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==" - }, "read-pkg": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", @@ -3898,20 +3851,6 @@ "type-fest": "^0.8.1" } }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, "realpath-native": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-2.0.0.tgz", @@ -4044,6 +3983,11 @@ "path-parse": "^1.0.6" } }, + "resolve-alpn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.0.0.tgz", + "integrity": "sha512-rTuiIEqFmGxne4IovivKSDzld2lWW9QCjqv80SYjPgf+gS35eaCAjaP54CCwGAwBtnCsvNLYtqxe1Nw+i6JEmA==" + }, "resolve-cwd": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", @@ -4066,11 +4010,11 @@ "dev": true }, "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.0.tgz", + "integrity": "sha512-xH48u3FTB9VsZw7R+vvgaKeLKzT6jOogbQhEe/jewwnZgzPcnyWui2Av6JpoYZF/91uueC+lqhWqeURw5/qhCw==", "requires": { - "lowercase-keys": "^1.0.0" + "lowercase-keys": "^2.0.0" } }, "ret": { @@ -4080,15 +4024,14 @@ "dev": true }, "rfc4648": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.3.0.tgz", - "integrity": "sha512-x36K12jOflpm1V8QjPq3I+pt7Z1xzeZIjiC8J2Oxd7bE1efTrOG241DTYVJByP/SxR9jl1t7iZqYxDX864jgBQ==" + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.4.0.tgz", + "integrity": "sha512-3qIzGhHlMHA6PoT6+cdPKZ+ZqtxkIvg8DZGKA5z6PQ33/uuhoJ+Ws/D/J9rXW6gXodgH8QYlz2UCl+sdUDmNIg==" }, "rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "dev": true, "requires": { "glob": "^7.1.3" } @@ -4478,14 +4421,6 @@ } } }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "requires": { - "is-plain-obj": "^1.0.0" - } - }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -4616,10 +4551,10 @@ "integrity": "sha1-NbCYdbT/SfJqd35QmzCQoyJr8ks=", "dev": true }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=" + "stream-buffers": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz", + "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==" }, "string-length": { "version": "3.1.0", @@ -4653,14 +4588,6 @@ "strip-ansi": "^6.0.0" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - } - }, "strip-ansi": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", @@ -4720,6 +4647,19 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, + "tar": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.0.5.tgz", + "integrity": "sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==", + "requires": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^3.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + } + }, "terminal-link": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", @@ -4747,10 +4687,21 @@ "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=" + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "requires": { + "rimraf": "^3.0.0" + } + }, + "tmp-promise": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.2.tgz", + "integrity": "sha512-OyCLAKU1HzBjL6Ev3gxUeraJNlbNingmi8IrHHEsYH8LTmEuhvYfqvhn2F/je+mjf4N58UmZ96OMEy1JanSCpA==", + "requires": { + "tmp": "^0.2.0" + } }, "tmpl": { "version": "1.0.4", @@ -4880,9 +4831,9 @@ "dev": true }, "underscore": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz", - "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg==" + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz", + "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw==" }, "union-value": { "version": "1.0.1", @@ -4950,30 +4901,12 @@ "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "dev": true }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "requires": { - "prepend-http": "^2.0.0" - } - }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=" - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true }, - "util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -5153,9 +5086,9 @@ "dev": true }, "yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "yargs": { "version": "15.3.1", diff --git a/hooks/declarative-subsequent-scans/package.json b/hooks/declarative-subsequent-scans/package.json index 13cc4b48..820fb77e 100644 --- a/hooks/declarative-subsequent-scans/package.json +++ b/hooks/declarative-subsequent-scans/package.json @@ -23,13 +23,13 @@ "url": "https://www.iteratec.com" }, "contributors": [ - { - "name" : "Jannik Hollenbach", - "url" : "https://github.com/J12934" + { + "name": "Jannik Hollenbach", + "url": "https://github.com/J12934" }, - { - "name" : "Robert Seedorff", - "url" : "https://github.com/rseedorff" + { + "name": "Robert Seedorff", + "url": "https://github.com/rseedorff" } ], "bugs": { @@ -37,7 +37,7 @@ }, "license": "Apache-2.0", "dependencies": { - "@kubernetes/client-node": "^0.12.0", + "@kubernetes/client-node": "^0.12.2", "lodash": "^4.17.19", "mustache": "^4.0.1" }, diff --git a/hooks/imperative-subsequent-scans/package-lock.json b/hooks/imperative-subsequent-scans/package-lock.json index 520f0f80..96d89f5c 100644 --- a/hooks/imperative-subsequent-scans/package-lock.json +++ b/hooks/imperative-subsequent-scans/package-lock.json @@ -610,13 +610,15 @@ } }, "@kubernetes/client-node": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.0.tgz", - "integrity": "sha512-u57q5IaZl91f7YZoZOsgCa31hHyowHxFG88XZXd8arI8heSxbdHWHineo/8mLZbeSbHkge9Awae1stQZzuTnjg==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.2.tgz", + "integrity": "sha512-J0UwyFl1Iv/IZ6WMP7LaizBEoKPnqwtc8tIO2q/X+EuDT7eGpPPAMHXSEOC/EI9JGIf0FaJEcDHhB/Dio/mKhw==", "requires": { "@types/js-yaml": "^3.12.1", "@types/node": "^10.12.0", "@types/request": "^2.47.1", + "@types/stream-buffers": "^3.0.3", + "@types/tar": "^4.0.3", "@types/underscore": "^1.8.9", "@types/ws": "^6.0.1", "byline": "^5.0.0", @@ -624,34 +626,39 @@ "isomorphic-ws": "^4.0.1", "js-yaml": "^3.13.1", "jsonpath-plus": "^0.19.0", - "openid-client": "2.5.0", + "openid-client": "^4.1.1", "request": "^2.88.0", "rfc4648": "^1.3.0", "shelljs": "^0.8.2", + "stream-buffers": "^3.0.2", + "tar": "^6.0.2", + "tmp-promise": "^3.0.2", "tslib": "^1.9.3", "underscore": "^1.9.1", - "ws": "^6.1.0" + "ws": "^7.3.1" }, "dependencies": { "@types/node": { - "version": "10.17.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.24.tgz", - "integrity": "sha512-5SCfvCxV74kzR3uWgTYiGxrd69TbT1I6+cMx1A5kEly/IVveJBimtAMlXiEyVFn5DvUFewQWxOOiJhlxeQwxgA==" + "version": "10.17.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.35.tgz", + "integrity": "sha512-gXx7jAWpMddu0f7a+L+txMplp3FnHl53OhQIF9puXKq3hDGY/GjH+MF04oWnV/adPSCrbtHumDCFwzq2VhltWA==" }, "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", - "requires": { - "async-limiter": "~1.0.0" - } + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.1.tgz", + "integrity": "sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==" } } }, + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==" + }, "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==" + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.2.tgz", + "integrity": "sha512-JiX9vxoKMmu8Y3Zr2RVathBL1Cdu4Nt4MuNWemt1Nc06A0RAin9c5FArkhGsyMBWfCu4zj+9b+GxtjAnE4qqLQ==" }, "@sinonjs/commons": { "version": "1.8.0", @@ -662,6 +669,14 @@ "type-detect": "4.0.8" } }, + "@szmarczak/http-timer": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", + "integrity": "sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==", + "requires": { + "defer-to-connect": "^2.0.0" + } + }, "@types/babel__core": { "version": "7.1.7", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.7.tgz", @@ -703,6 +718,17 @@ "@babel/types": "^7.3.0" } }, + "@types/cacheable-request": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", + "integrity": "sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==", + "requires": { + "@types/http-cache-semantics": "*", + "@types/keyv": "*", + "@types/node": "*", + "@types/responselike": "*" + } + }, "@types/caseless": { "version": "0.12.2", "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz", @@ -723,6 +749,11 @@ "@types/node": "*" } }, + "@types/http-cache-semantics": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", + "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==" + }, "@types/istanbul-lib-coverage": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.2.tgz", @@ -749,9 +780,25 @@ } }, "@types/js-yaml": { - "version": "3.12.4", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", - "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==" + "version": "3.12.5", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz", + "integrity": "sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==" + }, + "@types/keyv": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.1.tgz", + "integrity": "sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==", + "requires": { + "@types/node": "*" + } + }, + "@types/minipass": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@types/minipass/-/minipass-2.2.0.tgz", + "integrity": "sha512-wuzZksN4w4kyfoOv/dlpov4NOunwutLA/q7uc00xU02ZyUY+aoM5PWIXEKBMnm0NHd4a+N71BMjq+x7+2Af1fg==", + "requires": { + "@types/node": "*" + } }, "@types/node": { "version": "14.0.5", @@ -793,21 +840,46 @@ } } }, + "@types/responselike": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz", + "integrity": "sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==", + "requires": { + "@types/node": "*" + } + }, "@types/stack-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-1.0.1.tgz", "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==", "dev": true }, + "@types/stream-buffers": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/stream-buffers/-/stream-buffers-3.0.3.tgz", + "integrity": "sha512-NeFeX7YfFZDYsCfbuaOmFQ0OjSmHreKBpp7MQ4alWQBHeh2USLsj7qyMyn9t82kjqIX516CR/5SRHnARduRtbQ==", + "requires": { + "@types/node": "*" + } + }, + "@types/tar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/tar/-/tar-4.0.3.tgz", + "integrity": "sha512-Z7AVMMlkI8NTWF0qGhC4QIX0zkV/+y0J8x7b/RsHrN0310+YNjoJd8UrApCiGBCWtKjxS9QhNqLi2UJNToh5hA==", + "requires": { + "@types/minipass": "*", + "@types/node": "*" + } + }, "@types/tough-cookie": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.0.tgz", "integrity": "sha512-I99sngh224D0M7XgW1s120zxCt3VYQ3IQsuw3P3jbq5GG4yc79+ZjyKznyOGIQrflfylLgcfekeZW/vk0yng6A==" }, "@types/underscore": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.0.tgz", - "integrity": "sha512-ZAbqul7QAKpM2h1PFGa5ETN27ulmqtj0QviYHasw9LffvXZvVHuraOx/FOsIPPDNGZN0Qo1nASxxSfMYOtSoCw==" + "version": "1.10.23", + "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.23.tgz", + "integrity": "sha512-vX1NPekXhrLquFWskH2thcvFAha187F/lM6xYOoEMZWwJ/6alSk0/ttmGP/YRqcqtCv0TMbZjYAdZyHAEcuU4g==" }, "@types/ws": { "version": "6.0.4", @@ -869,12 +941,12 @@ "dev": true }, "aggregate-error": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-1.0.0.tgz", - "integrity": "sha1-iINE2tAiCnLjr1CQYRf0h3GSX6w=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", "requires": { - "clean-stack": "^1.0.0", - "indent-string": "^3.0.0" + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" } }, "ajv": { @@ -994,11 +1066,6 @@ "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==", "dev": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -1148,11 +1215,6 @@ } } }, - "base64-js": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", - "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" - }, "base64url": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", @@ -1207,14 +1269,6 @@ } } }, - "browserify-zlib": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", - "requires": { - "pako": "~1.0.5" - } - }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1224,15 +1278,6 @@ "node-int64": "^0.4.0" } }, - "buffer": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", - "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", - "requires": { - "base64-js": "^1.0.2", - "ieee754": "^1.1.4" - } - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -1261,29 +1306,32 @@ "unset-value": "^1.0.0" } }, + "cacheable-lookup": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.3.tgz", + "integrity": "sha512-W+JBqF9SWe18A72XFzN/V/CULFzPm7sBXzzR6ekkE+3tLG72wFZrBiBZhrZuDoYexop4PHJVdFAKb/Nj9+tm9w==" + }, "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.1.tgz", + "integrity": "sha512-lt0mJ6YAnsrBErpTMWeu5kl/tg9xMAWjavYTN6VQXM1A/teBITuNcccXsCxF0tDQQJf9DfAaX5O4e0zp0KlfZw==", + "requires": { + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", + "http-cache-semantics": "^4.0.0", + "keyv": "^4.0.0", + "lowercase-keys": "^2.0.0", + "normalize-url": "^4.1.0", + "responselike": "^2.0.0" }, "dependencies": { "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=" + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "requires": { + "pump": "^3.0.0" + } } } }, @@ -1323,6 +1371,11 @@ "supports-color": "^7.1.0" } }, + "chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==" + }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -1353,9 +1406,9 @@ } }, "clean-stack": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-1.3.0.tgz", - "integrity": "sha1-noIVAa6XmYbEax1m0tQy2y/UrjE=" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==" }, "cliui": { "version": "6.0.0", @@ -1539,14 +1592,22 @@ "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", + "dev": true }, "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "requires": { - "mimic-response": "^1.0.0" + "mimic-response": "^3.1.0" + }, + "dependencies": { + "mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==" + } } }, "deep-is": { @@ -1561,6 +1622,11 @@ "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", "dev": true }, + "defer-to-connect": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.0.tgz", + "integrity": "sha512-bYL2d05vOSf1JEZNx5vSAtPuBMkX8K9EUutg7zlKvTqKXHt7RhWJFbmd7qakVuf13i+IkGmp6FwSsONOf6VYIg==" + }, "define-property": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", @@ -1628,11 +1694,6 @@ "webidl-conversions": "^4.0.2" } }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=" - }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", @@ -1665,11 +1726,6 @@ "is-arrayish": "^0.2.1" } }, - "es6-promise": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" - }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1966,13 +2022,12 @@ "map-cache": "^0.2.2" } }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", + "fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" + "minipass": "^3.0.0" } }, "fs.realpath": { @@ -2047,34 +2102,21 @@ "dev": true }, "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - } + "version": "11.7.0", + "resolved": "https://registry.npmjs.org/got/-/got-11.7.0.tgz", + "integrity": "sha512-7en2XwH2MEqOsrK0xaKhbWibBoZqy+f1RSUoIeF1BLcnf+pyQdDsljWMfmOh+QKJwuvDIiKx38GtPh5wFdGGjg==", + "requires": { + "@sindresorhus/is": "^3.1.1", + "@szmarczak/http-timer": "^4.0.5", + "@types/cacheable-request": "^6.0.1", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.1", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", + "lowercase-keys": "^2.0.0", + "p-cancelable": "^2.0.0", + "responselike": "^2.0.0" } }, "graceful-fs": { @@ -2110,19 +2152,6 @@ "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==" - }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "requires": { - "has-symbol-support-x": "^1.4.1" - } - }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2197,9 +2226,9 @@ "dev": true }, "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==" + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz", + "integrity": "sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==" }, "http-signature": { "version": "1.2.0", @@ -2211,6 +2240,15 @@ "sshpk": "^1.7.0" } }, + "http2-wrapper": { + "version": "1.0.0-beta.5.2", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.0-beta.5.2.tgz", + "integrity": "sha512-xYz9goEyBnC8XwXDTuC/MZ6t+MrKVQZOk4s7+PaDkwIsQd8IwqvM+0M6bA/2lvG8GHXcPdf+MejTUeO2LCPCeQ==", + "requires": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + } + }, "human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", @@ -2226,11 +2264,6 @@ "safer-buffer": ">= 2.1.2 < 3" } }, - "ieee754": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", - "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" - }, "import-local": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.0.2.tgz", @@ -2248,9 +2281,9 @@ "dev": true }, "indent-string": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz", - "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==" }, "inflight": { "version": "1.0.6", @@ -2271,15 +2304,6 @@ "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==" }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, "ip-regex": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz", @@ -2397,16 +2421,6 @@ "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true }, - "is-object": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.1.tgz", - "integrity": "sha1-iVJojF7C/9awPsyF52ngKQMINHA=" - }, - "is-plain-obj": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", - "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4=" - }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2416,11 +2430,6 @@ "isobject": "^3.0.1" } }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==" - }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", @@ -2450,7 +2459,8 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true }, "isexe": { "version": "2.0.0", @@ -2523,15 +2533,6 @@ "istanbul-lib-report": "^3.0.0" } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", - "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" - } - }, "jest": { "version": "25.5.4", "resolved": "https://registry.npmjs.org/jest/-/jest-25.5.4.tgz", @@ -3032,6 +3033,14 @@ "supports-color": "^7.0.0" } }, + "jose": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.2.tgz", + "integrity": "sha512-yD93lsiMA1go/qxSY/vXWBodmIZJIxeB7QhFi8z1yQ3KUwKENqI9UA8VCHlQ5h3x1zWuWZjoY87ByQzkQbIrQg==", + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -3093,9 +3102,9 @@ "dev": true }, "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" }, "json-parse-better-errors": { "version": "1.0.2", @@ -3144,11 +3153,11 @@ } }, "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.0.3.tgz", + "integrity": "sha512-zdGa2TOpSZPq5mU6iowDARnMBZgtCqJ11dJROFi6tg6kTn4nuUdU09lFyLFSaHrWqpIJ+EBq4E8/Dc0Vx5vLdA==", "requires": { - "json-buffer": "3.0.0" + "json-buffer": "3.0.1" } }, "kind-of": { @@ -3197,7 +3206,8 @@ "lodash": { "version": "4.17.19", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==", + "dev": true }, "lodash.set": { "version": "4.3.2", @@ -3219,22 +3229,17 @@ "@sinonjs/commons": "^1.7.0" } }, - "long": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" - }, "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==" }, "lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "requires": { - "yallist": "^3.0.2" + "yallist": "^4.0.0" } }, "make-dir": { @@ -3246,6 +3251,11 @@ "semver": "^6.0.0" } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "makeerror": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", @@ -3324,6 +3334,23 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "dev": true }, + "minipass": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", + "integrity": "sha512-Mgd2GdMVzY+x3IJ+oHnVM+KG3lA5c8tnabyJKmHSaG2kAGpudxuOf8ToDkhumF7UzME7DecbQE9uOZhNm7PuJg==", + "requires": { + "yallist": "^4.0.0" + } + }, + "minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "requires": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" + } + }, "mixin-deep": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", @@ -3345,6 +3372,11 @@ } } }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", @@ -3381,34 +3413,12 @@ "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" }, - "node-forge": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", - "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==" - }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-jose": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", - "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", - "requires": { - "base64url": "^3.0.1", - "browserify-zlib": "^0.2.0", - "buffer": "^5.5.0", - "es6-promise": "^4.2.8", - "lodash": "^4.17.15", - "long": "^4.0.0", - "node-forge": "^0.8.5", - "process": "^0.11.10", - "react-zlib-js": "^1.0.4", - "uuid": "^3.3.3" - } - }, "node-modules-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", @@ -3468,14 +3478,9 @@ "dev": true }, "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - } + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", + "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==" }, "npm-run-path": { "version": "2.0.2", @@ -3496,11 +3501,6 @@ "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" - }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", @@ -3533,9 +3533,9 @@ } }, "object-hash": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-1.3.1.tgz", - "integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.0.3.tgz", + "integrity": "sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==" }, "object-visit": { "version": "1.0.1", @@ -3556,9 +3556,9 @@ } }, "oidc-token-hash": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-3.0.2.tgz", - "integrity": "sha512-dTzp80/y/da+um+i+sOucNqiPpwRL7M/xPwj7pH1TFA2/bqQ+OK2sJahSXbemEoLtPkHcFLyhLhLWZa9yW5+RA==" + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.0.tgz", + "integrity": "sha512-8Yr4CZSv+Tn8ZkN3iN2i2w2G92mUKClp4z7EGUfdsERiYSbj7P4i/NHm72ft+aUdsiFx9UdIPSTwbyzQ6C4URg==" }, "once": { "version": "1.4.0", @@ -3578,18 +3578,18 @@ } }, "openid-client": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-2.5.0.tgz", - "integrity": "sha512-t3hFD7xEoW1U25RyBcRFaL19fGGs6hNVTysq9pgmiltH0IVUPzH/bQV9w24pM5Q7MunnGv2/5XjIru6BQcWdxg==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-4.1.1.tgz", + "integrity": "sha512-/qch3I3v8UtO0A7wVgyXJJjGX/knR8bv06DQpLuKQqLG5u4AHcgusGuVKPKAcneLZvHKbKovF2+3e2ngXyuudA==", "requires": { - "base64url": "^3.0.0", - "got": "^8.3.2", - "lodash": "^4.17.11", - "lru-cache": "^5.1.1", - "node-jose": "^1.1.0", - "object-hash": "^1.3.1", - "oidc-token-hash": "^3.0.1", - "p-any": "^1.1.0" + "base64url": "^3.0.1", + "got": "^11.6.2", + "jose": "^2.0.2", + "lru-cache": "^6.0.0", + "make-error": "^1.3.6", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.0", + "p-any": "^3.0.0" } }, "optionator": { @@ -3607,17 +3607,18 @@ } }, "p-any": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-any/-/p-any-1.1.0.tgz", - "integrity": "sha512-Ef0tVa4CZ5pTAmKn+Cg3w8ABBXh+hHO1aV8281dKOoUHfX+3tjG2EaFcC+aZyagg9b4EYGsHEjz21DnEE8Og2g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-any/-/p-any-3.0.0.tgz", + "integrity": "sha512-5rqbqfsRWNb0sukt0awwgJMlaep+8jV45S15SKKB34z4UuzjcofIfnriCBhWjZP2jbVtjt9yRl7buB6RlKsu9w==", "requires": { - "p-some": "^2.0.0" + "p-cancelable": "^2.0.0", + "p-some": "^5.0.0" } }, "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.0.0.tgz", + "integrity": "sha512-wvPXDmbMmu2ksjkB4Z3nZWTSkJEb9lqVdMaCKpZUGJG9TMiNp9XcbG3fn9fPKjem04fJMJnXoyFPk2FmgiaiNg==" }, "p-each-series": { "version": "2.1.0", @@ -3630,11 +3631,6 @@ "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=" - }, "p-limit": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", @@ -3654,19 +3650,12 @@ } }, "p-some": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-some/-/p-some-2.0.1.tgz", - "integrity": "sha1-Zdh8ixVO289SIdFnd4ttLhUPbwY=", - "requires": { - "aggregate-error": "^1.0.0" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-some/-/p-some-5.0.0.tgz", + "integrity": "sha512-Js5XZxo6vHjB9NOYAzWDYAIyyiPvva0DWESAIWIK7uhSpGsyg5FwUPxipU/SOQx5x9EqhOh545d1jo6cVkitig==", "requires": { - "p-finally": "^1.0.0" + "aggregate-error": "^3.0.0", + "p-cancelable": "^2.0.0" } }, "p-try": { @@ -3675,11 +3664,6 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", "dev": true }, - "pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" - }, "parse-json": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.0.0.tgz", @@ -3736,11 +3720,6 @@ "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", "dev": true }, - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=" - }, "pirates": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.1.tgz", @@ -3777,11 +3756,6 @@ "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", "dev": true }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=" - }, "pretty-format": { "version": "25.5.0", "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-25.5.0.tgz", @@ -3802,16 +3776,6 @@ } } }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" - }, - "process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" - }, "prompts": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", @@ -3846,15 +3810,10 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, - "query-string": { + "quick-lru": { "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==" }, "react-is": { "version": "16.13.1", @@ -3862,11 +3821,6 @@ "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", "dev": true }, - "react-zlib-js": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", - "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==" - }, "read-pkg": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", @@ -3898,20 +3852,6 @@ "type-fest": "^0.8.1" } }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, "realpath-native": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-2.0.0.tgz", @@ -4044,6 +3984,11 @@ "path-parse": "^1.0.6" } }, + "resolve-alpn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.0.0.tgz", + "integrity": "sha512-rTuiIEqFmGxne4IovivKSDzld2lWW9QCjqv80SYjPgf+gS35eaCAjaP54CCwGAwBtnCsvNLYtqxe1Nw+i6JEmA==" + }, "resolve-cwd": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", @@ -4066,11 +4011,11 @@ "dev": true }, "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.0.tgz", + "integrity": "sha512-xH48u3FTB9VsZw7R+vvgaKeLKzT6jOogbQhEe/jewwnZgzPcnyWui2Av6JpoYZF/91uueC+lqhWqeURw5/qhCw==", "requires": { - "lowercase-keys": "^1.0.0" + "lowercase-keys": "^2.0.0" } }, "ret": { @@ -4080,15 +4025,14 @@ "dev": true }, "rfc4648": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.3.0.tgz", - "integrity": "sha512-x36K12jOflpm1V8QjPq3I+pt7Z1xzeZIjiC8J2Oxd7bE1efTrOG241DTYVJByP/SxR9jl1t7iZqYxDX864jgBQ==" + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.4.0.tgz", + "integrity": "sha512-3qIzGhHlMHA6PoT6+cdPKZ+ZqtxkIvg8DZGKA5z6PQ33/uuhoJ+Ws/D/J9rXW6gXodgH8QYlz2UCl+sdUDmNIg==" }, "rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "dev": true, "requires": { "glob": "^7.1.3" } @@ -4478,14 +4422,6 @@ } } }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "requires": { - "is-plain-obj": "^1.0.0" - } - }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -4616,10 +4552,10 @@ "integrity": "sha1-NbCYdbT/SfJqd35QmzCQoyJr8ks=", "dev": true }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=" + "stream-buffers": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz", + "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==" }, "string-length": { "version": "3.1.0", @@ -4653,14 +4589,6 @@ "strip-ansi": "^6.0.0" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - } - }, "strip-ansi": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", @@ -4720,6 +4648,19 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, + "tar": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.0.5.tgz", + "integrity": "sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==", + "requires": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^3.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + } + }, "terminal-link": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", @@ -4747,10 +4688,21 @@ "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=" + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "requires": { + "rimraf": "^3.0.0" + } + }, + "tmp-promise": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.2.tgz", + "integrity": "sha512-OyCLAKU1HzBjL6Ev3gxUeraJNlbNingmi8IrHHEsYH8LTmEuhvYfqvhn2F/je+mjf4N58UmZ96OMEy1JanSCpA==", + "requires": { + "tmp": "^0.2.0" + } }, "tmpl": { "version": "1.0.4", @@ -4874,9 +4826,9 @@ } }, "underscore": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz", - "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg==" + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz", + "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw==" }, "union-value": { "version": "1.0.1", @@ -4944,30 +4896,12 @@ "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "dev": true }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "requires": { - "prepend-http": "^2.0.0" - } - }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=" - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true }, - "util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -5147,9 +5081,9 @@ "dev": true }, "yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "yargs": { "version": "15.3.1", diff --git a/hooks/imperative-subsequent-scans/package.json b/hooks/imperative-subsequent-scans/package.json index ce2dd0c6..7e4e427a 100644 --- a/hooks/imperative-subsequent-scans/package.json +++ b/hooks/imperative-subsequent-scans/package.json @@ -22,13 +22,13 @@ "url": "https://www.iteratec.com" }, "contributors": [ - { - "name" : "Jannik Hollenbach", - "url" : "https://github.com/J12934" + { + "name": "Jannik Hollenbach", + "url": "https://github.com/J12934" }, - { - "name" : "Robert Seedorff", - "url" : "https://github.com/rseedorff" + { + "name": "Robert Seedorff", + "url": "https://github.com/rseedorff" } ], "bugs": { @@ -36,7 +36,7 @@ }, "license": "Apache-2.0", "dependencies": { - "@kubernetes/client-node": "^0.12.0", + "@kubernetes/client-node": "^0.12.2", "lodash.set": "^4.3.2" }, "devDependencies": { diff --git a/parser-sdk/nodejs/package-lock.json b/parser-sdk/nodejs/package-lock.json index 5bdc911f..388ed01a 100644 --- a/parser-sdk/nodejs/package-lock.json +++ b/parser-sdk/nodejs/package-lock.json @@ -457,13 +457,15 @@ } }, "@kubernetes/client-node": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.0.tgz", - "integrity": "sha512-u57q5IaZl91f7YZoZOsgCa31hHyowHxFG88XZXd8arI8heSxbdHWHineo/8mLZbeSbHkge9Awae1stQZzuTnjg==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.2.tgz", + "integrity": "sha512-J0UwyFl1Iv/IZ6WMP7LaizBEoKPnqwtc8tIO2q/X+EuDT7eGpPPAMHXSEOC/EI9JGIf0FaJEcDHhB/Dio/mKhw==", "requires": { "@types/js-yaml": "^3.12.1", "@types/node": "^10.12.0", "@types/request": "^2.47.1", + "@types/stream-buffers": "^3.0.3", + "@types/tar": "^4.0.3", "@types/underscore": "^1.8.9", "@types/ws": "^6.0.1", "byline": "^5.0.0", @@ -471,29 +473,35 @@ "isomorphic-ws": "^4.0.1", "js-yaml": "^3.13.1", "jsonpath-plus": "^0.19.0", - "openid-client": "2.5.0", + "openid-client": "^4.1.1", "request": "^2.88.0", "rfc4648": "^1.3.0", "shelljs": "^0.8.2", + "stream-buffers": "^3.0.2", + "tar": "^6.0.2", + "tmp-promise": "^3.0.2", "tslib": "^1.9.3", "underscore": "^1.9.1", - "ws": "^6.1.0" - }, - "dependencies": { - "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", - "requires": { - "async-limiter": "~1.0.0" - } - } + "ws": "^7.3.1" } }, + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==" + }, "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==" + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.2.tgz", + "integrity": "sha512-JiX9vxoKMmu8Y3Zr2RVathBL1Cdu4Nt4MuNWemt1Nc06A0RAin9c5FArkhGsyMBWfCu4zj+9b+GxtjAnE4qqLQ==" + }, + "@szmarczak/http-timer": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", + "integrity": "sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==", + "requires": { + "defer-to-connect": "^2.0.0" + } }, "@types/babel__core": { "version": "7.1.6", @@ -536,11 +544,27 @@ "@babel/types": "^7.3.0" } }, + "@types/cacheable-request": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", + "integrity": "sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==", + "requires": { + "@types/http-cache-semantics": "*", + "@types/keyv": "*", + "@types/node": "*", + "@types/responselike": "*" + } + }, "@types/caseless": { "version": "0.12.2", "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz", "integrity": "sha512-6ckxMjBBD8URvjB6J3NcnuAn5Pkl7t3TizAg+xdlzzQGSPSmBcXf8KoIH0ua/i+tio+ZRUHEXp0HEmvaR4kt0w==" }, + "@types/http-cache-semantics": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", + "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==" + }, "@types/istanbul-lib-coverage": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.1.tgz", @@ -567,14 +591,30 @@ } }, "@types/js-yaml": { - "version": "3.12.4", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", - "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==" + "version": "3.12.5", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz", + "integrity": "sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==" + }, + "@types/keyv": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.1.tgz", + "integrity": "sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==", + "requires": { + "@types/node": "*" + } + }, + "@types/minipass": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@types/minipass/-/minipass-2.2.0.tgz", + "integrity": "sha512-wuzZksN4w4kyfoOv/dlpov4NOunwutLA/q7uc00xU02ZyUY+aoM5PWIXEKBMnm0NHd4a+N71BMjq+x7+2Af1fg==", + "requires": { + "@types/node": "*" + } }, "@types/node": { - "version": "10.17.26", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz", - "integrity": "sha512-myMwkO2Cr82kirHY8uknNRHEVtn0wV3DTQfkrjx17jmkstDRZ24gNUdl8AHXVyVclTYI/bNjgTPTAWvWLqXqkw==" + "version": "10.17.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.35.tgz", + "integrity": "sha512-gXx7jAWpMddu0f7a+L+txMplp3FnHl53OhQIF9puXKq3hDGY/GjH+MF04oWnV/adPSCrbtHumDCFwzq2VhltWA==" }, "@types/request": { "version": "2.48.5", @@ -587,21 +627,46 @@ "form-data": "^2.5.0" } }, + "@types/responselike": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz", + "integrity": "sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==", + "requires": { + "@types/node": "*" + } + }, "@types/stack-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-1.0.1.tgz", "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==", "dev": true }, + "@types/stream-buffers": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/stream-buffers/-/stream-buffers-3.0.3.tgz", + "integrity": "sha512-NeFeX7YfFZDYsCfbuaOmFQ0OjSmHreKBpp7MQ4alWQBHeh2USLsj7qyMyn9t82kjqIX516CR/5SRHnARduRtbQ==", + "requires": { + "@types/node": "*" + } + }, + "@types/tar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/tar/-/tar-4.0.3.tgz", + "integrity": "sha512-Z7AVMMlkI8NTWF0qGhC4QIX0zkV/+y0J8x7b/RsHrN0310+YNjoJd8UrApCiGBCWtKjxS9QhNqLi2UJNToh5hA==", + "requires": { + "@types/minipass": "*", + "@types/node": "*" + } + }, "@types/tough-cookie": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.0.tgz", "integrity": "sha512-I99sngh224D0M7XgW1s120zxCt3VYQ3IQsuw3P3jbq5GG4yc79+ZjyKznyOGIQrflfylLgcfekeZW/vk0yng6A==" }, "@types/underscore": { - "version": "1.10.1", - "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.1.tgz", - "integrity": "sha512-RRQWytGzPUhybKdf7jhfcySkdEHMDsVZ0gU3XVIxeqms1UKu3+ICaTXNaNGAkcUbIJ8SUKpmUIS1z9mDVc7seg==" + "version": "1.10.23", + "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.23.tgz", + "integrity": "sha512-vX1NPekXhrLquFWskH2thcvFAha187F/lM6xYOoEMZWwJ/6alSk0/ttmGP/YRqcqtCv0TMbZjYAdZyHAEcuU4g==" }, "@types/ws": { "version": "6.0.4", @@ -663,12 +728,12 @@ "dev": true }, "aggregate-error": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-1.0.0.tgz", - "integrity": "sha1-iINE2tAiCnLjr1CQYRf0h3GSX6w=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", "requires": { - "clean-stack": "^1.0.0", - "indent-string": "^3.0.0" + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" } }, "ajv": { @@ -779,7 +844,8 @@ "async-limiter": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" + "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", + "dev": true }, "asynckit": { "version": "0.4.0", @@ -916,11 +982,6 @@ } } }, - "base64-js": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", - "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" - }, "base64url": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", @@ -1005,14 +1066,6 @@ } } }, - "browserify-zlib": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", - "requires": { - "pako": "~1.0.5" - } - }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1022,15 +1075,6 @@ "node-int64": "^0.4.0" } }, - "buffer": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", - "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", - "requires": { - "base64-js": "^1.0.2", - "ieee754": "^1.1.4" - } - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -1059,29 +1103,32 @@ "unset-value": "^1.0.0" } }, + "cacheable-lookup": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.3.tgz", + "integrity": "sha512-W+JBqF9SWe18A72XFzN/V/CULFzPm7sBXzzR6ekkE+3tLG72wFZrBiBZhrZuDoYexop4PHJVdFAKb/Nj9+tm9w==" + }, "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", - "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.1.tgz", + "integrity": "sha512-lt0mJ6YAnsrBErpTMWeu5kl/tg9xMAWjavYTN6VQXM1A/teBITuNcccXsCxF0tDQQJf9DfAaX5O4e0zp0KlfZw==", + "requires": { + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", + "http-cache-semantics": "^4.0.0", + "keyv": "^4.0.0", + "lowercase-keys": "^2.0.0", + "normalize-url": "^4.1.0", + "responselike": "^2.0.0" }, "dependencies": { "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=" + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "requires": { + "pump": "^3.0.0" + } } } }, @@ -1122,6 +1169,11 @@ "supports-color": "^5.3.0" } }, + "chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==" + }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -1152,9 +1204,9 @@ } }, "clean-stack": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-1.3.0.tgz", - "integrity": "sha1-noIVAa6XmYbEax1m0tQy2y/UrjE=" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==" }, "cliui": { "version": "5.0.0", @@ -1321,14 +1373,22 @@ "decode-uri-component": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz", - "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=" + "integrity": "sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU=", + "dev": true }, "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "requires": { - "mimic-response": "^1.0.0" + "mimic-response": "^3.1.0" + }, + "dependencies": { + "mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==" + } } }, "deep-is": { @@ -1337,6 +1397,11 @@ "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", "dev": true }, + "defer-to-connect": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.0.tgz", + "integrity": "sha512-bYL2d05vOSf1JEZNx5vSAtPuBMkX8K9EUutg7zlKvTqKXHt7RhWJFbmd7qakVuf13i+IkGmp6FwSsONOf6VYIg==" + }, "define-properties": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", @@ -1413,11 +1478,6 @@ "webidl-conversions": "^4.0.2" } }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=" - }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", @@ -1480,11 +1540,6 @@ "is-symbol": "^1.0.2" } }, - "es6-promise": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" - }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1800,13 +1855,12 @@ "map-cache": "^0.2.2" } }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", + "fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" + "minipass": "^3.0.0" } }, "fs.realpath": { @@ -2425,34 +2479,21 @@ "dev": true }, "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=" - } + "version": "11.7.0", + "resolved": "https://registry.npmjs.org/got/-/got-11.7.0.tgz", + "integrity": "sha512-7en2XwH2MEqOsrK0xaKhbWibBoZqy+f1RSUoIeF1BLcnf+pyQdDsljWMfmOh+QKJwuvDIiKx38GtPh5wFdGGjg==", + "requires": { + "@sindresorhus/is": "^3.1.1", + "@szmarczak/http-timer": "^4.0.5", + "@types/cacheable-request": "^6.0.1", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.1", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", + "lowercase-keys": "^2.0.0", + "p-cancelable": "^2.0.0", + "responselike": "^2.0.0" } }, "graceful-fs": { @@ -2496,25 +2537,12 @@ "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", "dev": true }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==" - }, "has-symbols": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz", "integrity": "sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==", "dev": true }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "requires": { - "has-symbol-support-x": "^1.4.1" - } - }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2569,9 +2597,9 @@ "dev": true }, "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==" + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz", + "integrity": "sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==" }, "http-signature": { "version": "1.2.0", @@ -2583,6 +2611,15 @@ "sshpk": "^1.7.0" } }, + "http2-wrapper": { + "version": "1.0.0-beta.5.2", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.0-beta.5.2.tgz", + "integrity": "sha512-xYz9goEyBnC8XwXDTuC/MZ6t+MrKVQZOk4s7+PaDkwIsQd8IwqvM+0M6bA/2lvG8GHXcPdf+MejTUeO2LCPCeQ==", + "requires": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + } + }, "iconv-lite": { "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", @@ -2592,11 +2629,6 @@ "safer-buffer": ">= 2.1.2 < 3" } }, - "ieee754": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", - "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" - }, "import-local": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/import-local/-/import-local-2.0.0.tgz", @@ -2614,9 +2646,9 @@ "dev": true }, "indent-string": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz", - "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==" }, "inflight": { "version": "1.0.6", @@ -2637,15 +2669,6 @@ "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==" }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, "invariant": { "version": "2.2.4", "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", @@ -2785,16 +2808,6 @@ } } }, - "is-object": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.1.tgz", - "integrity": "sha1-iVJojF7C/9awPsyF52ngKQMINHA=" - }, - "is-plain-obj": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", - "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4=" - }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2813,11 +2826,6 @@ "has": "^1.0.3" } }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==" - }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", @@ -2852,7 +2860,8 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true }, "isexe": { "version": "2.0.0", @@ -2965,15 +2974,6 @@ "html-escaper": "^2.0.0" } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", - "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" - } - }, "jest": { "version": "24.9.0", "resolved": "https://registry.npmjs.org/jest/-/jest-24.9.0.tgz", @@ -3400,6 +3400,14 @@ } } }, + "jose": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.2.tgz", + "integrity": "sha512-yD93lsiMA1go/qxSY/vXWBodmIZJIxeB7QhFi8z1yQ3KUwKENqI9UA8VCHlQ5h3x1zWuWZjoY87ByQzkQbIrQg==", + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -3472,9 +3480,9 @@ "dev": true }, "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==" }, "json-parse-better-errors": { "version": "1.0.2", @@ -3523,11 +3531,11 @@ } }, "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.0.3.tgz", + "integrity": "sha512-zdGa2TOpSZPq5mU6iowDARnMBZgtCqJ11dJROFi6tg6kTn4nuUdU09lFyLFSaHrWqpIJ+EBq4E8/Dc0Vx5vLdA==", "requires": { - "json-buffer": "3.0.0" + "json-buffer": "3.0.1" } }, "kind-of": { @@ -3589,7 +3597,8 @@ "lodash": { "version": "4.17.19", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==", + "dev": true }, "lodash.sortby": { "version": "4.7.0", @@ -3597,11 +3606,6 @@ "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=", "dev": true }, - "long": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" - }, "loose-envify": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", @@ -3612,16 +3616,16 @@ } }, "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==" }, "lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "requires": { - "yallist": "^3.0.2" + "yallist": "^4.0.0" } }, "make-dir": { @@ -3642,6 +3646,11 @@ } } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, "makeerror": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", @@ -3725,6 +3734,23 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "dev": true }, + "minipass": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", + "integrity": "sha512-Mgd2GdMVzY+x3IJ+oHnVM+KG3lA5c8tnabyJKmHSaG2kAGpudxuOf8ToDkhumF7UzME7DecbQE9uOZhNm7PuJg==", + "requires": { + "yallist": "^4.0.0" + } + }, + "minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "requires": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" + } + }, "mixin-deep": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", @@ -3798,34 +3824,12 @@ "resolved": "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz", "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" }, - "node-forge": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", - "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==" - }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-jose": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", - "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", - "requires": { - "base64url": "^3.0.1", - "browserify-zlib": "^0.2.0", - "buffer": "^5.5.0", - "es6-promise": "^4.2.8", - "lodash": "^4.17.15", - "long": "^4.0.0", - "node-forge": "^0.8.5", - "process": "^0.11.10", - "react-zlib-js": "^1.0.4", - "uuid": "^3.3.3" - } - }, "node-modules-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", @@ -3867,14 +3871,9 @@ } }, "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - } + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", + "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==" }, "npm-run-path": { "version": "2.0.2", @@ -3895,11 +3894,6 @@ "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=" - }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", @@ -3932,9 +3926,9 @@ } }, "object-hash": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-1.3.1.tgz", - "integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA==" + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.0.3.tgz", + "integrity": "sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==" }, "object-inspect": { "version": "1.7.0", @@ -3989,9 +3983,9 @@ } }, "oidc-token-hash": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-3.0.2.tgz", - "integrity": "sha512-dTzp80/y/da+um+i+sOucNqiPpwRL7M/xPwj7pH1TFA2/bqQ+OK2sJahSXbemEoLtPkHcFLyhLhLWZa9yW5+RA==" + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.0.tgz", + "integrity": "sha512-8Yr4CZSv+Tn8ZkN3iN2i2w2G92mUKClp4z7EGUfdsERiYSbj7P4i/NHm72ft+aUdsiFx9UdIPSTwbyzQ6C4URg==" }, "once": { "version": "1.4.0", @@ -4002,18 +3996,18 @@ } }, "openid-client": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-2.5.0.tgz", - "integrity": "sha512-t3hFD7xEoW1U25RyBcRFaL19fGGs6hNVTysq9pgmiltH0IVUPzH/bQV9w24pM5Q7MunnGv2/5XjIru6BQcWdxg==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-4.1.1.tgz", + "integrity": "sha512-/qch3I3v8UtO0A7wVgyXJJjGX/knR8bv06DQpLuKQqLG5u4AHcgusGuVKPKAcneLZvHKbKovF2+3e2ngXyuudA==", "requires": { - "base64url": "^3.0.0", - "got": "^8.3.2", - "lodash": "^4.17.11", - "lru-cache": "^5.1.1", - "node-jose": "^1.1.0", - "object-hash": "^1.3.1", - "oidc-token-hash": "^3.0.1", - "p-any": "^1.1.0" + "base64url": "^3.0.1", + "got": "^11.6.2", + "jose": "^2.0.2", + "lru-cache": "^6.0.0", + "make-error": "^1.3.6", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.0", + "p-any": "^3.0.0" } }, "optionator": { @@ -4031,17 +4025,18 @@ } }, "p-any": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-any/-/p-any-1.1.0.tgz", - "integrity": "sha512-Ef0tVa4CZ5pTAmKn+Cg3w8ABBXh+hHO1aV8281dKOoUHfX+3tjG2EaFcC+aZyagg9b4EYGsHEjz21DnEE8Og2g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-any/-/p-any-3.0.0.tgz", + "integrity": "sha512-5rqbqfsRWNb0sukt0awwgJMlaep+8jV45S15SKKB34z4UuzjcofIfnriCBhWjZP2jbVtjt9yRl7buB6RlKsu9w==", "requires": { - "p-some": "^2.0.0" + "p-cancelable": "^2.0.0", + "p-some": "^5.0.0" } }, "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.0.0.tgz", + "integrity": "sha512-wvPXDmbMmu2ksjkB4Z3nZWTSkJEb9lqVdMaCKpZUGJG9TMiNp9XcbG3fn9fPKjem04fJMJnXoyFPk2FmgiaiNg==" }, "p-each-series": { "version": "1.0.0", @@ -4057,11 +4052,6 @@ "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=" - }, "p-limit": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.2.tgz", @@ -4087,19 +4077,12 @@ "dev": true }, "p-some": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-some/-/p-some-2.0.1.tgz", - "integrity": "sha1-Zdh8ixVO289SIdFnd4ttLhUPbwY=", - "requires": { - "aggregate-error": "^1.0.0" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-some/-/p-some-5.0.0.tgz", + "integrity": "sha512-Js5XZxo6vHjB9NOYAzWDYAIyyiPvva0DWESAIWIK7uhSpGsyg5FwUPxipU/SOQx5x9EqhOh545d1jo6cVkitig==", "requires": { - "p-finally": "^1.0.0" + "aggregate-error": "^3.0.0", + "p-cancelable": "^2.0.0" } }, "p-try": { @@ -4108,11 +4091,6 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", "dev": true }, - "pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" - }, "parse-json": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", @@ -4173,7 +4151,8 @@ "pify": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=" + "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", + "dev": true }, "pirates": { "version": "4.0.1", @@ -4211,11 +4190,6 @@ "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", "dev": true }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=" - }, "pretty-format": { "version": "24.9.0", "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-24.9.0.tgz", @@ -4228,16 +4202,6 @@ "react-is": "^16.8.4" } }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" - }, - "process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==" - }, "prompts": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", @@ -4272,15 +4236,10 @@ "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" }, - "query-string": { + "quick-lru": { "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==" }, "react-is": { "version": "16.13.1", @@ -4288,11 +4247,6 @@ "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", "dev": true }, - "react-zlib-js": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", - "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==" - }, "read-pkg": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-3.0.0.tgz", @@ -4314,27 +4268,6 @@ "read-pkg": "^3.0.0" } }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - }, - "dependencies": { - "safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - } - } - }, "realpath-native": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-1.1.0.tgz", @@ -4459,6 +4392,11 @@ "path-parse": "^1.0.6" } }, + "resolve-alpn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.0.0.tgz", + "integrity": "sha512-rTuiIEqFmGxne4IovivKSDzld2lWW9QCjqv80SYjPgf+gS35eaCAjaP54CCwGAwBtnCsvNLYtqxe1Nw+i6JEmA==" + }, "resolve-cwd": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-2.0.0.tgz", @@ -4481,11 +4419,11 @@ "dev": true }, "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.0.tgz", + "integrity": "sha512-xH48u3FTB9VsZw7R+vvgaKeLKzT6jOogbQhEe/jewwnZgzPcnyWui2Av6JpoYZF/91uueC+lqhWqeURw5/qhCw==", "requires": { - "lowercase-keys": "^1.0.0" + "lowercase-keys": "^2.0.0" } }, "ret": { @@ -4495,9 +4433,9 @@ "dev": true }, "rfc4648": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.3.0.tgz", - "integrity": "sha512-x36K12jOflpm1V8QjPq3I+pt7Z1xzeZIjiC8J2Oxd7bE1efTrOG241DTYVJByP/SxR9jl1t7iZqYxDX864jgBQ==" + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.4.0.tgz", + "integrity": "sha512-3qIzGhHlMHA6PoT6+cdPKZ+ZqtxkIvg8DZGKA5z6PQ33/uuhoJ+Ws/D/J9rXW6gXodgH8QYlz2UCl+sdUDmNIg==" }, "rimraf": { "version": "2.7.1", @@ -4758,14 +4696,6 @@ } } }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "requires": { - "is-plain-obj": "^1.0.0" - } - }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -4896,10 +4826,10 @@ "integrity": "sha1-NbCYdbT/SfJqd35QmzCQoyJr8ks=", "dev": true }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=" + "stream-buffers": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz", + "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==" }, "string-length": { "version": "2.0.0", @@ -4981,21 +4911,6 @@ "es-abstract": "^1.17.5" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - }, - "dependencies": { - "safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" - } - } - }, "strip-ansi": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", @@ -5031,6 +4946,26 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, + "tar": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.0.5.tgz", + "integrity": "sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==", + "requires": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^3.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + }, + "dependencies": { + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==" + } + } + }, "test-exclude": { "version": "5.2.3", "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-5.2.3.tgz", @@ -5049,10 +4984,31 @@ "integrity": "sha1-iQN8vJLFarGJJua6TLsgDhVnKmo=", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=" + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "requires": { + "rimraf": "^3.0.0" + }, + "dependencies": { + "rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "requires": { + "glob": "^7.1.3" + } + } + } + }, + "tmp-promise": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.2.tgz", + "integrity": "sha512-OyCLAKU1HzBjL6Ev3gxUeraJNlbNingmi8IrHHEsYH8LTmEuhvYfqvhn2F/je+mjf4N58UmZ96OMEy1JanSCpA==", + "requires": { + "tmp": "^0.2.0" + } }, "tmpl": { "version": "1.0.4", @@ -5154,9 +5110,9 @@ } }, "underscore": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz", - "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg==" + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz", + "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw==" }, "union-value": { "version": "1.0.1", @@ -5224,30 +5180,12 @@ "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "dev": true }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "requires": { - "prepend-http": "^2.0.0" - } - }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=" - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true }, - "util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=" - }, "util.promisify": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz", @@ -5400,9 +5338,9 @@ "dev": true }, "yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "yargs": { "version": "13.3.2", diff --git a/parser-sdk/nodejs/package.json b/parser-sdk/nodejs/package.json index 2368aa60..bda7e796 100644 --- a/parser-sdk/nodejs/package.json +++ b/parser-sdk/nodejs/package.json @@ -10,7 +10,7 @@ "author": "iteratec GmbH", "license": "Apache-2.0", "dependencies": { - "@kubernetes/client-node": "^0.12.0", + "@kubernetes/client-node": "^0.12.2", "axios": "^0.20.0", "uuid": "^3.3.3", "ws": "^7.3.1" diff --git a/tests/integration/package-lock.json b/tests/integration/package-lock.json index 16a1934d..823d9a31 100644 --- a/tests/integration/package-lock.json +++ b/tests/integration/package-lock.json @@ -524,14 +524,16 @@ } }, "@kubernetes/client-node": { - "version": "0.11.1", - "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.11.1.tgz", - "integrity": "sha512-0A4nwErxzJiGt3WYMR6rvcQF46hFz04b6uCmW7Kuj+Cl0zwe7KKxeMiqbZDtHPOq1CcOHOIcKNWCacUKL5CdxQ==", + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@kubernetes/client-node/-/client-node-0.12.2.tgz", + "integrity": "sha512-J0UwyFl1Iv/IZ6WMP7LaizBEoKPnqwtc8tIO2q/X+EuDT7eGpPPAMHXSEOC/EI9JGIf0FaJEcDHhB/Dio/mKhw==", "dev": true, "requires": { "@types/js-yaml": "^3.12.1", "@types/node": "^10.12.0", "@types/request": "^2.47.1", + "@types/stream-buffers": "^3.0.3", + "@types/tar": "^4.0.3", "@types/underscore": "^1.8.9", "@types/ws": "^6.0.1", "byline": "^5.0.0", @@ -539,30 +541,36 @@ "isomorphic-ws": "^4.0.1", "js-yaml": "^3.13.1", "jsonpath-plus": "^0.19.0", - "openid-client": "2.5.0", + "openid-client": "^4.1.1", "request": "^2.88.0", "rfc4648": "^1.3.0", "shelljs": "^0.8.2", + "stream-buffers": "^3.0.2", + "tar": "^6.0.2", + "tmp-promise": "^3.0.2", "tslib": "^1.9.3", "underscore": "^1.9.1", - "ws": "^6.1.0" + "ws": "^7.3.1" }, "dependencies": { "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", - "dev": true, - "requires": { - "async-limiter": "~1.0.0" - } + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.1.tgz", + "integrity": "sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==", + "dev": true } } }, + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==", + "dev": true + }, "@sindresorhus/is": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz", - "integrity": "sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-3.1.2.tgz", + "integrity": "sha512-JiX9vxoKMmu8Y3Zr2RVathBL1Cdu4Nt4MuNWemt1Nc06A0RAin9c5FArkhGsyMBWfCu4zj+9b+GxtjAnE4qqLQ==", "dev": true }, "@sinonjs/commons": { @@ -574,6 +582,15 @@ "type-detect": "4.0.8" } }, + "@szmarczak/http-timer": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.5.tgz", + "integrity": "sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==", + "dev": true, + "requires": { + "defer-to-connect": "^2.0.0" + } + }, "@types/babel__core": { "version": "7.1.7", "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.7.tgz", @@ -615,6 +632,18 @@ "@babel/types": "^7.3.0" } }, + "@types/cacheable-request": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.1.tgz", + "integrity": "sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==", + "dev": true, + "requires": { + "@types/http-cache-semantics": "*", + "@types/keyv": "*", + "@types/node": "*", + "@types/responselike": "*" + } + }, "@types/caseless": { "version": "0.12.2", "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz", @@ -627,6 +656,12 @@ "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==", "dev": true }, + "@types/http-cache-semantics": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz", + "integrity": "sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==", + "dev": true + }, "@types/istanbul-lib-coverage": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.1.tgz", @@ -653,15 +688,33 @@ } }, "@types/js-yaml": { - "version": "3.12.3", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.3.tgz", - "integrity": "sha512-otRe77JNNWzoVGLKw8TCspKswRoQToys4tuL6XYVBFxjgeM0RUrx7m3jkaTdxILxeGry3zM8mGYkGXMeQ02guA==", + "version": "3.12.5", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.5.tgz", + "integrity": "sha512-JCcp6J0GV66Y4ZMDAQCXot4xprYB+Zfd3meK9+INSJeVZwJmHAW30BBEEkPzXswMXuiyReUGOP3GxrADc9wPww==", "dev": true }, + "@types/keyv": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.1.tgz", + "integrity": "sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==", + "dev": true, + "requires": { + "@types/node": "*" + } + }, + "@types/minipass": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/@types/minipass/-/minipass-2.2.0.tgz", + "integrity": "sha512-wuzZksN4w4kyfoOv/dlpov4NOunwutLA/q7uc00xU02ZyUY+aoM5PWIXEKBMnm0NHd4a+N71BMjq+x7+2Af1fg==", + "dev": true, + "requires": { + "@types/node": "*" + } + }, "@types/node": { - "version": "10.17.18", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.18.tgz", - "integrity": "sha512-DQ2hl/Jl3g33KuAUOcMrcAOtsbzb+y/ufakzAdeK9z/H/xsvkpbETZZbPNMIiQuk24f5ZRMCcZIViAwyFIiKmg==", + "version": "10.17.35", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.35.tgz", + "integrity": "sha512-gXx7jAWpMddu0f7a+L+txMplp3FnHl53OhQIF9puXKq3hDGY/GjH+MF04oWnV/adPSCrbtHumDCFwzq2VhltWA==", "dev": true }, "@types/prettier": { @@ -671,9 +724,9 @@ "dev": true }, "@types/request": { - "version": "2.48.4", - "resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.4.tgz", - "integrity": "sha512-W1t1MTKYR8PxICH+A4HgEIPuAC3sbljoEVfyZbeFJJDbr30guDspJri2XOaM2E+Un7ZjrihaDi7cf6fPa2tbgw==", + "version": "2.48.5", + "resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.5.tgz", + "integrity": "sha512-/LO7xRVnL3DxJ1WkPGDQrp4VTV1reX9RkC85mJ+Qzykj2Bdw+mG15aAfDahc76HtknjzE16SX/Yddn6MxVbmGQ==", "dev": true, "requires": { "@types/caseless": "*", @@ -695,12 +748,40 @@ } } }, + "@types/responselike": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.0.tgz", + "integrity": "sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==", + "dev": true, + "requires": { + "@types/node": "*" + } + }, "@types/stack-utils": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-1.0.1.tgz", "integrity": "sha512-l42BggppR6zLmpfU6fq9HEa2oGPEI8yrSPL3GITjfRInppYFahObbIQOQK3UGxEnyQpltZLaPe75046NOZQikw==", "dev": true }, + "@types/stream-buffers": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/stream-buffers/-/stream-buffers-3.0.3.tgz", + "integrity": "sha512-NeFeX7YfFZDYsCfbuaOmFQ0OjSmHreKBpp7MQ4alWQBHeh2USLsj7qyMyn9t82kjqIX516CR/5SRHnARduRtbQ==", + "dev": true, + "requires": { + "@types/node": "*" + } + }, + "@types/tar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/tar/-/tar-4.0.3.tgz", + "integrity": "sha512-Z7AVMMlkI8NTWF0qGhC4QIX0zkV/+y0J8x7b/RsHrN0310+YNjoJd8UrApCiGBCWtKjxS9QhNqLi2UJNToh5hA==", + "dev": true, + "requires": { + "@types/minipass": "*", + "@types/node": "*" + } + }, "@types/tough-cookie": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.0.tgz", @@ -708,9 +789,9 @@ "dev": true }, "@types/underscore": { - "version": "1.9.4", - "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.9.4.tgz", - "integrity": "sha512-CjHWEMECc2/UxOZh0kpiz3lEyX2Px3rQS9HzD20lxMvx571ivOBQKeLnqEjxUY0BMgp6WJWo/pQLRBwMW5v4WQ==", + "version": "1.10.23", + "resolved": "https://registry.npmjs.org/@types/underscore/-/underscore-1.10.23.tgz", + "integrity": "sha512-vX1NPekXhrLquFWskH2thcvFAha187F/lM6xYOoEMZWwJ/6alSk0/ttmGP/YRqcqtCv0TMbZjYAdZyHAEcuU4g==", "dev": true }, "@types/ws": { @@ -774,13 +855,13 @@ "dev": true }, "aggregate-error": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-1.0.0.tgz", - "integrity": "sha1-iINE2tAiCnLjr1CQYRf0h3GSX6w=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", "dev": true, "requires": { - "clean-stack": "^1.0.0", - "indent-string": "^3.0.0" + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" } }, "ajv": { @@ -896,12 +977,6 @@ "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==", "dev": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", - "dev": true - }, "asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -1035,12 +1110,6 @@ } } }, - "base64-js": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", - "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==", - "dev": true - }, "base64url": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", @@ -1098,15 +1167,6 @@ } } }, - "browserify-zlib": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", - "dev": true, - "requires": { - "pako": "~1.0.5" - } - }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1116,16 +1176,6 @@ "node-int64": "^0.4.0" } }, - "buffer": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.5.0.tgz", - "integrity": "sha512-9FTEDjLjwoAkEwyMGDjYJQN2gfRgOKBKRfiglhvibGbpeeU/pQn1bJxQqm32OD/AIeEuHxU9roxXxg34Byp/Ww==", - "dev": true, - "requires": { - "base64-js": "^1.0.2", - "ieee754": "^1.1.4" - } - }, "buffer-from": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", @@ -1155,32 +1205,35 @@ "unset-value": "^1.0.0" } }, + "cacheable-lookup": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.3.tgz", + "integrity": "sha512-W+JBqF9SWe18A72XFzN/V/CULFzPm7sBXzzR6ekkE+3tLG72wFZrBiBZhrZuDoYexop4PHJVdFAKb/Nj9+tm9w==", + "dev": true + }, "cacheable-request": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-2.1.4.tgz", - "integrity": "sha1-DYCIAbY0KtM8kd+dC0TcCbkeXD0=", + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.1.tgz", + "integrity": "sha512-lt0mJ6YAnsrBErpTMWeu5kl/tg9xMAWjavYTN6VQXM1A/teBITuNcccXsCxF0tDQQJf9DfAaX5O4e0zp0KlfZw==", "dev": true, "requires": { - "clone-response": "1.0.2", - "get-stream": "3.0.0", - "http-cache-semantics": "3.8.1", - "keyv": "3.0.0", - "lowercase-keys": "1.0.0", - "normalize-url": "2.0.1", - "responselike": "1.0.2" + "clone-response": "^1.0.2", + "get-stream": "^5.1.0", + "http-cache-semantics": "^4.0.0", + "keyv": "^4.0.0", + "lowercase-keys": "^2.0.0", + "normalize-url": "^4.1.0", + "responselike": "^2.0.0" }, "dependencies": { "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - }, - "lowercase-keys": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.0.tgz", - "integrity": "sha1-TjNms55/VFfjXxMkvfb4jQv8cwY=", - "dev": true + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz", + "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==", + "dev": true, + "requires": { + "pump": "^3.0.0" + } } } }, @@ -1221,6 +1274,12 @@ "supports-color": "^7.1.0" } }, + "chownr": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", + "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==", + "dev": true + }, "ci-info": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz", @@ -1251,9 +1310,9 @@ } }, "clean-stack": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-1.3.0.tgz", - "integrity": "sha1-noIVAa6XmYbEax1m0tQy2y/UrjE=", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", "dev": true }, "cliui": { @@ -1450,12 +1509,20 @@ "dev": true }, "decompress-response": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", - "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", "dev": true, "requires": { - "mimic-response": "^1.0.0" + "mimic-response": "^3.1.0" + }, + "dependencies": { + "mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "dev": true + } } }, "deep-is": { @@ -1470,6 +1537,12 @@ "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==", "dev": true }, + "defer-to-connect": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.0.tgz", + "integrity": "sha512-bYL2d05vOSf1JEZNx5vSAtPuBMkX8K9EUutg7zlKvTqKXHt7RhWJFbmd7qakVuf13i+IkGmp6FwSsONOf6VYIg==", + "dev": true + }, "define-property": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/define-property/-/define-property-2.0.2.tgz", @@ -1538,12 +1611,6 @@ "webidl-conversions": "^4.0.2" } }, - "duplexer3": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz", - "integrity": "sha1-7gHdHKwO08vH/b6jfcCo8c4ALOI=", - "dev": true - }, "ecc-jsbn": { "version": "0.1.2", "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", @@ -1569,12 +1636,6 @@ "once": "^1.4.0" } }, - "es6-promise": { - "version": "4.2.8", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", - "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==", - "dev": true - }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1879,14 +1940,13 @@ "map-cache": "^0.2.2" } }, - "from2": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/from2/-/from2-2.3.0.tgz", - "integrity": "sha1-i/tVAr3kpNNs/e6gB/zKIdfjgq8=", + "fs-minipass": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", + "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", "dev": true, "requires": { - "inherits": "^2.0.1", - "readable-stream": "^2.0.0" + "minipass": "^3.0.0" } }, "fs.realpath": { @@ -1959,36 +2019,22 @@ "dev": true }, "got": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/got/-/got-8.3.2.tgz", - "integrity": "sha512-qjUJ5U/hawxosMryILofZCkm3C84PLJS/0grRIpjAwu+Lkxxj5cxeCU25BG0/3mDSpXKTyZr8oh8wIgLaH0QCw==", - "dev": true, - "requires": { - "@sindresorhus/is": "^0.7.0", - "cacheable-request": "^2.1.1", - "decompress-response": "^3.3.0", - "duplexer3": "^0.1.4", - "get-stream": "^3.0.0", - "into-stream": "^3.1.0", - "is-retry-allowed": "^1.1.0", - "isurl": "^1.0.0-alpha5", - "lowercase-keys": "^1.0.0", - "mimic-response": "^1.0.0", - "p-cancelable": "^0.4.0", - "p-timeout": "^2.0.1", - "pify": "^3.0.0", - "safe-buffer": "^5.1.1", - "timed-out": "^4.0.1", - "url-parse-lax": "^3.0.0", - "url-to-options": "^1.0.1" - }, - "dependencies": { - "get-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz", - "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=", - "dev": true - } + "version": "11.7.0", + "resolved": "https://registry.npmjs.org/got/-/got-11.7.0.tgz", + "integrity": "sha512-7en2XwH2MEqOsrK0xaKhbWibBoZqy+f1RSUoIeF1BLcnf+pyQdDsljWMfmOh+QKJwuvDIiKx38GtPh5wFdGGjg==", + "dev": true, + "requires": { + "@sindresorhus/is": "^3.1.1", + "@szmarczak/http-timer": "^4.0.5", + "@types/cacheable-request": "^6.0.1", + "@types/responselike": "^1.0.0", + "cacheable-lookup": "^5.0.3", + "cacheable-request": "^7.0.1", + "decompress-response": "^6.0.0", + "http2-wrapper": "^1.0.0-beta.5.2", + "lowercase-keys": "^2.0.0", + "p-cancelable": "^2.0.0", + "responselike": "^2.0.0" } }, "graceful-fs": { @@ -2026,21 +2072,6 @@ "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, - "has-symbol-support-x": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz", - "integrity": "sha512-3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw==", - "dev": true - }, - "has-to-string-tag-x": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/has-to-string-tag-x/-/has-to-string-tag-x-1.4.1.tgz", - "integrity": "sha512-vdbKfmw+3LoOYVr+mtxHaX5a96+0f3DljYd8JOqvOLsf5mw2Otda2qCDT9qRqLAhrjyQ0h7ual5nOiASpsGNFw==", - "dev": true, - "requires": { - "has-symbol-support-x": "^1.4.1" - } - }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2109,9 +2140,9 @@ "dev": true }, "http-cache-semantics": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz", - "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz", + "integrity": "sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==", "dev": true }, "http-signature": { @@ -2125,6 +2156,16 @@ "sshpk": "^1.7.0" } }, + "http2-wrapper": { + "version": "1.0.0-beta.5.2", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.0-beta.5.2.tgz", + "integrity": "sha512-xYz9goEyBnC8XwXDTuC/MZ6t+MrKVQZOk4s7+PaDkwIsQd8IwqvM+0M6bA/2lvG8GHXcPdf+MejTUeO2LCPCeQ==", + "dev": true, + "requires": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.0.0" + } + }, "human-signals": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz", @@ -2140,12 +2181,6 @@ "safer-buffer": ">= 2.1.2 < 3" } }, - "ieee754": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", - "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==", - "dev": true - }, "import-local": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.0.2.tgz", @@ -2163,9 +2198,9 @@ "dev": true }, "indent-string": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz", - "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", "dev": true }, "inflight": { @@ -2185,21 +2220,11 @@ "dev": true }, "interpret": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.2.0.tgz", - "integrity": "sha512-mT34yGKMNceBQUoVn7iCDKDntA7SC6gycMAWzGx1z/CMCTV7b2AAtXlo3nRyHZ1FelRkQbQjprHSYGwzLtkVbw==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", + "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==", "dev": true }, - "into-stream": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/into-stream/-/into-stream-3.1.0.tgz", - "integrity": "sha1-lvsKk2wSur1v8XUqF9BWFqvQlMY=", - "dev": true, - "requires": { - "from2": "^2.1.1", - "p-is-promise": "^1.1.0" - } - }, "ip-regex": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz", @@ -2304,18 +2329,6 @@ "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true }, - "is-object": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-object/-/is-object-1.0.1.tgz", - "integrity": "sha1-iVJojF7C/9awPsyF52ngKQMINHA=", - "dev": true - }, - "is-plain-obj": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz", - "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4=", - "dev": true - }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2325,12 +2338,6 @@ "isobject": "^3.0.1" } }, - "is-retry-allowed": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.2.0.tgz", - "integrity": "sha512-RUbUeKwvm3XG2VYamhJL1xFktgjvPzL0Hq8C+6yrWIswDy3BIXGqCxhxkc30N9jqK311gVU137K8Ei55/zVJRg==", - "dev": true - }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", @@ -2439,16 +2446,6 @@ "istanbul-lib-report": "^3.0.0" } }, - "isurl": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isurl/-/isurl-1.0.0.tgz", - "integrity": "sha512-1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w==", - "dev": true, - "requires": { - "has-to-string-tag-x": "^1.2.0", - "is-object": "^1.0.1" - } - }, "jest": { "version": "25.2.4", "resolved": "https://registry.npmjs.org/jest/-/jest-25.2.4.tgz", @@ -2937,6 +2934,15 @@ "supports-color": "^7.0.0" } }, + "jose": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.2.tgz", + "integrity": "sha512-yD93lsiMA1go/qxSY/vXWBodmIZJIxeB7QhFi8z1yQ3KUwKENqI9UA8VCHlQ5h3x1zWuWZjoY87ByQzkQbIrQg==", + "dev": true, + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, "js-tokens": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", @@ -3000,9 +3006,9 @@ "dev": true }, "json-buffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.0.tgz", - "integrity": "sha1-Wx85evx11ne96Lz8Dkfh+aPZqJg=", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", "dev": true }, "json-schema": { @@ -3051,12 +3057,12 @@ } }, "keyv": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz", - "integrity": "sha512-eguHnq22OE3uVoSYG0LVWNP+4ppamWr9+zWBe1bsNcovIMy6huUJFPgy4mGwCd/rnl3vOLGW1MTlu4c57CT1xA==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.0.3.tgz", + "integrity": "sha512-zdGa2TOpSZPq5mU6iowDARnMBZgtCqJ11dJROFi6tg6kTn4nuUdU09lFyLFSaHrWqpIJ+EBq4E8/Dc0Vx5vLdA==", "dev": true, "requires": { - "json-buffer": "3.0.0" + "json-buffer": "3.0.1" } }, "kind-of": { @@ -3117,25 +3123,19 @@ "@sinonjs/commons": "^1.7.0" } }, - "long": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", - "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==", - "dev": true - }, "lowercase-keys": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz", - "integrity": "sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz", + "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==", "dev": true }, "lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", "dev": true, "requires": { - "yallist": "^3.0.2" + "yallist": "^4.0.0" } }, "make-dir": { @@ -3147,6 +3147,12 @@ "semver": "^6.0.0" } }, + "make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true + }, "makeerror": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", @@ -3229,6 +3235,25 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "dev": true }, + "minipass": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.1.3.tgz", + "integrity": "sha512-Mgd2GdMVzY+x3IJ+oHnVM+KG3lA5c8tnabyJKmHSaG2kAGpudxuOf8ToDkhumF7UzME7DecbQE9uOZhNm7PuJg==", + "dev": true, + "requires": { + "yallist": "^4.0.0" + } + }, + "minizlib": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", + "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", + "dev": true, + "requires": { + "minipass": "^3.0.0", + "yallist": "^4.0.0" + } + }, "mixin-deep": { "version": "1.3.2", "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz", @@ -3250,6 +3275,12 @@ } } }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "dev": true + }, "ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", @@ -3287,36 +3318,12 @@ "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==", "dev": true }, - "node-forge": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", - "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==", - "dev": true - }, "node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-jose": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", - "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", - "dev": true, - "requires": { - "base64url": "^3.0.1", - "browserify-zlib": "^0.2.0", - "buffer": "^5.5.0", - "es6-promise": "^4.2.8", - "lodash": "^4.17.15", - "long": "^4.0.0", - "node-forge": "^0.8.5", - "process": "^0.11.10", - "react-zlib-js": "^1.0.4", - "uuid": "^3.3.3" - } - }, "node-modules-regexp": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", @@ -3356,15 +3363,10 @@ "dev": true }, "normalize-url": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz", - "integrity": "sha512-D6MUW4K/VzoJ4rJ01JFKxDrtY1v9wrgzCX5f2qj/lzH1m/lW6MhUZFKerVsnyjOhOsYzI9Kqqak+10l4LvLpMw==", - "dev": true, - "requires": { - "prepend-http": "^2.0.0", - "query-string": "^5.0.1", - "sort-keys": "^2.0.0" - } + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", + "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==", + "dev": true }, "npm-run-path": { "version": "2.0.2", @@ -3387,12 +3389,6 @@ "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==", "dev": true }, - "object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", - "dev": true - }, "object-copy": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/object-copy/-/object-copy-0.1.0.tgz", @@ -3425,9 +3421,9 @@ } }, "object-hash": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-1.3.1.tgz", - "integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA==", + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.0.3.tgz", + "integrity": "sha512-JPKn0GMu+Fa3zt3Bmr66JhokJU5BaNBIh4ZeTlaCBzrBsOeXzwcKKAK1tbLiPKgvwmPXsDvvLHoWh5Bm7ofIYg==", "dev": true }, "object-visit": { @@ -3449,9 +3445,9 @@ } }, "oidc-token-hash": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-3.0.2.tgz", - "integrity": "sha512-dTzp80/y/da+um+i+sOucNqiPpwRL7M/xPwj7pH1TFA2/bqQ+OK2sJahSXbemEoLtPkHcFLyhLhLWZa9yW5+RA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.0.tgz", + "integrity": "sha512-8Yr4CZSv+Tn8ZkN3iN2i2w2G92mUKClp4z7EGUfdsERiYSbj7P4i/NHm72ft+aUdsiFx9UdIPSTwbyzQ6C4URg==", "dev": true }, "once": { @@ -3473,19 +3469,19 @@ } }, "openid-client": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-2.5.0.tgz", - "integrity": "sha512-t3hFD7xEoW1U25RyBcRFaL19fGGs6hNVTysq9pgmiltH0IVUPzH/bQV9w24pM5Q7MunnGv2/5XjIru6BQcWdxg==", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-4.1.1.tgz", + "integrity": "sha512-/qch3I3v8UtO0A7wVgyXJJjGX/knR8bv06DQpLuKQqLG5u4AHcgusGuVKPKAcneLZvHKbKovF2+3e2ngXyuudA==", "dev": true, "requires": { - "base64url": "^3.0.0", - "got": "^8.3.2", - "lodash": "^4.17.11", - "lru-cache": "^5.1.1", - "node-jose": "^1.1.0", - "object-hash": "^1.3.1", - "oidc-token-hash": "^3.0.1", - "p-any": "^1.1.0" + "base64url": "^3.0.1", + "got": "^11.6.2", + "jose": "^2.0.2", + "lru-cache": "^6.0.0", + "make-error": "^1.3.6", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.0", + "p-any": "^3.0.0" } }, "optionator": { @@ -3503,18 +3499,19 @@ } }, "p-any": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-any/-/p-any-1.1.0.tgz", - "integrity": "sha512-Ef0tVa4CZ5pTAmKn+Cg3w8ABBXh+hHO1aV8281dKOoUHfX+3tjG2EaFcC+aZyagg9b4EYGsHEjz21DnEE8Og2g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-any/-/p-any-3.0.0.tgz", + "integrity": "sha512-5rqbqfsRWNb0sukt0awwgJMlaep+8jV45S15SKKB34z4UuzjcofIfnriCBhWjZP2jbVtjt9yRl7buB6RlKsu9w==", "dev": true, "requires": { - "p-some": "^2.0.0" + "p-cancelable": "^2.0.0", + "p-some": "^5.0.0" } }, "p-cancelable": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.4.1.tgz", - "integrity": "sha512-HNa1A8LvB1kie7cERyy21VNeHb2CWJJYqyyC2o3klWFfMGlFmWv2Z7sFgZH8ZiaYL95ydToKTFVXgMV/Os0bBQ==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.0.0.tgz", + "integrity": "sha512-wvPXDmbMmu2ksjkB4Z3nZWTSkJEb9lqVdMaCKpZUGJG9TMiNp9XcbG3fn9fPKjem04fJMJnXoyFPk2FmgiaiNg==", "dev": true }, "p-each-series": { @@ -3529,12 +3526,6 @@ "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=", "dev": true }, - "p-is-promise": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/p-is-promise/-/p-is-promise-1.1.0.tgz", - "integrity": "sha1-nJRWmJ6fZYgBewQ01WCXZ1w9oF4=", - "dev": true - }, "p-limit": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.2.tgz", @@ -3554,21 +3545,13 @@ } }, "p-some": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-some/-/p-some-2.0.1.tgz", - "integrity": "sha1-Zdh8ixVO289SIdFnd4ttLhUPbwY=", - "dev": true, - "requires": { - "aggregate-error": "^1.0.0" - } - }, - "p-timeout": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", - "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-some/-/p-some-5.0.0.tgz", + "integrity": "sha512-Js5XZxo6vHjB9NOYAzWDYAIyyiPvva0DWESAIWIK7uhSpGsyg5FwUPxipU/SOQx5x9EqhOh545d1jo6cVkitig==", "dev": true, "requires": { - "p-finally": "^1.0.0" + "aggregate-error": "^3.0.0", + "p-cancelable": "^2.0.0" } }, "p-try": { @@ -3577,12 +3560,6 @@ "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", "dev": true }, - "pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==", - "dev": true - }, "parse5": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/parse5/-/parse5-5.1.0.tgz", @@ -3631,12 +3608,6 @@ "integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==", "dev": true }, - "pify": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", - "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=", - "dev": true - }, "pirates": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.1.tgz", @@ -3673,12 +3644,6 @@ "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", "dev": true }, - "prepend-http": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-2.0.0.tgz", - "integrity": "sha1-6SQ0v6XqjBn0HN/UAddBo8gZ2Jc=", - "dev": true - }, "prettier": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.0.2.tgz", @@ -3705,18 +3670,6 @@ } } }, - "process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=", - "dev": true - }, - "process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", - "dev": true - }, "prompts": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", @@ -3755,16 +3708,11 @@ "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", "dev": true }, - "query-string": { + "quick-lru": { "version": "5.1.1", - "resolved": "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz", - "integrity": "sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw==", - "dev": true, - "requires": { - "decode-uri-component": "^0.2.0", - "object-assign": "^4.1.0", - "strict-uri-encode": "^1.0.0" - } + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", + "dev": true }, "react-is": { "version": "16.13.1", @@ -3772,27 +3720,6 @@ "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", "dev": true }, - "react-zlib-js": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", - "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==", - "dev": true - }, - "readable-stream": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", - "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", - "dev": true, - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, "realpath-native": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/realpath-native/-/realpath-native-2.0.0.tgz", @@ -3929,6 +3856,12 @@ "path-parse": "^1.0.6" } }, + "resolve-alpn": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.0.0.tgz", + "integrity": "sha512-rTuiIEqFmGxne4IovivKSDzld2lWW9QCjqv80SYjPgf+gS35eaCAjaP54CCwGAwBtnCsvNLYtqxe1Nw+i6JEmA==", + "dev": true + }, "resolve-cwd": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", @@ -3951,12 +3884,12 @@ "dev": true }, "responselike": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/responselike/-/responselike-1.0.2.tgz", - "integrity": "sha1-kYcg7ztjHFZCvgaPFa3lpG9Loec=", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.0.tgz", + "integrity": "sha512-xH48u3FTB9VsZw7R+vvgaKeLKzT6jOogbQhEe/jewwnZgzPcnyWui2Av6JpoYZF/91uueC+lqhWqeURw5/qhCw==", "dev": true, "requires": { - "lowercase-keys": "^1.0.0" + "lowercase-keys": "^2.0.0" } }, "ret": { @@ -3966,9 +3899,9 @@ "dev": true }, "rfc4648": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.3.0.tgz", - "integrity": "sha512-x36K12jOflpm1V8QjPq3I+pt7Z1xzeZIjiC8J2Oxd7bE1efTrOG241DTYVJByP/SxR9jl1t7iZqYxDX864jgBQ==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.4.0.tgz", + "integrity": "sha512-3qIzGhHlMHA6PoT6+cdPKZ+ZqtxkIvg8DZGKA5z6PQ33/uuhoJ+Ws/D/J9rXW6gXodgH8QYlz2UCl+sdUDmNIg==", "dev": true }, "rimraf": { @@ -4208,9 +4141,9 @@ "dev": true }, "shelljs": { - "version": "0.8.3", - "resolved": "https://registry.npmjs.org/shelljs/-/shelljs-0.8.3.tgz", - "integrity": "sha512-fc0BKlAWiLpwZljmOvAOTE/gXawtCoNrP5oaY7KIaQbbyHeQVg01pSEuEGvGh3HEdBU4baCD7wQBwADmM/7f7A==", + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/shelljs/-/shelljs-0.8.4.tgz", + "integrity": "sha512-7gk3UZ9kOfPLIAbslLzyWeGiEqx9e3rxwZM0KE6EL8GlGwjym9Mrlx5/p33bWTu9YG6vcS4MBxYZDHYr5lr8BQ==", "dev": true, "requires": { "glob": "^7.0.0", @@ -4371,15 +4304,6 @@ } } }, - "sort-keys": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/sort-keys/-/sort-keys-2.0.0.tgz", - "integrity": "sha1-ZYU1WEhh7JfXMNbPQYIuH1ZoQSg=", - "dev": true, - "requires": { - "is-plain-obj": "^1.0.0" - } - }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -4480,10 +4404,10 @@ "integrity": "sha1-NbCYdbT/SfJqd35QmzCQoyJr8ks=", "dev": true }, - "strict-uri-encode": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz", - "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=", + "stream-buffers": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz", + "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==", "dev": true }, "string-length": { @@ -4518,15 +4442,6 @@ "strip-ansi": "^6.0.0" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "requires": { - "safe-buffer": "~5.1.0" - } - }, "strip-ansi": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", @@ -4587,6 +4502,20 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, + "tar": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/tar/-/tar-6.0.5.tgz", + "integrity": "sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==", + "dev": true, + "requires": { + "chownr": "^2.0.0", + "fs-minipass": "^2.0.0", + "minipass": "^3.0.0", + "minizlib": "^2.1.1", + "mkdirp": "^1.0.3", + "yallist": "^4.0.0" + } + }, "terminal-link": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", @@ -4614,11 +4543,23 @@ "integrity": "sha512-fcwX4mndzpLQKBS1DVYhGAcYaYt7vsHNIvQV+WXMvnow5cgjPphq5CaayLaGsjRdSCKZFNGt7/GYAuXaNOiYCA==", "dev": true }, - "timed-out": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz", - "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=", - "dev": true + "tmp": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz", + "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==", + "dev": true, + "requires": { + "rimraf": "^3.0.0" + } + }, + "tmp-promise": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.2.tgz", + "integrity": "sha512-OyCLAKU1HzBjL6Ev3gxUeraJNlbNingmi8IrHHEsYH8LTmEuhvYfqvhn2F/je+mjf4N58UmZ96OMEy1JanSCpA==", + "dev": true, + "requires": { + "tmp": "^0.2.0" + } }, "tmpl": { "version": "1.0.4", @@ -4694,9 +4635,9 @@ } }, "tslib": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.11.1.tgz", - "integrity": "sha512-aZW88SY8kQbU7gpV19lN24LtXh/yD4ZZg6qieAJDDg+YBsJcSmLGK9QpnUjAKVG/xefmvJGd1WUmfpT/g6AJGA==", + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz", + "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==", "dev": true }, "tunnel-agent": { @@ -4745,9 +4686,9 @@ } }, "underscore": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz", - "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg==", + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz", + "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw==", "dev": true }, "union-value": { @@ -4817,33 +4758,12 @@ "integrity": "sha1-2pN/emLiH+wf0Y1Js1wpNQZ6bHI=", "dev": true }, - "url-parse-lax": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/url-parse-lax/-/url-parse-lax-3.0.0.tgz", - "integrity": "sha1-FrXK/Afb42dsGxmZF3gj1lA6yww=", - "dev": true, - "requires": { - "prepend-http": "^2.0.0" - } - }, - "url-to-options": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/url-to-options/-/url-to-options-1.0.1.tgz", - "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=", - "dev": true - }, "use": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/use/-/use-3.1.1.tgz", "integrity": "sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==", "dev": true }, - "util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=", - "dev": true - }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", @@ -5016,9 +4936,9 @@ "dev": true }, "yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", "dev": true }, "yargs": { diff --git a/tests/integration/package.json b/tests/integration/package.json index afadf430..938fef5e 100644 --- a/tests/integration/package.json +++ b/tests/integration/package.json @@ -9,7 +9,7 @@ "author": "iteratec GmbH", "license": "Apache-2.0", "devDependencies": { - "@kubernetes/client-node": "^0.11.1", + "@kubernetes/client-node": "^0.12.2", "jest": "^25.2.4", "prettier": "^2.0.2" } From 0eb35ca9843f3e701f8ca7faa9bbcbdf5e4ccfd7 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 08:34:15 +0200 Subject: [PATCH 129/235] Remove Heading --- CONTRIBUTING.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6c7fa69d..351d9a30 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -8,7 +8,6 @@ - [How to Write Commit Messages](#how-to-write-commit-messages) - [Code Review](#code-review) - [Code of Conduct](#code-of-conduct) - - [Code Style](#code-style) ## GitHub Flow @@ -72,6 +71,3 @@ NOTE: Make sure you don't include `@mentions` or `fixes` keywords in your git co Please have a look at our [Code of Conduct](./CODE_OF_CONDUCT.md) before you write an Issue or make a PR. -## Code Style - - From ba0e0f5676a845728fa7e797cffcc89372305f56 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 09:15:06 +0200 Subject: [PATCH 130/235] Publish Docker Images in regular Docker group For the release of version 2 of the SecureCodeBox we want to move the used Docker images from the experimental group to the regular group To make this possible I changed the docker group in the CI using VIMs search and replace (`:%s/scbexperimental/securecodebox/g`) To make sure that every reference (e.g. in helm charts) is updated I searched for all occurence using ripgrep (`rg -il "scbexperimental" ./`) --- .github/workflows/ci.yaml | 50 +++++++++---------- docs/user-guide/README.md | 4 +- hooks/declarative-subsequent-scans/Dockerfile | 2 +- hooks/declarative-subsequent-scans/README.md | 4 +- .../declarative-subsequent-scans/values.yaml | 2 +- hooks/generic-webhook/Dockerfile | 2 +- hooks/generic-webhook/values.yaml | 2 +- hooks/imperative-subsequent-scans/Dockerfile | 2 +- hooks/imperative-subsequent-scans/values.yaml | 2 +- hooks/persistence-elastic/Dockerfile | 2 +- .../templates/import-dashboard.yaml | 4 +- hooks/persistence-elastic/values.yaml | 2 +- hooks/update-field/Dockerfile | 2 +- hooks/update-field/values.yaml | 2 +- operator/Makefile | 2 +- .../samples/execution_v1_parsedefinition.yaml | 2 +- .../config/samples/execution_v1_scantype.yaml | 2 +- .../execution/scans/scan_reconciler.go | 2 +- operator/values.yaml | 4 +- scanners/amass/parser/Dockerfile | 2 +- scanners/amass/values.yaml | 2 +- scanners/kube-hunter/parser/Dockerfile | 2 +- .../templates/kubehunter-scan-type.yaml | 2 +- scanners/kube-hunter/values.yaml | 2 +- scanners/ncrack/parser/Dockerfile | 2 +- .../ncrack/templates/ncrack-scan-type.yaml | 2 +- scanners/ncrack/values.yaml | 2 +- scanners/nikto/parser/Dockerfile | 2 +- scanners/nikto/templates/nikto-scan-type.yaml | 2 +- scanners/nikto/values.yaml | 2 +- scanners/nmap/parser/Dockerfile | 2 +- scanners/nmap/templates/nmap-scan-type.yaml | 2 +- scanners/nmap/values.yaml | 2 +- scanners/ssh_scan/parser/Dockerfile | 2 +- scanners/ssh_scan/values.yaml | 2 +- scanners/sslyze/parser/Dockerfile | 2 +- scanners/sslyze/values.yaml | 2 +- scanners/test-scan/parser/Dockerfile | 4 +- .../templates/test-scan-scan-type.yaml | 2 +- scanners/test-scan/values.yaml | 2 +- scanners/trivy/parser/Dockerfile | 2 +- scanners/trivy/values.yaml | 2 +- scanners/wpscan/parser/Dockerfile | 2 +- scanners/wpscan/values.yaml | 2 +- scanners/zap/parser/Dockerfile | 2 +- scanners/zap/values.yaml | 2 +- 46 files changed, 75 insertions(+), 75 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b5135898..e2d02f7c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,7 +68,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/operator + repository: securecodebox/operator tag_with_ref: true tag_with_sha: true path: ./operator/ @@ -90,7 +90,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/lurcher + repository: securecodebox/lurcher tag_with_ref: true tag_with_sha: true path: ./lurcher/ @@ -105,7 +105,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-sdk-nodejs + repository: securecodebox/parser-sdk-nodejs path: ./parser-sdk/nodejs/ tag_with_ref: true tag_with_sha: true @@ -116,7 +116,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-amass + repository: securecodebox/parser-amass path: ./scanners/amass/parser/ tag_with_ref: true tag_with_sha: true @@ -126,7 +126,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-kube-hunter + repository: securecodebox/parser-kube-hunter path: ./scanners/kube-hunter/parser/ tag_with_ref: true tag_with_sha: true @@ -136,7 +136,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-ncrack + repository: securecodebox/parser-ncrack path: ./scanners/ncrack/parser/ tag_with_ref: true tag_with_sha: true @@ -146,7 +146,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-nikto + repository: securecodebox/parser-nikto path: ./scanners/nikto/parser/ tag_with_ref: true tag_with_sha: true @@ -156,7 +156,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-nmap + repository: securecodebox/parser-nmap path: ./scanners/nmap/parser/ tag_with_ref: true tag_with_sha: true @@ -166,7 +166,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-ssh-scan + repository: securecodebox/parser-ssh-scan path: ./scanners/ssh_scan/parser/ tag_with_ref: true tag_with_sha: true @@ -176,7 +176,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-sslyze + repository: securecodebox/parser-sslyze path: ./scanners/sslyze/parser/ tag_with_ref: true tag_with_sha: true @@ -186,7 +186,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-test-scan + repository: securecodebox/parser-test-scan path: ./scanners/test-scan/parser/ tag_with_ref: true tag_with_sha: true @@ -196,7 +196,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-trivy + repository: securecodebox/parser-trivy path: ./scanners/trivy/parser/ tag_with_ref: true tag_with_sha: true @@ -206,7 +206,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-zap + repository: securecodebox/parser-zap path: ./scanners/zap/parser/ tag_with_ref: true tag_with_sha: true @@ -216,7 +216,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/parser-wpscan + repository: securecodebox/parser-wpscan path: ./scanners/wpscan/parser/ tag_with_ref: true tag_with_sha: true @@ -233,7 +233,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/hook-sdk-nodejs + repository: securecodebox/hook-sdk-nodejs path: ./hook-sdk/nodejs/ tag_with_ref: true tags: "ci-local" @@ -243,7 +243,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/persistence-elastic + repository: securecodebox/persistence-elastic path: ./hooks/persistence-elastic/ tag_with_ref: true build_args: baseImageTag=ci-local @@ -252,7 +252,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/persistence-elastic-dashboard-importer + repository: securecodebox/persistence-elastic-dashboard-importer path: ./hooks/persistence-elastic/dashboardImporter/ tag_with_ref: true - uses: docker/build-push-action@v1 @@ -260,7 +260,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/generic-webhook + repository: securecodebox/generic-webhook path: ./hooks/generic-webhook/ tag_with_ref: true build_args: baseImageTag=ci-local @@ -269,7 +269,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/hook-imperative-subsequent-scans + repository: securecodebox/hook-imperative-subsequent-scans path: ./hooks/imperative-subsequent-scans/ tag_with_ref: true build_args: baseImageTag=ci-local @@ -278,7 +278,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/hook-declarative-subsequent-scans + repository: securecodebox/hook-declarative-subsequent-scans path: ./hooks/declarative-subsequent-scans/ tag_with_ref: true tag_with_sha: true @@ -288,7 +288,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/update-field + repository: securecodebox/update-field path: ./hooks/update-field/ tag_with_ref: true tag_with_sha: true @@ -304,7 +304,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/ncrack + repository: securecodebox/ncrack path: ./scanners/ncrack/scanner/ # Note: not prefixed with a "v" as this seems to match ncrack versioning standards tags: "0.7,latest" @@ -313,7 +313,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/nmap + repository: securecodebox/nmap path: ./scanners/nmap/scanner/ # Note: not prefixed with a "v" as this seems to match nmap versioning standards tags: "7.80,7.80-2,latest" @@ -322,7 +322,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/kube-hunter + repository: securecodebox/kube-hunter path: ./scanners/kube-hunter/scanner/ # Note: not prefixed with a "v" as this matches the aquasec/kube-hunter tags tags: "0.3.0,latest" @@ -331,7 +331,7 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: scbexperimental/test-scan + repository: securecodebox/test-scan path: ./scanners/test-scan/scanner/ # Note: not prefixed with a "v" as this seems to match nmap versioning standards tags: "latest" diff --git a/docs/user-guide/README.md b/docs/user-guide/README.md index c0b3a4c0..4002f6e2 100644 --- a/docs/user-guide/README.md +++ b/docs/user-guide/README.md @@ -33,7 +33,7 @@ The result should contain a hook for declarative subsequent scans. ```bash NAME TYPE IMAGE -combined-scans-declarative-subsequent-scans ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest +combined-scans-declarative-subsequent-scans ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest ``` ### Verify CascadingRules @@ -135,4 +135,4 @@ pop3s-tls-scan sslyze non-invasive light smtps-tls-scan sslyze non-invasive light ssh-scan ssh-scan non-invasive light zap-http zap-baseline non-invasive medium -``` \ No newline at end of file +``` diff --git a/hooks/declarative-subsequent-scans/Dockerfile b/hooks/declarative-subsequent-scans/Dockerfile index 9289dfe9..54703587 100644 --- a/hooks/declarative-subsequent-scans/Dockerfile +++ b/hooks/declarative-subsequent-scans/Dockerfile @@ -13,7 +13,7 @@ RUN npm ci COPY hook.ts scan-helpers.ts kubernetes-label-selector.ts ./ RUN npm run build -FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --from=install --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --from=build --chown=app:app /home/app/hook.js /home/app/scan-helpers.js /home/app/kubernetes-label-selector.js ./ diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index dd875b57..3edcbce4 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -21,7 +21,7 @@ helm upgrade --install dssh ./hooks/declarative-subsequent-scans/ ```bash kubectl get ScanCompletionHooks NAME TYPE IMAGE -dssh ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest +dssh ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest ``` ## CascadingScan Rules @@ -113,4 +113,4 @@ pop3s-tls-scan sslyze non-invasive light smtps-tls-scan sslyze non-invasive light ssh-scan ssh-scan non-invasive light zap-http zap-baseline non-invasive medium -``` \ No newline at end of file +``` diff --git a/hooks/declarative-subsequent-scans/values.yaml b/hooks/declarative-subsequent-scans/values.yaml index df7baf1d..0a1dc4dc 100644 --- a/hooks/declarative-subsequent-scans/values.yaml +++ b/hooks/declarative-subsequent-scans/values.yaml @@ -3,6 +3,6 @@ # Declare variables to be passed into your templates. image: - repository: docker.io/scbexperimental/hook-declarative-subsequent-scans + repository: docker.io/securecodebox/hook-declarative-subsequent-scans # image.tag - defaults to the charts version tag: null diff --git a/hooks/generic-webhook/Dockerfile b/hooks/generic-webhook/Dockerfile index 6e0086dd..adfb0ac2 100644 --- a/hooks/generic-webhook/Dockerfile +++ b/hooks/generic-webhook/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./hook.js ./hook.js diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml index 1084e8f6..95851426 100644 --- a/hooks/generic-webhook/values.yaml +++ b/hooks/generic-webhook/values.yaml @@ -5,6 +5,6 @@ webhookUrl: "http://example.com" image: - repository: docker.io/scbexperimental/generic-webhook + repository: docker.io/securecodebox/generic-webhook # image.tag - defaults to the charts version tag: null diff --git a/hooks/imperative-subsequent-scans/Dockerfile b/hooks/imperative-subsequent-scans/Dockerfile index dda1c6e4..0b9b6033 100644 --- a/hooks/imperative-subsequent-scans/Dockerfile +++ b/hooks/imperative-subsequent-scans/Dockerfile @@ -1,6 +1,6 @@ # This image doesn't install the hooks dependencies, as it only has the @kubernetes/client-node dependencies which is already installed via the hook-sdk ARG baseImageTag -FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --chown=app:app hook.js scan-helpers.js ./ diff --git a/hooks/imperative-subsequent-scans/values.yaml b/hooks/imperative-subsequent-scans/values.yaml index 2372d5d2..0e8faee5 100644 --- a/hooks/imperative-subsequent-scans/values.yaml +++ b/hooks/imperative-subsequent-scans/values.yaml @@ -17,6 +17,6 @@ cascade: nmapZapBaseline: false image: - repository: docker.io/scbexperimental/hook-imperative-subsequent-scans + repository: docker.io/securecodebox/hook-imperative-subsequent-scans # image.tag - defaults to the charts version tag: null diff --git a/hooks/persistence-elastic/Dockerfile b/hooks/persistence-elastic/Dockerfile index 6e0086dd..adfb0ac2 100644 --- a/hooks/persistence-elastic/Dockerfile +++ b/hooks/persistence-elastic/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./hook.js ./hook.js diff --git a/hooks/persistence-elastic/templates/import-dashboard.yaml b/hooks/persistence-elastic/templates/import-dashboard.yaml index b60b2111..65fdcfc9 100644 --- a/hooks/persistence-elastic/templates/import-dashboard.yaml +++ b/hooks/persistence-elastic/templates/import-dashboard.yaml @@ -10,7 +10,7 @@ spec: restartPolicy: 'OnFailure' containers: - name: dasboard-importer - image: scbexperimental/persistence-elastic-dashboard-importer + image: securecodebox/persistence-elastic-dashboard-importer imagePullPolicy: Always env: {{- if .Values.externalElasticStack.enabled }} @@ -19,4 +19,4 @@ spec: {{- else }} - name: KIBANA_URL value: "http://persistence-elastic-kibana.{{ .Release.Namespace }}.svc.cluster.local:5601" -{{- end }} \ No newline at end of file +{{- end }} diff --git a/hooks/persistence-elastic/values.yaml b/hooks/persistence-elastic/values.yaml index 4f77b409..fba89b15 100644 --- a/hooks/persistence-elastic/values.yaml +++ b/hooks/persistence-elastic/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: - repository: docker.io/scbexperimental/persistence-elastic + repository: docker.io/securecodebox/persistence-elastic # image.tag - defaults to the charts version tag: null diff --git a/hooks/update-field/Dockerfile b/hooks/update-field/Dockerfile index 6e0086dd..adfb0ac2 100644 --- a/hooks/update-field/Dockerfile +++ b/hooks/update-field/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./hook.js ./hook.js diff --git a/hooks/update-field/values.yaml b/hooks/update-field/values.yaml index 4e09ffa5..86b8902d 100644 --- a/hooks/update-field/values.yaml +++ b/hooks/update-field/values.yaml @@ -7,6 +7,6 @@ attribute: value: my-own-category image: - repository: docker.io/scbexperimental/update-field + repository: docker.io/securecodebox/update-field # image.tag - defaults to the charts version tag: null diff --git a/operator/Makefile b/operator/Makefile index a8492827..daa6e0d5 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -1,6 +1,6 @@ # Image URL to use all building/pushing image targets -IMG ?= scbexperimental/operator:latest +IMG ?= securecodebox/operator:latest # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) CRD_OPTIONS ?= "crd:trivialVersions=true" diff --git a/operator/config/samples/execution_v1_parsedefinition.yaml b/operator/config/samples/execution_v1_parsedefinition.yaml index c9f55825..45ecc4db 100644 --- a/operator/config/samples/execution_v1_parsedefinition.yaml +++ b/operator/config/samples/execution_v1_parsedefinition.yaml @@ -4,4 +4,4 @@ metadata: name: "nmap-xml" spec: handlesResultsType: nmap-xml - image: scbexperimental/nmap-parser + image: securecodebox/nmap-parser diff --git a/operator/config/samples/execution_v1_scantype.yaml b/operator/config/samples/execution_v1_scantype.yaml index 16eff814..722e9d4f 100644 --- a/operator/config/samples/execution_v1_scantype.yaml +++ b/operator/config/samples/execution_v1_scantype.yaml @@ -14,5 +14,5 @@ spec: restartPolicy: OnFailure containers: - name: nmap - image: scbexperimental/nmap:7.80 + image: securecodebox/nmap:7.80 command: ["nmap", "-oX", "/home/securecodebox/nmap-results.xml"] diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index e8c7a65f..940eb005 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -202,7 +202,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e // Get lurcher image config from env lurcherImage := os.Getenv("LURCHER_IMAGE") if lurcherImage == "" { - lurcherImage = "scbexperimental/lurcher:latest" + lurcherImage = "securecodebox/lurcher:latest" } lurcherPullPolicyRaw := os.Getenv("LURCHER_PULL_POLICY") var lurcherPullPolicy corev1.PullPolicy diff --git a/operator/values.yaml b/operator/values.yaml index 840a5314..65e498ce 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -6,14 +6,14 @@ telemetryEnabled: true image: - repository: docker.io/scbexperimental/operator + repository: docker.io/securecodebox/operator # image.tag -- defaults to the charts version tag: null pullPolicy: Always lurcher: image: - repository: docker.io/scbexperimental/lurcher + repository: docker.io/securecodebox/lurcher # lurcher.image.tag -- defaults to the charts version tag: null pullPolicy: IfNotPresent diff --git a/scanners/amass/parser/Dockerfile b/scanners/amass/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/amass/parser/Dockerfile +++ b/scanners/amass/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml index 2cf199b6..24918f97 100644 --- a/scanners/amass/values.yaml +++ b/scanners/amass/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-amass + repository: docker.io/securecodebox/parser-amass # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/kube-hunter/parser/Dockerfile b/scanners/kube-hunter/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/kube-hunter/parser/Dockerfile +++ b/scanners/kube-hunter/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml index dff32f2b..df5f3ff6 100644 --- a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml +++ b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never containers: - name: kube-hunter - image: scbexperimental/kube-hunter:latest + image: securecodebox/kube-hunter:latest command: - 'sh' - '/wrapper.sh' diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index c70b3bad..1a086977 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-kube-hunter + repository: docker.io/securecodebox/parser-kube-hunter # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/ncrack/parser/Dockerfile b/scanners/ncrack/parser/Dockerfile index 59918094..c53ee60c 100644 --- a/scanners/ncrack/parser/Dockerfile +++ b/scanners/ncrack/parser/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml index 13e25e52..0805dc0d 100644 --- a/scanners/ncrack/templates/ncrack-scan-type.yaml +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: ncrack - image: scbexperimental/ncrack:0.7 + image: securecodebox/ncrack:0.7 command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index cec6e9c9..ff6e149e 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-ncrack + repository: docker.io/securecodebox/parser-ncrack # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/nikto/parser/Dockerfile b/scanners/nikto/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/nikto/parser/Dockerfile +++ b/scanners/nikto/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/nikto/templates/nikto-scan-type.yaml b/scanners/nikto/templates/nikto-scan-type.yaml index e59604bb..4a91da27 100644 --- a/scanners/nikto/templates/nikto-scan-type.yaml +++ b/scanners/nikto/templates/nikto-scan-type.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never containers: - name: nikto - image: scbexperimental/nikto:latest + image: securecodebox/nikto:latest command: # Nikto Entrypoint Script to avoid problems nikto exiting with a non zero exit code # This would cause the kubernetes job to fail no matter what diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml index 45640420..b5967c7e 100644 --- a/scanners/nikto/values.yaml +++ b/scanners/nikto/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-nikto + repository: docker.io/securecodebox/parser-nikto # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/nmap/parser/Dockerfile b/scanners/nmap/parser/Dockerfile index 59918094..c53ee60c 100644 --- a/scanners/nmap/parser/Dockerfile +++ b/scanners/nmap/parser/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/nmap/templates/nmap-scan-type.yaml b/scanners/nmap/templates/nmap-scan-type.yaml index 9be99c02..05c51909 100644 --- a/scanners/nmap/templates/nmap-scan-type.yaml +++ b/scanners/nmap/templates/nmap-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: nmap - image: scbexperimental/nmap:7.80 + image: securecodebox/nmap:7.80 command: ["nmap", "-oX", "/home/securecodebox/nmap-results.xml"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml index 1413156d..b5551143 100644 --- a/scanners/nmap/values.yaml +++ b/scanners/nmap/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-nmap + repository: docker.io/securecodebox/parser-nmap # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/ssh_scan/parser/Dockerfile b/scanners/ssh_scan/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/ssh_scan/parser/Dockerfile +++ b/scanners/ssh_scan/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/ssh_scan/values.yaml b/scanners/ssh_scan/values.yaml index 3304a1fb..7f8d6972 100644 --- a/scanners/ssh_scan/values.yaml +++ b/scanners/ssh_scan/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-ssh-scan + repository: docker.io/securecodebox/parser-ssh-scan # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/sslyze/parser/Dockerfile b/scanners/sslyze/parser/Dockerfile index 59918094..c53ee60c 100644 --- a/scanners/sslyze/parser/Dockerfile +++ b/scanners/sslyze/parser/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/sslyze/values.yaml b/scanners/sslyze/values.yaml index 4f3b8e38..132de8b9 100644 --- a/scanners/sslyze/values.yaml +++ b/scanners/sslyze/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-sslyze + repository: docker.io/securecodebox/parser-sslyze # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/test-scan/parser/Dockerfile b/scanners/test-scan/parser/Dockerfile index 8ad09e7c..59250684 100644 --- a/scanners/test-scan/parser/Dockerfile +++ b/scanners/test-scan/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ -COPY --chown=app:app ./parser.js ./parser.js \ No newline at end of file +COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/test-scan/templates/test-scan-scan-type.yaml b/scanners/test-scan/templates/test-scan-scan-type.yaml index 72053da3..ec001879 100644 --- a/scanners/test-scan/templates/test-scan-scan-type.yaml +++ b/scanners/test-scan/templates/test-scan-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: test-scan - image: scbexperimental/test-scan:latest + image: securecodebox/test-scan:latest command: ["touch", "/home/securecodebox/hello-world.txt"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/test-scan/values.yaml b/scanners/test-scan/values.yaml index f4c510f6..d54288e8 100644 --- a/scanners/test-scan/values.yaml +++ b/scanners/test-scan/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-test-scan + repository: docker.io/securecodebox/parser-test-scan # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/trivy/parser/Dockerfile b/scanners/trivy/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/trivy/parser/Dockerfile +++ b/scanners/trivy/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/trivy/values.yaml b/scanners/trivy/values.yaml index c6e25b8d..73c61b88 100644 --- a/scanners/trivy/values.yaml +++ b/scanners/trivy/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-trivy + repository: docker.io/securecodebox/parser-trivy # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/wpscan/parser/Dockerfile b/scanners/wpscan/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/wpscan/parser/Dockerfile +++ b/scanners/wpscan/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/wpscan/values.yaml b/scanners/wpscan/values.yaml index 6099ed4d..937352aa 100644 --- a/scanners/wpscan/values.yaml +++ b/scanners/wpscan/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-wpscan + repository: docker.io/securecodebox/parser-wpscan # parserImage.tag - defaults to the charts version tag: null diff --git a/scanners/zap/parser/Dockerfile b/scanners/zap/parser/Dockerfile index 2b6bab47..59250684 100644 --- a/scanners/zap/parser/Dockerfile +++ b/scanners/zap/parser/Dockerfile @@ -1,4 +1,4 @@ ARG baseImageTag -FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest} +FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/parser-wrapper/parser/ COPY --chown=app:app ./parser.js ./parser.js diff --git a/scanners/zap/values.yaml b/scanners/zap/values.yaml index c67f415a..26bd218b 100644 --- a/scanners/zap/values.yaml +++ b/scanners/zap/values.yaml @@ -1,5 +1,5 @@ parserImage: - repository: docker.io/scbexperimental/parser-zap + repository: docker.io/securecodebox/parser-zap # parserImage.tag - defaults to the charts version tag: null From bb77b0cc5aaa99215f18f2cf3c4fae818d9a17c1 Mon Sep 17 00:00:00 2001 From: SebieF Date: Mon, 28 Sep 2020 10:56:03 +0200 Subject: [PATCH 131/235] Nmap Readme Typo Fix --- scanners/nmap/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 6520b0c9..83c7a07b 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -18,7 +18,7 @@ To learn more about the Nmap scanner itself visit [nmap.org]. ## Deployment -The Nikto ScanType can be deployed via helm: +The Nmap ScanType can be deployed via helm: ```bash helm upgrade --install nmap ./scanners/nmap/ From 903eb02700c07e25b17a0df446d5d0554b606251 Mon Sep 17 00:00:00 2001 From: SebieF Date: Mon, 28 Sep 2020 11:18:07 +0200 Subject: [PATCH 132/235] Ncrack dummy-ssh example fix --- scanners/ncrack/examples/dummy-ssh/README.md | 11 ++++++++--- scanners/ncrack/examples/dummy-ssh/scan.yaml | 3 ++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/scanners/ncrack/examples/dummy-ssh/README.md b/scanners/ncrack/examples/dummy-ssh/README.md index cfbb99d7..60eb4202 100644 --- a/scanners/ncrack/examples/dummy-ssh/README.md +++ b/scanners/ncrack/examples/dummy-ssh/README.md @@ -1,13 +1,13 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh service (dummy-ssh) -#### Install dummy-ssh +#### Initialize ncrack with lists and dummy-ssh Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists: ```bash # Create user & password list files, you can edit them later if you want -echo "root\nadmin" > users.txt -echo "THEPASSWORDYOUCREATED\n123456\npassword" > passwords.txt +printf "root\nadmin\n" > users.txt +printf "THEPASSWORDYOUCREATED\n123456\npassword\n" > passwords.txt # Create a Kubernetes secret containing these files kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists @@ -27,3 +27,8 @@ scannerJob: mountPath: "/ncrack/" EOF ``` + +#### Troubleshooting: +* Make sure to leave a blank line at the end of each file used in the secret! +* If printf doesn't create new lines, try 'echo -e "..."' +* You can show your existing secrets with 'kubectl get secrets' diff --git a/scanners/ncrack/examples/dummy-ssh/scan.yaml b/scanners/ncrack/examples/dummy-ssh/scan.yaml index aec3179e..40fb81a9 100644 --- a/scanners/ncrack/examples/dummy-ssh/scan.yaml +++ b/scanners/ncrack/examples/dummy-ssh/scan.yaml @@ -5,8 +5,9 @@ metadata: spec: scanType: "ncrack" parameters: - # Enable verbose logging + # Enable verbose logging, d10: Debug Level 10, printing more output to the console - -v + - -d10 - -U - /ncrack/users.txt - -P From 2c91d19c6ed050c3c47f1d563e1f1d8a389da55f Mon Sep 17 00:00:00 2001 From: SebieF Date: Mon, 28 Sep 2020 11:18:20 +0200 Subject: [PATCH 133/235] Ncrack documentation enhanced --- scanners/ncrack/README.md | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index f16640d1..98c26958 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -14,6 +14,59 @@ To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack W +## Ncrack Deployment & Configuration + +#### Setup with custom files: +If you want to use your own files within the ncrack scan, you have to create a secret first: + +```bash +kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists +``` + + IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8) + + +Now we created a secret named "ncrack-lists". +But before we can use the files, we have to install the ncrack ScanType: + +```bash +cat <" in the scan.yaml. + +For a full example on how to configure ncrack with your custom files against a ssh service, see the "dummy-ssh" example. + +#### Basic setup (no files can be mounted): + +The Ncrack ScanType can be deployed via helm: + +```bash +helm upgrade --install ncrack ./scanners/ncrack/ +``` + +#### Delete Ncrack ScanType: + +```bash +helm delete ncrack +``` + +#### Options + +All additional options for ncrack can be found on [Ncrack Documentation]. + +--- + + > 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. [Ncrack Website]: https://nmap.org/ncrack/ From 8c71017dbad93ef9a0b0123e0cabddb0d8752e3c Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 28 Sep 2020 11:42:01 +0200 Subject: [PATCH 134/235] Adding new Badges Added a new Badge from FOSSA Licence Scan and also the CodeClimate Maintainability --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 82a26b68..9f4abab0 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,10 @@

Build - Test Coverage + Maintainability + Test Coverage Known Vulnerabilities +

**NOTE**: This Repository contains the stable beta preview of the next major secureCodeBox (SCB) Release v2. From 1c602d03ea307fb90d598057210545bced277358 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 13:02:34 +0200 Subject: [PATCH 135/235] Add Email Address for CoC Complaints --- CODE_OF_CONDUCT.md | 2 +- CONTRIBUTING.md | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index ca21bb21..b2903cf6 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -61,7 +61,7 @@ representative at an online or offline event. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -[INSERT CONTACT METHOD]. + All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 351d9a30..3d9ebb73 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,7 +6,6 @@ - [Working with Forks and Pull Requests](#working-with-forks-and-pull-requests) - [Working with Issues / How to Contribute in Issues](#working-with-issues--how-to-contribute-in-issues) - [How to Write Commit Messages](#how-to-write-commit-messages) - - [Code Review](#code-review) - [Code of Conduct](#code-of-conduct) ## GitHub Flow @@ -65,8 +64,6 @@ TL;DR NOTE: Make sure you don't include `@mentions` or `fixes` keywords in your git commit messages. These should be included in the PR body instead. -## Code Review - ## Code of Conduct Please have a look at our [Code of Conduct](./CODE_OF_CONDUCT.md) before you write an Issue or make a PR. From 01ed8c3565365edc9e0526f947b92da437a19a3e Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Mon, 28 Sep 2020 13:14:02 +0200 Subject: [PATCH 136/235] Allow to change attribute names on the s3 secret --- operator/templates/manager/manager.yaml | 4 ++-- operator/values.yaml | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index f75d7541..9bc7c197 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -64,12 +64,12 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.s3.keySecret }} - key: accesskey + key: {{ .Values.s3.secretAttributeNames.accesskey }} - name: S3_SECRET_KEY valueFrom: secretKeyRef: name: {{ .Values.s3.keySecret }} - key: secretkey + key: {{ .Values.s3.secretAttributeNames.secretkey }} {{- end }} - name: LURCHER_IMAGE value: "{{ .Values.lurcher.image.repository }}:{{ .Values.lurcher.image.tag | default .Chart.Version }}" diff --git a/operator/values.yaml b/operator/values.yaml index 840a5314..a9fdd3da 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -32,10 +32,15 @@ s3: bucket: "my-bucket" # Implicit 443. You probably only need to change this when the system uses a non default port port: null - # Name to a k8s secret with 'accesskey' and 'secretkey' as attributes in the same namespace as this release + # Name to a k8s secret in the same namespace as this release with credentials to the s3 bucket + # By default this assumes to have 'accesskey' and 'secretkey' as attributes # Example creation via kubectl: # kubectl create secret generic my-secret --from-literal=accessKey="******" --from-literal=secretKey="******" keySecret: my-secret + # Names to the attributes in the s3 secret + secretAttributeNames: + accesskey: accesskey + secretkey: secretkey # # Config for the operator ressource limits From 076d3d84729d7aafcb3125ed17c8c68c2817ce4d Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 28 Sep 2020 13:16:29 +0200 Subject: [PATCH 137/235] Trying to support helm2 in parallel to helm3 (WIP). --- .github/workflows/helm-charts.yaml | 29 ++++++++++++++++++++++++++--- operator/helm2.Chart.yaml | 8 ++++++++ operator/helm2.requirements.lock | 6 ++++++ operator/helm2.requirements.yaml | 5 +++++ 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 operator/helm2.Chart.yaml create mode 100644 operator/helm2.requirements.lock create mode 100644 operator/helm2.requirements.yaml diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml index 655fa538..ca5f7805 100644 --- a/.github/workflows/helm-charts.yaml +++ b/.github/workflows/helm-charts.yaml @@ -13,19 +13,42 @@ jobs: sudo snap install yq - name: Parse Tag run: echo ::set-env name=RELEASE_VERSION::${GITHUB_REF#refs/*/} - - name: "Publish Helm Chart" + - name: "Publish Helm3 Charts" env: HELM_REGISTRY: https://charts.securecodebox.io USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }} PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }} run: | - # Publish charts in all folders containing a `Chart.yaml` file + # Publish all helm3 charts in all folders containing a `Chart.yaml` file # https://github.com/koalaman/shellcheck/wiki/SC2044 find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do ( dir="$(dirname "${chart}")" cd "${dir}" || exit - echo "Processing Chart in $dir" + echo "Processing Helm3 Chart in $dir" + helm package --version $RELEASE_VERSION . + NAME=$(yq read - name < Chart.yaml) + curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts" + ) + done + - name: "Publish Helm2 Charts" + env: + HELM_REGISTRY: https://charts.securecodebox.io + USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }} + PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }} + run: | + # Publish all helm2 charts in all folders containing a `helm2.Chart.yaml` file + # https://github.com/koalaman/shellcheck/wiki/SC2044 + find . -type f -name helm2.Chart.yaml -print0 | while IFS= read -r -d '' chart; do + ( + dir="$(dirname "${chart}")" + cd "${dir}" || exit + mv Chart.yaml helm3.Chart.yaml + echo "Restoring Helm2 Chart and replace Helm3 Chart temporary" + mv helm2.Chart.yaml Chart.yaml + [ ! -f helm2.requirements.lock ] || mv helm2.requirements.lock requirements.lock + [ ! -f helm2.requirements.yaml ] || mv helm2.requirements.yaml requirements.yaml + echo "Processing Helm2 Chart in $dir" helm package --version $RELEASE_VERSION . NAME=$(yq read - name < Chart.yaml) curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts" diff --git a/operator/helm2.Chart.yaml b/operator/helm2.Chart.yaml new file mode 100644 index 00000000..85d698a8 --- /dev/null +++ b/operator/helm2.Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +name: operator +description: secureCodeBox Operator to automate the execution of security scans on kubernetes + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest \ No newline at end of file diff --git a/operator/helm2.requirements.lock b/operator/helm2.requirements.lock new file mode 100644 index 00000000..19603208 --- /dev/null +++ b/operator/helm2.requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: minio + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 5.0.19 +digest: sha256:13a3a902e7ac7dcc7124ab858344b5bebe9ab623d06ee9c8d5a1cc3f467a36bb +generated: "2020-08-10T13:09:59.053995+02:00" \ No newline at end of file diff --git a/operator/helm2.requirements.yaml b/operator/helm2.requirements.yaml new file mode 100644 index 00000000..332ba206 --- /dev/null +++ b/operator/helm2.requirements.yaml @@ -0,0 +1,5 @@ +dependencies: + - name: minio + version: 5.0.19 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: minio.enabled From 5464c2fcd8740c5c5789bd06ad7b579cc9e0440b Mon Sep 17 00:00:00 2001 From: Daniel Patanin Date: Mon, 28 Sep 2020 13:54:38 +0200 Subject: [PATCH 138/235] Fixes parse error due to missing backticks Our documentation framework parses md files for JSX tags. Without backticks this will cause a syntax error. --- scanners/ncrack/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 98c26958..358590fb 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -42,7 +42,7 @@ scannerJob: EOF ``` -This enables us now to refer to our files via "/ncrack/" in the scan.yaml. +This enables us now to refer to our files via `/ncrack/` in the scan.yaml. For a full example on how to configure ncrack with your custom files against a ssh service, see the "dummy-ssh" example. From 9d7ad24a5f523e27f7dc19566948e0ff40b6f333 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 14:45:36 +0200 Subject: [PATCH 139/235] Add Possibility to Change Scanner and Hook Images To make it possible to change the docker images for scanners and hooks via values.xml I updated the following charts: - kube-hunter - ncrack - nikto - nmap - test-scan This is necessary for these charts because we do not use the official images for these scanners/hooks and cannot rely on their image tags --- scanners/kube-hunter/templates/kubehunter-scan-type.yaml | 2 +- scanners/kube-hunter/values.yaml | 5 +++++ scanners/ncrack/templates/ncrack-scan-type.yaml | 2 +- scanners/ncrack/values.yaml | 5 +++++ scanners/nikto/templates/nikto-scan-type.yaml | 1 + scanners/nikto/values.yaml | 5 +++++ scanners/nmap/templates/nmap-scan-type.yaml | 2 +- scanners/nmap/values.yaml | 2 ++ scanners/test-scan/templates/test-scan-scan-type.yaml | 2 +- scanners/test-scan/values.yaml | 5 +++++ 10 files changed, 27 insertions(+), 4 deletions(-) diff --git a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml index df5f3ff6..e88dc3c9 100644 --- a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml +++ b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml @@ -16,7 +16,7 @@ spec: restartPolicy: Never containers: - name: kube-hunter - image: securecodebox/kube-hunter:latest + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" command: - 'sh' - '/wrapper.sh' diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index 1a086977..118c13e8 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -3,6 +3,11 @@ parserImage: # parserImage.tag - defaults to the charts version tag: null +image: + repository: docker.io/securecodebox/scanner-kube-hunter + # image.tag - defaults to the charts version + tag: null + scannerJob: ttlSecondsAfterFinished: null resources: {} diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml index 0805dc0d..c968760b 100644 --- a/scanners/ncrack/templates/ncrack-scan-type.yaml +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: ncrack - image: securecodebox/ncrack:0.7 + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index ff6e149e..2b7e1664 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -3,6 +3,11 @@ parserImage: # parserImage.tag - defaults to the charts version tag: null +image: + repository: docker.io/securecodebox/scanner-ncrack + # image.tag - defaults to the charts version + tag: null + scannerJob: ttlSecondsAfterFinished: null resources: {} diff --git a/scanners/nikto/templates/nikto-scan-type.yaml b/scanners/nikto/templates/nikto-scan-type.yaml index 4a91da27..2b469df1 100644 --- a/scanners/nikto/templates/nikto-scan-type.yaml +++ b/scanners/nikto/templates/nikto-scan-type.yaml @@ -17,6 +17,7 @@ spec: containers: - name: nikto image: securecodebox/nikto:latest + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" command: # Nikto Entrypoint Script to avoid problems nikto exiting with a non zero exit code # This would cause the kubernetes job to fail no matter what diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml index b5967c7e..f52905df 100644 --- a/scanners/nikto/values.yaml +++ b/scanners/nikto/values.yaml @@ -3,6 +3,11 @@ parserImage: # parserImage.tag - defaults to the charts version tag: null +image: + repository: docker.io/securecodebox/scanner-nikto + # image.tag - defaults to the charts version + tag: null + scannerJob: ttlSecondsAfterFinished: null resources: {} diff --git a/scanners/nmap/templates/nmap-scan-type.yaml b/scanners/nmap/templates/nmap-scan-type.yaml index 05c51909..b2e3ea93 100644 --- a/scanners/nmap/templates/nmap-scan-type.yaml +++ b/scanners/nmap/templates/nmap-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: nmap - image: securecodebox/nmap:7.80 + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" command: ["nmap", "-oX", "/home/securecodebox/nmap-results.xml"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/nmap/values.yaml b/scanners/nmap/values.yaml index b5551143..c78e154f 100644 --- a/scanners/nmap/values.yaml +++ b/scanners/nmap/values.yaml @@ -3,6 +3,8 @@ parserImage: # parserImage.tag - defaults to the charts version tag: null +image: + repository: docker.io/securecodebox/scanner-nmap scannerJob: ttlSecondsAfterFinished: null resources: {} diff --git a/scanners/test-scan/templates/test-scan-scan-type.yaml b/scanners/test-scan/templates/test-scan-scan-type.yaml index ec001879..6d2a999b 100644 --- a/scanners/test-scan/templates/test-scan-scan-type.yaml +++ b/scanners/test-scan/templates/test-scan-scan-type.yaml @@ -17,7 +17,7 @@ spec: restartPolicy: OnFailure containers: - name: test-scan - image: securecodebox/test-scan:latest + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}" command: ["touch", "/home/securecodebox/hello-world.txt"] resources: {{- toYaml .Values.scannerJob.resources | nindent 16 }} diff --git a/scanners/test-scan/values.yaml b/scanners/test-scan/values.yaml index d54288e8..a05bc0d2 100644 --- a/scanners/test-scan/values.yaml +++ b/scanners/test-scan/values.yaml @@ -3,6 +3,11 @@ parserImage: # parserImage.tag - defaults to the charts version tag: null +image: + repository: docker.io/securecodebox/scanner-test-scan + # image.tag - defaults to the charts version + tag: null + scannerJob: ttlSecondsAfterFinished: null resources: {} From 92862f6cf974c0b55db75eb7111cd9fe3b3012a3 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 15:25:57 +0200 Subject: [PATCH 140/235] Remove unused file from Repo --- ressources.md | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 ressources.md diff --git a/ressources.md b/ressources.md deleted file mode 100644 index b8f08a2f..00000000 --- a/ressources.md +++ /dev/null @@ -1,15 +0,0 @@ -# Ressources for Contributing - -## Contributing - -- [Kubernetes Contributing](https://github.com/kubernetes/community/blob/master/contributors/guide/contributing.md#learn-about-sigs) -- [Kubernetes Pull-requests](https://github.com/kubernetes/community/blob/master/contributors/guide/pull-requests.md) -- [Nodejs Contributing](https://github.com/nodejs/node/blob/master/CONTRIBUTING.md) - -## Code of Conduct - -- [Kubernetes Code of Conduct](https://github.com/kubernetes/community/blob/master/governance.md#code-of-conduct) - -## Developer's Certificate of Origin? (Nodejs) - -## Rebase over Merge? (Nodejs) From a38239117dad3b17a986c03534467c9bb9d9e7d8 Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 15:45:06 +0200 Subject: [PATCH 141/235] Pin the Tag for custom scanner images --- .github/workflows/ci.yaml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e2d02f7c..eab052f4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -396,15 +396,21 @@ jobs: --set="image.tag=sha-$(git rev-parse --short HEAD)" \ --set="attribute.name=severity" \ --set="attribute.value=high" - helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install test-scan ./scanners/test-scan/ \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color read-write-hook helm -n integration-tests uninstall test-scan update-category update-severity - name: "Hooks (ReadOnly) Integration Tests" run: | - helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install test-scan ./scanners/test-scan/ \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \ + --set="image.tag=sha-$(git rev-parse --short HEAD)" helm -n integration-tests install http-webhook ./demo-apps/http-webhook - helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://http-webhook/hallo-welt" + helm -n integration-tests install ro-hook ./hooks/generic-webhook/ \ + --set="webhookUrl=http://http-webhook/hallo-welt" \ + --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color read-only-hook helm -n integration-tests uninstall test-scan http-webhook ro-hook @@ -417,17 +423,23 @@ jobs: kubectl expose deployment nginx --port 80 --namespace demo-apps - name: "nmap Integration Tests" run: | - helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install nmap ./scanners/nmap/ \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color nmap - name: "ncrack Integration Tests" run: | - helm -n integration-tests install ncrack ./scanners/ncrack/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install ncrack ./scanners/ncrack/ \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \ + --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color ncrack - name: "kube-hunter Integration Tests" run: | - helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ \ + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \ + --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color kube-hunter - name: "ssh-scan Integration Tests" From ce10500b42a99ea4d6f9112153e77acda681287a Mon Sep 17 00:00:00 2001 From: Yannik Fuhrmeister Date: Mon, 28 Sep 2020 15:59:26 +0200 Subject: [PATCH 142/235] Fix CI Syntax --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index eab052f4..46f9520c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -397,7 +397,7 @@ jobs: --set="attribute.name=severity" \ --set="attribute.value=high" helm -n integration-tests install test-scan ./scanners/test-scan/ \ - --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" + --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \ --set="image.tag=sha-$(git rev-parse --short HEAD)" cd tests/integration/ npx jest --ci --color read-write-hook From 138a414ef0cb6cca1c29eb7393fc1e17eab5a860 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 28 Sep 2020 22:44:56 +0200 Subject: [PATCH 143/235] Extending GitHub Acions to publish HelmCharts v2 additionaly to Helm3 --- .github/workflows/helm-charts.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml index ca5f7805..2c757f03 100644 --- a/.github/workflows/helm-charts.yaml +++ b/.github/workflows/helm-charts.yaml @@ -33,7 +33,7 @@ jobs: done - name: "Publish Helm2 Charts" env: - HELM_REGISTRY: https://charts.securecodebox.io + HELM_REGISTRY: https://charts-helm2.securecodebox.io USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }} PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }} run: | @@ -44,8 +44,12 @@ jobs: dir="$(dirname "${chart}")" cd "${dir}" || exit mv Chart.yaml helm3.Chart.yaml - echo "Restoring Helm2 Chart and replace Helm3 Chart temporary" mv helm2.Chart.yaml Chart.yaml + if [ ${dir} = "operator" ] + then + cp -R crds templates/crds + fi + echo "Restoring Helm2 Chart and replace Helm3 Chart temporary" [ ! -f helm2.requirements.lock ] || mv helm2.requirements.lock requirements.lock [ ! -f helm2.requirements.yaml ] || mv helm2.requirements.yaml requirements.yaml echo "Processing Helm2 Chart in $dir" From 5a1438075bafe8adfaebc90ca7c7640179daa4dc Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 28 Sep 2020 22:55:41 +0200 Subject: [PATCH 144/235] Added Helm2 Chart version additional to helm3. --- .../helm2.Chart.yaml | 8 +++++++ hooks/generic-webhook/helm2.Chart.yaml | 8 +++++++ .../helm2.Chart.yaml | 8 +++++++ hooks/persistence-elastic/helm2.Chart.yaml | 10 +++++++++ .../helm2.requirements.lock | 9 ++++++++ .../helm2.requirements.yaml | 9 ++++++++ hooks/update-field/helm2.Chart.yaml | 8 +++++++ scanners/amass/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/kube-hunter/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/ncrack/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/nikto/helm2.Chart.yaml | 22 +++++++++++++++++++ scanners/nmap/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/ssh_scan/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/sslyze/helm2.Chart.yaml | 21 ++++++++++++++++++ scanners/test-scan/helm2.Chart.yaml | 19 ++++++++++++++++ scanners/trivy/helm2.Chart.yaml | 22 +++++++++++++++++++ scanners/wpscan/helm2.Chart.yaml | 22 +++++++++++++++++++ scanners/zap/helm2.Chart.yaml | 22 +++++++++++++++++++ 18 files changed, 293 insertions(+) create mode 100644 hooks/declarative-subsequent-scans/helm2.Chart.yaml create mode 100644 hooks/generic-webhook/helm2.Chart.yaml create mode 100644 hooks/imperative-subsequent-scans/helm2.Chart.yaml create mode 100644 hooks/persistence-elastic/helm2.Chart.yaml create mode 100644 hooks/persistence-elastic/helm2.requirements.lock create mode 100644 hooks/persistence-elastic/helm2.requirements.yaml create mode 100644 hooks/update-field/helm2.Chart.yaml create mode 100644 scanners/amass/helm2.Chart.yaml create mode 100644 scanners/kube-hunter/helm2.Chart.yaml create mode 100644 scanners/ncrack/helm2.Chart.yaml create mode 100644 scanners/nikto/helm2.Chart.yaml create mode 100644 scanners/nmap/helm2.Chart.yaml create mode 100644 scanners/ssh_scan/helm2.Chart.yaml create mode 100644 scanners/sslyze/helm2.Chart.yaml create mode 100644 scanners/test-scan/helm2.Chart.yaml create mode 100644 scanners/trivy/helm2.Chart.yaml create mode 100644 scanners/wpscan/helm2.Chart.yaml create mode 100644 scanners/zap/helm2.Chart.yaml diff --git a/hooks/declarative-subsequent-scans/helm2.Chart.yaml b/hooks/declarative-subsequent-scans/helm2.Chart.yaml new file mode 100644 index 00000000..7a26e4fe --- /dev/null +++ b/hooks/declarative-subsequent-scans/helm2.Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +name: declarative-subsequent-scans +description: Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS). + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest \ No newline at end of file diff --git a/hooks/generic-webhook/helm2.Chart.yaml b/hooks/generic-webhook/helm2.Chart.yaml new file mode 100644 index 00000000..c48efb7e --- /dev/null +++ b/hooks/generic-webhook/helm2.Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +name: generic-webhook +description: Lets you send http webhooks after scans are completed + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest \ No newline at end of file diff --git a/hooks/imperative-subsequent-scans/helm2.Chart.yaml b/hooks/imperative-subsequent-scans/helm2.Chart.yaml new file mode 100644 index 00000000..8b7d6cb3 --- /dev/null +++ b/hooks/imperative-subsequent-scans/helm2.Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +name: imperative-subsequent-scans +description: Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS). + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest \ No newline at end of file diff --git a/hooks/persistence-elastic/helm2.Chart.yaml b/hooks/persistence-elastic/helm2.Chart.yaml new file mode 100644 index 00000000..9b4c102e --- /dev/null +++ b/hooks/persistence-elastic/helm2.Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +name: persistence-elastic +description: The elastic persistence provider persists secureCodeBox findings into the elastic stack. + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest + +appVersion: 7.6.1 \ No newline at end of file diff --git a/hooks/persistence-elastic/helm2.requirements.lock b/hooks/persistence-elastic/helm2.requirements.lock new file mode 100644 index 00000000..f046652e --- /dev/null +++ b/hooks/persistence-elastic/helm2.requirements.lock @@ -0,0 +1,9 @@ +dependencies: +- name: elasticsearch + repository: https://helm.elastic.co + version: 7.6.1 +- name: kibana + repository: https://helm.elastic.co + version: 7.6.1 +digest: sha256:7d3461d986f620421f775f9ecaf73af2565ace9d909a8134c4259c5206f1f89c +generated: "2020-03-17T15:09:24.838784+01:00" diff --git a/hooks/persistence-elastic/helm2.requirements.yaml b/hooks/persistence-elastic/helm2.requirements.yaml new file mode 100644 index 00000000..23216808 --- /dev/null +++ b/hooks/persistence-elastic/helm2.requirements.yaml @@ -0,0 +1,9 @@ +dependencies: + - name: elasticsearch + version: 7.6.1 + repository: https://helm.elastic.co + condition: elasticsearch.enabled + - name: kibana + version: 7.6.1 + repository: https://helm.elastic.co + condition: kibana.enabled diff --git a/hooks/update-field/helm2.Chart.yaml b/hooks/update-field/helm2.Chart.yaml new file mode 100644 index 00000000..18476835 --- /dev/null +++ b/hooks/update-field/helm2.Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +name: update-field-hook +description: Lets you add or override a field to every finding + +type: application + +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest \ No newline at end of file diff --git a/scanners/amass/helm2.Chart.yaml b/scanners/amass/helm2.Chart.yaml new file mode 100644 index 00000000..2653ba04 --- /dev/null +++ b/scanners/amass/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: amass +description: A Helm chart for the Amass security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: 3.10.3 + +keywords: + - security + - amass + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/amass +icon: https://www.securecodebox.io/scannerIcons/Amass.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/kube-hunter/helm2.Chart.yaml b/scanners/kube-hunter/helm2.Chart.yaml new file mode 100644 index 00000000..69fc6601 --- /dev/null +++ b/scanners/kube-hunter/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: kube-hunter +description: A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: v0.3.0 + +keywords: + - security + - kube-hunter + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/kube-hunter +icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/ncrack/helm2.Chart.yaml b/scanners/ncrack/helm2.Chart.yaml new file mode 100644 index 00000000..98116391 --- /dev/null +++ b/scanners/ncrack/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: ncrack +description: A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: 0.7 + +keywords: + - security + - ncrack + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/ncrack +icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/nikto/helm2.Chart.yaml b/scanners/nikto/helm2.Chart.yaml new file mode 100644 index 00000000..23c9ddd5 --- /dev/null +++ b/scanners/nikto/helm2.Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: nikto +description: A Helm chart for the Nikto security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +# appVersion - Nikto doesn't really version its releases +appVersion: latest + +keywords: + - security + - nikto + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/nikto +icon: https://www.securecodebox.io/scannerIcons/Nikto.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/nmap/helm2.Chart.yaml b/scanners/nmap/helm2.Chart.yaml new file mode 100644 index 00000000..e0cb91ea --- /dev/null +++ b/scanners/nmap/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: nmap +description: A Helm chart for the NMAP security Scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: 7.80-r2 + +keywords: + - security + - nmap + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/nmap +icon: https://www.securecodebox.io/scannerIcons/Nmap.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/ssh_scan/helm2.Chart.yaml b/scanners/ssh_scan/helm2.Chart.yaml new file mode 100644 index 00000000..32e6e2b7 --- /dev/null +++ b/scanners/ssh_scan/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: ssh-scan +description: A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: "0.0.43" + +keywords: + - security + - ssh + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/ssh +icon: https://www.securecodebox.io/scannerIcons/SSH.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/sslyze/helm2.Chart.yaml b/scanners/sslyze/helm2.Chart.yaml new file mode 100644 index 00000000..95cf7a69 --- /dev/null +++ b/scanners/sslyze/helm2.Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: sslyze +description: A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: v3.0.6 + +keywords: + - security + - ssl + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/sslyze +icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/test-scan/helm2.Chart.yaml b/scanners/test-scan/helm2.Chart.yaml new file mode 100644 index 00000000..2203edf9 --- /dev/null +++ b/scanners/test-scan/helm2.Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +name: test-scan +description: A Helm chart to test the secureCodeBox operator + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest + +keywords: + - security + - scanner + - secureCodeBox + - integrationTest + - test +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/trivy/helm2.Chart.yaml b/scanners/trivy/helm2.Chart.yaml new file mode 100644 index 00000000..d8c4d8d0 --- /dev/null +++ b/scanners/trivy/helm2.Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: trivy +description: A Helm chart for the trivy security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: v0.6.0 + +keywords: + - security + - trivy + - image-scanning + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/trivy +icon: https://github.com/aquasecurity/trivy/blob/master/imgs/logo.png +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml new file mode 100644 index 00000000..c76e339e --- /dev/null +++ b/scanners/wpscan/helm2.Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: wpscan +description: A Helm chart for the WordPress security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: latest + +keywords: + - security + - wpscan + - wordpress + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/wpscan +icon: https://www.securecodebox.io/scannerIcons/WPScan.svg +sources: + - https://github.com/secureCodeBox/scanner-infrastructure-wpscan +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/scanners/zap/helm2.Chart.yaml b/scanners/zap/helm2.Chart.yaml new file mode 100644 index 00000000..d3e24d33 --- /dev/null +++ b/scanners/zap/helm2.Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +name: zap +description: A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox. + +type: application +# version - gets automatically set to the secureCodeBox release version when the helm charts gets published +version: latest +appVersion: v2.9.0 + +keywords: + - security + - Zap + - OWASP + - scanner + - secureCodeBox +home: https://www.securecodebox.io/scanners/zap +icon: https://www.securecodebox.io/scannerIcons/ZAP.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox +maintainers: + - name: iteratec GmbH + email: security@iteratec.com From e8c06b7bdbeb9d74d2f441b1223bd435cedcffb2 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 29 Sep 2020 08:09:29 +0200 Subject: [PATCH 145/235] Fixing CodeClimate Integration --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b5135898..a60b652f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -47,7 +47,7 @@ jobs: - name: "Run tests & publish code coverage" uses: paambaati/codeclimate-action@v2.6.0 env: - CC_TEST_REPORTER_ID: 80b305e484240da8cecbd1d017dfb365d3ee7f4508b5ed8fd9e9348efd286406 + CC_TEST_REPORTER_ID: 545b7af20f13dc58a3284275828532a26d89a8e90c8f276fb54a23d78bae7a19 with: coverageCommand: npm test -- --ci --colors --coverage operator: From 71c5212465f6ab40c3d0946f80826e4dbd72dc0c Mon Sep 17 00:00:00 2001 From: Daniel Patanin Date: Tue, 29 Sep 2020 09:14:48 +0200 Subject: [PATCH 146/235] Move adr of securecodebox.io to main repo Since we changed the framework for our website the decision described in the respective adr file will be archived or forgotten about. Furthermore this website is a tool we use for our main project, thus the decision about what "tool" we use for documentation should be saved in the main repository. --- docs/adr/adr_0001.adoc | 253 ++++++++------------------------ docs/adr/adr_0002.adoc | 318 +++++++++++++++++++++++------------------ docs/adr/adr_0003.adoc | 182 +++++++++++++++++++++++ 3 files changed, 415 insertions(+), 338 deletions(-) create mode 100644 docs/adr/adr_0003.adoc diff --git a/docs/adr/adr_0001.adoc b/docs/adr/adr_0001.adoc index 87d68733..53e4e95d 100644 --- a/docs/adr/adr_0001.adoc +++ b/docs/adr/adr_0001.adoc @@ -1,214 +1,77 @@ -[[ADR-0000]] -= ADR-0000: How can we introduce a more general extension concept for data processing modules? +[[ADR-0001]] += ADR-0001: Choosing the framework for the new secureCodeBox Website [cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] |==== - +// Use one of the ADR status parameter based on status +// Please add a cross reference link to the new ADR on 'superseded' ADR. +// e.g.: {adr_suposed_by} <> | Status | ACCEPTED | Date -| 2020-05-20 +| 2019-08-21 | Author(s) -| Jannik Hollenbach , - Jorge Estigarribia , - Robert Seedorff , - Sven Strittmatter +| Daniel Patanin daniel.patanin@iteratec.com, + Jannick Hollenbach jannick.hollenbach@iteratec.com +// ... |==== == Context -=== Status Quo - -One major challenge implementing the _secureCodeBox_ is to provide a flexible and modular architecture, which enables the open source community to easily understand the concepts and especially to extend the _secureCodeBox_ with individual features. Therefore we decided to separate the process stages of a single security scan (instance of _scanType_ custom resource definition; further abbreviated with _CRD_) in three major phases: - -.... -┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ -│ scanning ├─────────▶│ parsing ├─────────▶│ persisting │ -│ (phase 1) │ │ (phase 2) │ │ (phase 3) │ -└──────────────────┘ └──────────────────┘ └──────────────────┘ -.... - -By now the phase 3 "`persisting`" was implemented by so called _PersistenceProviders_ (e.g., the _persistence-elastic_ provider which is responsible for persisting all findings in a given elasticsearch database). The _secureCodeBox_ Operator is aware of this 3 phases and is responsible for the state model and execution of each security scan. - -=== Problem and Question - -We identified different additional use cases with a more "`data processing oriented`" pattern than the implemented phase 3 "`persisting`" indicates. For example, we implemented a so called _MetaDataProvider_ feature, which is responsible for enhancing each security finding with additional metadata. But the _MetaDataProvider_ must be executed after the phase 2 "`parsing`" and before the phase 3 "`persisting`" because it depends on the parsed finding results (which will be enhanced) and the updated findings should be also persisted. - -To find a proper solution, we split the topic into the following two questions: - -. Should we unify the concepts _MetaDataProvider_ and _PersistenceProvider_? -. How should the execution model look like for each concept? - -==== Question 1: Should We Unify the Concepts MetaDataProvider and PersistenceProvider? - -===== Solution Approach 1: Unify - -Both "`modules`" are "`processing`" the security findings, which were generated in the phase 2 "`parsing`", -but there is one major difference between them: - -* a _PersistenceProvider_ is processing the findings *read only*, and -* a _MetaDataProvider_ is processing the findings *read and write*. - -There is a similar concept in Kubernetes called https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/[AdmissionController], but with the exception that the will be executed before a resource is created. - -There are two variants of _AdmissionControllers_: - -. _ValidatingWebhookConfiguration_: *read only*, *executed last*; and -. _MutatingWebhookConfiguration_: *read and write*, *executed first*. - -We could do a similar thing and introduce CRD which allows to execute "`custom code`" (depends on the second question) after a scan has completed (meaning both phases "`scan`" and "`parsing`" were done). Some name ideas: - -* _ScanHooks_ -* _ScanCompletionHooks_ -* _FindingProcessors_ - -These could be implemented with a `type` attribute, which declares if they are *read only* or *read and write*. - -The _secureCodeBox operator_ would process all these CRDs in the namespace of the scan and execute the *read and write* ones first in serial only one at a time to avoid write conflicts and then the *read only* ones in parallel. - -[source,yaml] ----- -apiVersion: execution.experimental.securecodebox.io/v1 -kind: ScanCompletionHook -metadata: - name: my-metadata -spec: - type: ReadAndWrite - # If implemented like the current persistence provider - image: my-metadata:v2.0.0 ----- - -The Execution Flow would then look something like this: - -.... - ┌ ReadOnly─Hooks─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ - ┌ ReadAndWriteHooks ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ - ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ -┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ -│ Scan ├──▶│ Parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ -└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ -.... - -====== Pros - -* Only one implementation. -* Pretty generic to expand and test out new ideas without having to modify the _secureCodeBox operator_. - -====== Cons - -* Possibly an "`over-abstraction`". -* Need to refactor the _persistence-elastic_ provider. -* The "`general implementation`" will be harder than the individual ones. - -===== Solution Approach 2: Keep Split between Persistence Provider and MetaData Provider - -Keep _PersistenceProvider_ as they are and introduce new _MetaDataProvider_ CRD which gets executed before the _PersistenceProviders_ by the __secureCodeBox operator_. - -.... - ┌ Persistence Provider─ ─ ─ ─ ─ ─ ─ ─ - ┌ MetaData Provider ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ - ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ -┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ -│ Scan ├──▶│ Parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ -└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ -.... - -====== Pros - -* Quicker to implement. -* Might be worth it to have a separate concept for it. - -====== Cons - -* Not sure if it worth to introduce a new CRD for everything, especially when it's conceptually pretty close to to something already existing. - -==== Question 2: How Should the Execution Model Look like for Each Concept? - -===== Solution Approach 1: Like the Persistence Provider - -Basically a docker container which process findings takes two arguments: - -. A pre-defined URL to download the findings from. -. A pre-defined URL to upload the modified findings to. - -Examples: - -* NodeJS: `node my-metadata.js "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` -* Java: `java my-metadata.jar "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` -* Golang: `./my-metadata "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` - -====== Pros - -* One liner with the current implementations. -* Code overhead / wrapper code is pretty minimal. -* Zero scale: no resource costs when nothing is running. - -===== Cons - -* May results in too many Kubernetes jobs. -** Resource blocking on finished resources. -** `ttlAfterFinished` enabled. -* Container runtime overhead (especially time). - -===== Solution Approach 2: A WebHooks Like Concept - -Analog to kubernetes webhooks: HTTP server receiving findings and returning results. - -===== Pros - -* Milliseconds instead of seconds for processing. -* No overhead for container Creation. -* No additional kubernetes jobs needed. - -===== Cons - -* Introduces new running services which needs to be maintained and have uptime. -* Code overhead / boilerplate (Can be mitigated by an SDK). -* Debugging of individual _MetaDataProvider_ is harder than a single service which handles everything. -* Introduces "`new`"cConcept. -* Certificate management for webhook services (`cert-manager` required by default?). -* Scaling for systems with lots of load could be a problem. -* One service per namespace (multiple tenants) needed -> results in many running active services which is resource consuming. +There are tons of different frameworks for building websites out there. We must choose the most fitting one for our use, fulfilling our mandatory requirements: + +• Common programming language, if applicable easy to learn +• Overall easy to use and start-up, also locally +• Tutorials, examples and a good documentation +• Bonus points for great and many easy to use templates and plugins +• Needs continuous support and contribution +• Must be able to be deployed as GitHub pages + +We will choose from the following popular/trending: + +https://gridsome.org/[Gridsome] + +https://www.gatsbyjs.org/[Gatsby] + +https://gohugo.io/[Hugo] + +https://jekyllrb.com/[Jekyll] + +=== Research + +These frameworks do all fulfill the requirements to the extent that I estimate them as wellsuited. First, I researched the listed features on the respective sites or quickly googled after it +specifically and found instantly the requested feature. I followed up with a general overview +of how old the frameworks, how popular they are and for example pages build with them. +Afterwards I searched for comparison blogs and posts, mostly to examine their comments. +Most of these „pro-cons “-posts are inaccurate and very superficial, but luckily because of that +the comment sections hold interesting discussions and comparisons from overall features and +usability to specific issues and problems of each framework and which framework fits what +use-cases in general. After this research I’ve come to a majority of similar experience sharing +and discussions. These described the distribution of these frameworks as follows (roughly +summarized): + +Gridsome is like Gatsby just for VueJS. +Gatsby is blazing fast after building the pages but requires a little bit more understanding of +JavaScript and React and may not be as easy to get behind if you’ve never built a site with a +static site generator before. +Hugo is fast in building and based on Golang. But as a newbie to that language you’ll find yourself using the documentation very much, unless you learn this language to a curtain depth. +Jekyll is simple in templating and very good for quickly starting a small blog site but based on +ruby and therefore requires ruby dependencies. == Decision -Regarding question 1 it seems that both solution approaches are resulting in the same execution model. We decided to implement solution approach 1 and unify both concepts into a more general concept with the name _hook concept_. Therefore we exchange the existing name _PersistenceProvider_ for phase 3 in the execution model with a more general term _processing_: - -.... -┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ -│ scanning ├─────────▶│ parsing ├─────────▶│ processing │ -│ (Phase 1) │ │ (Phase 2) │ │ (Phase 3) │ -└──────────────────┘ └──────────────────┘ └──────────────────┘ -.... - -Regarding question 2 we decided to implement the solution approach 1 with a job-based approach (no active service component needed). Therefore the phase 3 _processing_ will be split into two separate phases named _ReadAndWriteHooks_ (3.1) and _ReadOnlyHooks_ (3.2) -// #30 to what refers 3.1 and 3.2? - -.... - ┌ 3.2 processing: ReadOnlyHooks ─ ─ ─ - ┌ 3.1 processing: ReadAndWriteHooks ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ - ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ -┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ -│ scanning ├──▶│ parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ -└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ - ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ -.... +So, it seems that Hugo is a pretty good choice for sites with many, many…. like many pages. +Jekyll seems to fit for a quick build. Gatsby and Gridsome require a bit more time to learn but +have their advantages in speed and growth of the site. And whether you choose Gridsome over +Gatsby relies on whether you want to use VueJS or not. -== Consequences - -With the new _hook concept_ we open the _phase 3 processing_ to a more intuitive and flexible architecture. It is easier to understand because _WebHooks_ are already a well known concept. It is possible to keep the existing implementation of the _PersistenceProvider_ and integrate them with a lot of other possible processing components in a more general fashion. In the end, this step will result in a lot of additional feature possibilities, which go far beyond the existing ones proposed here. Therefore we only need to implement this concept once in the _secureCodeBox operator_ and new ideas for extending the _DataProcessing_ will not enforce conceptual or architectural changes. +Finally we’ve decided to use Gatsby. Some of the main reasons is it’s fast performance, the extensive documentation and tutorials and also the language, since Hugo (the +other framework we considered mainly) is based on Golang, and as for my part as a developer I +feel completely comfortable and prefer working with JSX. Overall it comes down to preferences mostly, since we’re not going to build a giant Website, nor are we planning on implementing “crazy” Features. -Ideas for additional processing hooks: +== Consequences -* Notifier hooks (_ReadOnlyHook_) e.g., for chat (slack, teams etc.), metric, alerting systems -* MetaData enrichment hooks (_ReadAndWriteHook_) -* FilterData hooks (_ReadAndWriteHook_) (e.g., false/positive handling) -* SystemIntegration hooks (_ReadOnlyHook_) e.g., for ticketing systems like Jira -* CascadingScans hooks (_ReadOnlyHook_) e.g., for starting new security scans based on findings +For the integration of our multi-repository documentation we’ll use +Antora if working this out with Gatsby is going to be more difficult than integrating Antora. +We’re aware that using Gatsby requires a bit more maintenance and has the drawback, that if +anybody else will maintain or work on the website, this person will need to at least understand +the basics of React and GraphQL. \ No newline at end of file diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc index 7069f35a..60f6eba1 100644 --- a/docs/adr/adr_0002.adoc +++ b/docs/adr/adr_0002.adoc @@ -1,5 +1,5 @@ [[ADR-0002]] -= ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? += ADR-0000: How can we introduce a more general extension concept for data processing modules? [cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] |==== @@ -12,6 +12,7 @@ | Author(s) | Jannik Hollenbach , + Jorge Estigarribia , Robert Seedorff , Sven Strittmatter |==== @@ -20,163 +21,194 @@ === Status Quo -Currently scans by the secureCodeBox are single focused on a specific tool. -Combining multiple scans requires manual or scripting by the user to use the results of a scan (e.g. Nmap) as a input for another scanner (e.g. SSLyze) +One major challenge implementing the _secureCodeBox_ is to provide a flexible and modular architecture, which enables the open source community to easily understand the concepts and especially to extend the _secureCodeBox_ with individual features. Therefore we decided to separate the process stages of a single security scan (instance of _scanType_ custom resource definition; further abbreviated with _CRD_) in three major phases: + +.... +┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ +│ scanning ├─────────▶│ parsing ├─────────▶│ persisting │ +│ (phase 1) │ │ (phase 2) │ │ (phase 3) │ +└──────────────────┘ └──────────────────┘ └──────────────────┘ +.... + +By now the phase 3 "`persisting`" was implemented by so called _PersistenceProviders_ (e.g., the _persistence-elastic_ provider which is responsible for persisting all findings in a given elasticsearch database). The _secureCodeBox_ Operator is aware of this 3 phases and is responsible for the state model and execution of each security scan. === Problem and Question -How can the results of a scan be used to automatically configure subsequent specialized scans for identified targets. +We identified different additional use cases with a more "`data processing oriented`" pattern than the implemented phase 3 "`persisting`" indicates. For example, we implemented a so called _MetaDataProvider_ feature, which is responsible for enhancing each security finding with additional metadata. But the _MetaDataProvider_ must be executed after the phase 2 "`parsing`" and before the phase 3 "`persisting`" because it depends on the parsed finding results (which will be enhanced) and the updated findings should be also persisted. -In general we want to describe cascading scans like: +To find a proper solution, we split the topic into the following two questions: -``` -+--------+ +--------+ +--------+ -| scan 1 |-- result -->| scan 2 |-- result -->| scan 3 | -+--------+ +--------+ | +--------+ - | - | +--------+ - +---->| scan 4 | - +--------+ -```` +. Should we unify the concepts _MetaDataProvider_ and _PersistenceProvider_? +. How should the execution model look like for each concept? -A concrete example: +==== Question 1: Should We Unify the Concepts MetaDataProvider and PersistenceProvider? -``` -+----------------+ +-----------------+ +-----------+ -| <> | | <> | | <> | -| find all hosts |-- IP -->| find open ports |-- port 443 -->| check TLS | -+----------------+ +-----------------+ | +-----------+ - | - | +-------------+ - | | <> | - +------->| check HTTPd | - +-------------+ -``` +===== Solution Approach 1: Unify -The solution should fulfill the following criteria: +Both "`modules`" are "`processing`" the security findings, which were generated in the phase 2 "`parsing`", +but there is one major difference between them: -- The "rules" used to describe which subsequent scans can be executed should be modular, so that they can be packaged together with the scan types. -- It should be possible for a user to select which scan rules should be applied -- Protections should be in place to ensure that the clusters are not completely overwhelmed by these automatically created scans. Especially circular structures which create a infinite number of scans should be prevented. +* a _PersistenceProvider_ is processing the findings *read only*, and +* a _MetaDataProvider_ is processing the findings *read and write*. -== Decision +There is a similar concept in Kubernetes called https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/[AdmissionController], but with the exception that the will be executed before a resource is created. -It was decided to implement these rules as Custom Resource Definitions (CRDs) in Kubernetes. -This allows the Helm Charts of the scanners to package related rules for the scanner together with their ScanTypes. +There are two variants of _AdmissionControllers_: -=== Defining CascadingRule +. _ValidatingWebhookConfiguration_: *read only*, *executed last*; and +. _MutatingWebhookConfiguration_: *read and write*, *executed first*. -The so called "CascadingRules" consist of a "matches" section which contains one or multiple rules which are compared against findings. -When a finding matches a rule the "scanSpec" section will then be used to create a new scan. -To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. +We could do a similar thing and introduce CRD which allows to execute "`custom code`" (depends on the second question) after a scan has completed (meaning both phases "`scan`" and "`parsing`" were done). Some name ideas: -```yaml -apiVersion: "cascading.experimental.securecodebox.io/v1" -kind: CascadingRule -metadata: - name: "tls-scans" - labels: - # Described how "invasive" the scan is. - # Possible values: "invasive" or "non-invasive" - # CascadingRules are considered "invasive" when the Scan they start actively sends out packages with attack payloads. - securecodebox.io/invasive: non-invasive - # Described the intensiveness level on a scanning and computational resource level. - # Possible values: "ligh", "medium", "intense" - # CascadingRules are considered more "intensive" when the Scan they start consumes lots of computational resources like RAM, CPU, or Network - securecodebox.io/intensive: light -spec: - matches: - # CascadingRule triggers if a finding matches at least one of the anyOf matchers - # With the first version of this implementation only anyOf would be supported. - # If this turns out to be lacking and other operators (like `allOf` can be introduced without breaking changes) - anyOf: - # define an explicit "port" as finding and a given port number - - category: "Open Port" - attributes: - port: 443 - service: "https" - # define an "port service" finding (any port) - - category: "Open Port" - attributes: - service: "https" - scanSpec: - name: "sslyze" - parameters: ["--regular", "{{attributes.hostname}}"] -``` - -=== Using CascadingRules - -By default no cascading Rules will be used. - -```yaml -# Nmap Scan without cascading rules -apiVersion: "execution.experimental.securecodebox.io/v1" -kind: Scan -metadata: - name: "portscan-berlin-wifi" - label: - office: berlin - vlan: wifi -spec: - name: "nmap" - parameters: ["-sV", "10.42.0.0/16"] -``` +* _ScanHooks_ +* _ScanCompletionHooks_ +* _FindingProcessors_ -To enable cascading rules you need to specify a label selector to select the cascading rules you'd like +These could be implemented with a `type` attribute, which declares if they are *read only* or *read and write*. -```yaml -apiVersion: "execution.experimental.securecodebox.io/v1" -kind: Scan -metadata: - name: "portscan-berlin-wifi" - label: - office: berlin - vlan: wifi -spec: - cascades: - matchLabels: - # Uses all CascadingRules in the namespace which are labelled as "non-invasive" and a intensiveness level of "light" - securecodebox.io/invasive: non-invasive - securecodebox.io/intensive: light - name: "nmap" - parameters: ["-sV", "10.42.0.0/16"] -``` - -To implicitly enable all cascading rules (not-recommended) a empty label selector can be used - -```yaml -apiVersion: "execution.experimental.securecodebox.io/v1" -kind: Scan -metadata: - name: "portscan-berlin-wifi" - label: - office: berlin - vlan: wifi -spec: - cascades: - # Uses all `CascadingRules` in the namespace - matchLabels: {} - name: "nmap" - parameters: ["-sV", "10.42.0.0/16"] -``` - -The label selectors also allow the more powerful [matchExpression](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) selectors: - -```yaml -apiVersion: "execution.experimental.securecodebox.io/v1" -kind: Scan +The _secureCodeBox operator_ would process all these CRDs in the namespace of the scan and execute the *read and write* ones first in serial only one at a time to avoid write conflicts and then the *read only* ones in parallel. + +[source,yaml] +---- +apiVersion: execution.experimental.securecodebox.io/v1 +kind: ScanCompletionHook metadata: - name: "example.com" + name: my-metadata spec: - scanType: nmap - parameters: - - -p22,80,443 - - example.com - cascades: - # Using matchExpression instead of matchLabels - matchExpression: - key: "securecodebox.io/intensive" - operator: In - # This select both light and medium intensity rules - values: [light, medium] -``` + type: ReadAndWrite + # If implemented like the current persistence provider + image: my-metadata:v2.0.0 +---- + +The Execution Flow would then look something like this: + +.... + ┌ ReadOnly─Hooks─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ + ┌ ReadAndWriteHooks ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ + ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ +┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ +│ Scan ├──▶│ Parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ +└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ +.... + +====== Pros + +* Only one implementation. +* Pretty generic to expand and test out new ideas without having to modify the _secureCodeBox operator_. + +====== Cons + +* Possibly an "`over-abstraction`". +* Need to refactor the _persistence-elastic_ provider. +* The "`general implementation`" will be harder than the individual ones. + +===== Solution Approach 2: Keep Split between Persistence Provider and MetaData Provider + +Keep _PersistenceProvider_ as they are and introduce new _MetaDataProvider_ CRD which gets executed before the _PersistenceProviders_ by the __secureCodeBox operator_. + +.... + ┌ Persistence Provider─ ─ ─ ─ ─ ─ ─ ─ + ┌ MetaData Provider ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ + ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ +┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ +│ Scan ├──▶│ Parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ +└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ +.... + +====== Pros + +* Quicker to implement. +* Might be worth it to have a separate concept for it. + +====== Cons + +* Not sure if it worth to introduce a new CRD for everything, especially when it's conceptually pretty close to to something already existing. + +==== Question 2: How Should the Execution Model Look like for Each Concept? + +===== Solution Approach 1: Like the Persistence Provider + +Basically a docker container which process findings takes two arguments: + +. A pre-defined URL to download the findings from. +. A pre-defined URL to upload the modified findings to. + +Examples: + +* NodeJS: `node my-metadata.js "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` +* Java: `java my-metadata.jar "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` +* Golang: `./my-metadata "https://storage.googleapi.com/..." "https://storage.googleapi.com/..."` + +====== Pros + +* One liner with the current implementations. +* Code overhead / wrapper code is pretty minimal. +* Zero scale: no resource costs when nothing is running. + +===== Cons + +* May results in too many Kubernetes jobs. +** Resource blocking on finished resources. +** `ttlAfterFinished` enabled. +* Container runtime overhead (especially time). + +===== Solution Approach 2: A WebHooks Like Concept + +Analog to kubernetes webhooks: HTTP server receiving findings and returning results. + +===== Pros + +* Milliseconds instead of seconds for processing. +* No overhead for container Creation. +* No additional kubernetes jobs needed. + +===== Cons + +* Introduces new running services which needs to be maintained and have uptime. +* Code overhead / boilerplate (Can be mitigated by an SDK). +* Debugging of individual _MetaDataProvider_ is harder than a single service which handles everything. +* Introduces "`new`"cConcept. +* Certificate management for webhook services (`cert-manager` required by default?). +* Scaling for systems with lots of load could be a problem. +* One service per namespace (multiple tenants) needed -> results in many running active services which is resource consuming. + +== Decision + +Regarding question 1 it seems that both solution approaches are resulting in the same execution model. We decided to implement solution approach 1 and unify both concepts into a more general concept with the name _hook concept_. Therefore we exchange the existing name _PersistenceProvider_ for phase 3 in the execution model with a more general term _processing_: + +.... +┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ +│ scanning ├─────────▶│ parsing ├─────────▶│ processing │ +│ (Phase 1) │ │ (Phase 2) │ │ (Phase 3) │ +└──────────────────┘ └──────────────────┘ └──────────────────┘ +.... + +Regarding question 2 we decided to implement the solution approach 1 with a job-based approach (no active service component needed). Therefore the phase 3 _processing_ will be split into two separate phases named _ReadAndWriteHooks_ (3.1) and _ReadOnlyHooks_ (3.2) +// #30 to what refers 3.1 and 3.2? + +.... + ┌ 3.2 processing: ReadOnlyHooks ─ ─ ─ + ┌ 3.1 processing: ReadAndWriteHooks ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌────────────────────────────────┐ │ + ┌───────────────────────┐ │ ┌──┼▶│ Elastic PersistenceProvider │ +┌──────────────────┐ ┌──────────────────┐ │ │ ReadAndWrite Hook #1 │ ┌───────────────────────┐ │ └────────────────────────────────┘ │ +│ scanning ├──▶│ parsing │────▶│ "MyMetaDataProvider" ├─▶│ ReadAndWrite Hook #2 │─┼──┤ │ ┌────────────────────────────────┐ +└──────────────────┘ └──────────────────┘ │ └───────────────────────┘ └───────────────────────┘ └───▶│ DefectDojo PersistenceProvider │ │ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ └────────────────────────────────┘ + ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ +.... + +== Consequences + +With the new _hook concept_ we open the _phase 3 processing_ to a more intuitive and flexible architecture. It is easier to understand because _WebHooks_ are already a well known concept. It is possible to keep the existing implementation of the _PersistenceProvider_ and integrate them with a lot of other possible processing components in a more general fashion. In the end, this step will result in a lot of additional feature possibilities, which go far beyond the existing ones proposed here. Therefore we only need to implement this concept once in the _secureCodeBox operator_ and new ideas for extending the _DataProcessing_ will not enforce conceptual or architectural changes. + +Ideas for additional processing hooks: + +* Notifier hooks (_ReadOnlyHook_) e.g., for chat (slack, teams etc.), metric, alerting systems +* MetaData enrichment hooks (_ReadAndWriteHook_) +* FilterData hooks (_ReadAndWriteHook_) (e.g., false/positive handling) +* SystemIntegration hooks (_ReadOnlyHook_) e.g., for ticketing systems like Jira +* CascadingScans hooks (_ReadOnlyHook_) e.g., for starting new security scans based on findings diff --git a/docs/adr/adr_0003.adoc b/docs/adr/adr_0003.adoc new file mode 100644 index 00000000..6fb41175 --- /dev/null +++ b/docs/adr/adr_0003.adoc @@ -0,0 +1,182 @@ +[[ADR-0003]] += ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== + +| Status +| ACCEPTED + +| Date +| 2020-05-20 + +| Author(s) +| Jannik Hollenbach , + Robert Seedorff , + Sven Strittmatter +|==== + +== Context + +=== Status Quo + +Currently scans by the secureCodeBox are single focused on a specific tool. +Combining multiple scans requires manual or scripting by the user to use the results of a scan (e.g. Nmap) as a input for another scanner (e.g. SSLyze) + +=== Problem and Question + +How can the results of a scan be used to automatically configure subsequent specialized scans for identified targets. + +In general we want to describe cascading scans like: + +``` ++--------+ +--------+ +--------+ +| scan 1 |-- result -->| scan 2 |-- result -->| scan 3 | ++--------+ +--------+ | +--------+ + | + | +--------+ + +---->| scan 4 | + +--------+ +```` + +A concrete example: + +``` ++----------------+ +-----------------+ +-----------+ +| <> | | <> | | <> | +| find all hosts |-- IP -->| find open ports |-- port 443 -->| check TLS | ++----------------+ +-----------------+ | +-----------+ + | + | +-------------+ + | | <> | + +------->| check HTTPd | + +-------------+ +``` + +The solution should fulfill the following criteria: + +- The "rules" used to describe which subsequent scans can be executed should be modular, so that they can be packaged together with the scan types. +- It should be possible for a user to select which scan rules should be applied +- Protections should be in place to ensure that the clusters are not completely overwhelmed by these automatically created scans. Especially circular structures which create a infinite number of scans should be prevented. + +== Decision + +It was decided to implement these rules as Custom Resource Definitions (CRDs) in Kubernetes. +This allows the Helm Charts of the scanners to package related rules for the scanner together with their ScanTypes. + +=== Defining CascadingRule + +The so called "CascadingRules" consist of a "matches" section which contains one or multiple rules which are compared against findings. +When a finding matches a rule the "scanSpec" section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +```yaml +apiVersion: "cascading.experimental.securecodebox.io/v1" +kind: CascadingRule +metadata: + name: "tls-scans" + labels: + # Described how "invasive" the scan is. + # Possible values: "invasive" or "non-invasive" + # CascadingRules are considered "invasive" when the Scan they start actively sends out packages with attack payloads. + securecodebox.io/invasive: non-invasive + # Described the intensiveness level on a scanning and computational resource level. + # Possible values: "ligh", "medium", "intense" + # CascadingRules are considered more "intensive" when the Scan they start consumes lots of computational resources like RAM, CPU, or Network + securecodebox.io/intensive: light +spec: + matches: + # CascadingRule triggers if a finding matches at least one of the anyOf matchers + # With the first version of this implementation only anyOf would be supported. + # If this turns out to be lacking and other operators (like `allOf` can be introduced without breaking changes) + anyOf: + # define an explicit "port" as finding and a given port number + - category: "Open Port" + attributes: + port: 443 + service: "https" + # define an "port service" finding (any port) + - category: "Open Port" + attributes: + service: "https" + scanSpec: + name: "sslyze" + parameters: ["--regular", "{{attributes.hostname}}"] +``` + +=== Using CascadingRules + +By default no cascading Rules will be used. + +```yaml +# Nmap Scan without cascading rules +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To enable cascading rules you need to specify a label selector to select the cascading rules you'd like + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + matchLabels: + # Uses all CascadingRules in the namespace which are labelled as "non-invasive" and a intensiveness level of "light" + securecodebox.io/invasive: non-invasive + securecodebox.io/intensive: light + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To implicitly enable all cascading rules (not-recommended) a empty label selector can be used + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + # Uses all `CascadingRules` in the namespace + matchLabels: {} + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +The label selectors also allow the more powerful [matchExpression](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) selectors: + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "example.com" +spec: + scanType: nmap + parameters: + - -p22,80,443 + - example.com + cascades: + # Using matchExpression instead of matchLabels + matchExpression: + key: "securecodebox.io/intensive" + operator: In + # This select both light and medium intensity rules + values: [light, medium] +``` From d379001223d168a4c81bba745ae2a607ed2638ce Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 29 Sep 2020 09:31:01 +0200 Subject: [PATCH 147/235] Disable istio injection for scan/parser/hook pods --- .../controllers/execution/scans/hook_reconciler.go | 3 +++ .../controllers/execution/scans/parse_reconciler.go | 3 +++ .../controllers/execution/scans/scan_reconciler.go | 10 ++++++++++ 3 files changed, 16 insertions(+) diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index 28e0d4ee..7dcbb231 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -376,6 +376,9 @@ func (r *ScanReconciler) createJobForHook(hook *executionv1.ScanCompletionHook, Annotations: map[string]string{ "auto-discovery.experimental.securecodebox.io/ignore": "true", }, + Labels: map[string]string{ + "sidecar.istio.io/inject": "false", + }, }, Spec: corev1.PodSpec{ ServiceAccountName: serviceAccountName, diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index 09a88bd3..0d99dcbd 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -94,6 +94,9 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error { Annotations: map[string]string{ "auto-discovery.experimental.securecodebox.io/ignore": "true", }, + Labels: map[string]string{ + "sidecar.istio.io/inject": "false", + }, }, Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index e8c7a65f..6eca8c14 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -187,6 +187,16 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e }, }) + // Ensuring that istio doesn't inject a sidecar proxy. + // This currently messes with + if job.Spec.Template.ObjectMeta.Labels != nil { + job.Spec.Template.ObjectMeta.Labels["sidecar.istio.io/inject"] = "true" + } else { + job.Spec.Template.ObjectMeta.Labels = map[string]string{ + "sidecar.istio.io/inject": "false", + } + } + // merging volume mounts (for the primary scanner container) from ScanType (if existing) with standard results volume mount if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { job.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} From d0994d73edbf8ab143c6de1e3e0de76f47ebdbb0 Mon Sep 17 00:00:00 2001 From: Daniel Patanin Date: Tue, 29 Sep 2020 10:15:46 +0200 Subject: [PATCH 148/235] Add adr file about new documentation framework --- docs/adr/adr_0002.adoc | 2 +- docs/adr/adr_0003.adoc | 2 +- docs/adr/adr_0004.adoc | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 docs/adr/adr_0004.adoc diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc index 60f6eba1..8476fffb 100644 --- a/docs/adr/adr_0002.adoc +++ b/docs/adr/adr_0002.adoc @@ -1,5 +1,5 @@ [[ADR-0002]] -= ADR-0000: How can we introduce a more general extension concept for data processing modules? += ADR-0002: How can we introduce a more general extension concept for data processing modules? [cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] |==== diff --git a/docs/adr/adr_0003.adoc b/docs/adr/adr_0003.adoc index 6fb41175..3d7d0000 100644 --- a/docs/adr/adr_0003.adoc +++ b/docs/adr/adr_0003.adoc @@ -1,5 +1,5 @@ [[ADR-0003]] -= ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? += ADR-0003: How can we introduce a mechanism to start specialized scans on the results of previous scans? [cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] |==== diff --git a/docs/adr/adr_0004.adoc b/docs/adr/adr_0004.adoc new file mode 100644 index 00000000..08bc5c83 --- /dev/null +++ b/docs/adr/adr_0004.adoc @@ -0,0 +1,41 @@ +[[ADR-0004]] += ADR-0004: Which framework could be more useful for documentation purposes? + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== + +| Status +| ACCEPTED + +| Date +| 2020-09-29 + +| Author(s) +| Daniel Patanin daniel.patanin@iteratec.com + +|==== + +== Context + +Since the last major update of our GatsbyJS based website, the original requirements for our ideal webpage have changed. +Originally we needed a website, which could present our project briefly and hold the documentation, dynamically build from our main repository. +The first aspect has changed quite severe since we aim for an actual marketing oriented homepage now. The second goal stays the same, but changed contextually. +We no longer just want to host the documentation, but furthermore want to stay on modern documentation standards and since our team does not want to invest too +much time into the documentation site's development and maintenance, we are looking for a component library or whole framework specialized on documentation. + +== Decision + +We did not evaluate many different frameworks. The journey was quite short in fact. The first documentation oriented framework we looked at was Docusaurus. +As I progressed into trying out to build a basic Docusaurus site and copied all documentation files into it, the website actually looked nice and quite finished already, +after only a few hours of tinkering. It is that easy and simple to understand, especially with it's own good documentation. After reviewing this very basic website, +we decided to advance this and already try to retrieve the documentation remotely from our main repository. At this point the decision was pretty clear already: If there +is no major drawback coming up, Docusaurus is our new framework of choice. And there was no drawback major enough to revoke this decision (yet). Everything we programmatically +wanted to achieve, we could do so by basic scripting and we never really have to think about components like the sidebar, navbar etc. since this is all done completely automatically +by Docusaurus itself. + +== Consequences + +As simple and easy it sounds, so it is, meaning that since the build is automated to a very big degree, we are 'forced' to follow Docusaurus' exact guidelines and mechanics. +For now they are almost identical to what we require. And of course we can build custom components and custom pages, but the documentation and blog part of the site are very strict. +Since we want to use this website mainly (ideally only) for documentation purposes, we need a separate marketing page (more on that in <>). As far as maintenance goes, +we mostly need to maintain our custom build scripts. Everything else is very much automated. From f73bf64da448df8eafba98b0fae04dc0fbeb4d83 Mon Sep 17 00:00:00 2001 From: Daniel Patanin Date: Tue, 29 Sep 2020 11:32:18 +0200 Subject: [PATCH 149/235] Add adr for proposing an one-pager This adr sums up roughly what was proposed and should be looked over very good. --- docs/adr/adr_0005.adoc | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 docs/adr/adr_0005.adoc diff --git a/docs/adr/adr_0005.adoc b/docs/adr/adr_0005.adoc new file mode 100644 index 00000000..94ca4a2b --- /dev/null +++ b/docs/adr/adr_0005.adoc @@ -0,0 +1,41 @@ +[[ADR-0000]] += ADR-0005: Buying separate marketing oriented webpage + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== +| Status +| PROPOSED + +| Date +| 2020-09-29 + +| Author(s) +| Daniel Patanin daniel.patanin@iteratec.com +|==== + +== Context + +As our requirements about our homepage changed we no longer just want to give a simple overview about our project on our landing page as we did with our GatsbyJS based website, +but furthermore we require a marketing oriented webpage additionally to our documentation site (for more on that see <>). This marketing page should satisfy following aspects: + +- Modern, ideally timeless, design +- Overview about the secureCodeBox +- Display of our project's advantages +- Offer for service (prizing) +- Encouragement for contacting us +- Encouragement for contributing + +== Decision + +Since there is no arguable reason to build such a one-pager ourselves, we should buy a ready to go solution for us. We are not aiming to invest extensive time neither in building such a page, +nor in gaining the desired design and marketing expertise, and also not hiring experts on this field (all this would actually be more expensive and time consuming than buying a site). +Some stores for such pages are: + +- https://www.templatemonster.com/ +- https://onepagelove.com/templates +- https://themeforest.net/tags/onepage + +== Consequences + +If we want to change the style or design someday, we probably could not reuse the bought template if it is not a minor change, thus would need to buy another template. +We also would have to orient the presentation of the secureCodeBox around the template we decide on, but nowadays we have a ginormous variety to choose from. From 493f77e5cc14c306231f99192757d1018a74a09c Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 29 Sep 2020 11:33:58 +0200 Subject: [PATCH 150/235] Fix copy of crds folder --- .github/workflows/helm-charts.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml index 2c757f03..0d225a2e 100644 --- a/.github/workflows/helm-charts.yaml +++ b/.github/workflows/helm-charts.yaml @@ -11,7 +11,7 @@ jobs: - name: "Install yq" run: | sudo snap install yq - - name: Parse Tag + - name: Parse Tag run: echo ::set-env name=RELEASE_VERSION::${GITHUB_REF#refs/*/} - name: "Publish Helm3 Charts" env: @@ -45,8 +45,9 @@ jobs: cd "${dir}" || exit mv Chart.yaml helm3.Chart.yaml mv helm2.Chart.yaml Chart.yaml - if [ ${dir} = "operator" ] + if [ "$(basename "$PWD")" = "operator" ] then + echo "Copying CRDS to templates folder, as helm2 doesn't have native crds support." cp -R crds templates/crds fi echo "Restoring Helm2 Chart and replace Helm3 Chart temporary" @@ -57,4 +58,4 @@ jobs: NAME=$(yq read - name < Chart.yaml) curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts" ) - done \ No newline at end of file + done From 18ed2b10e3e1dda47ae7d15f9d3fe2a8ebfc5c1b Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 29 Sep 2020 15:12:35 +0200 Subject: [PATCH 151/235] Added Helm2 Chart version additional to helm3 for all demo apps. --- demo-apps/bodgeit/helm2.Chart.yaml | 18 ++++++++++++++ demo-apps/dummy-ssh/helm2.Chart.yaml | 16 +++++++++++++ demo-apps/juice-shop/helm2.Chart.yaml | 26 +++++++++++++++++++++ demo-apps/old-wordpress/helm2.Chart.yaml | 17 ++++++++++++++ demo-apps/swagger-petstore/helm2.Chart.yaml | 17 ++++++++++++++ 5 files changed, 94 insertions(+) create mode 100644 demo-apps/bodgeit/helm2.Chart.yaml create mode 100644 demo-apps/dummy-ssh/helm2.Chart.yaml create mode 100644 demo-apps/juice-shop/helm2.Chart.yaml create mode 100644 demo-apps/old-wordpress/helm2.Chart.yaml create mode 100644 demo-apps/swagger-petstore/helm2.Chart.yaml diff --git a/demo-apps/bodgeit/helm2.Chart.yaml b/demo-apps/bodgeit/helm2.Chart.yaml new file mode 100644 index 00000000..c3f395b5 --- /dev/null +++ b/demo-apps/bodgeit/helm2.Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +version: latest +type: application +appVersion: "v1.4.0" +name: bodgeit +description: "The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing" +home: https://github.com/psiinon/bodgeit +icon: https://scb-art.j12934.now.sh/bodgeit.png +keywords: + - vulnerable + - webapp + - demo +sources: + - https://github.com/secureCodeBox/helm + - https://github.com/psiinon/bodgeit +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/dummy-ssh/helm2.Chart.yaml b/demo-apps/dummy-ssh/helm2.Chart.yaml new file mode 100644 index 00000000..778b4258 --- /dev/null +++ b/demo-apps/dummy-ssh/helm2.Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +version: latest +type: application +appVersion: "v1.0.0" +name: dummy-ssh +description: "SSH Server for scan testing." +home: https://wordpress.org +icon: https://www.securecodebox.io/integrationIcons/SSH.svg +keywords: + - vulnerable + - ssh +sources: + - https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/dummy-ssh +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/juice-shop/helm2.Chart.yaml b/demo-apps/juice-shop/helm2.Chart.yaml new file mode 100644 index 00000000..a18c5350 --- /dev/null +++ b/demo-apps/juice-shop/helm2.Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +version: latest +appVersion: "v12.0.2" +name: juice-shop +description: "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application" +type: application +home: https://owasp.org/www-project-juice-shop/ +icon: https://raw.githubusercontent.com/bkimminich/juice-shop/bdbcc0ea4484a2dd6b8ca243daa34c882129cdd4/frontend/src/assets/public/images/JuiceShop_Logo_400px.png +keywords: + - owasp + - javascript + - vulnerable + - hacking + - application-security + - owasp-top-10 + - owasp-top-ten + - pentesting + - vulnapp + - appsec + - ctf +sources: + - https://github.com/secureCodeBox/helm + - https://github.com/bkimminich/juice-shop +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/old-wordpress/helm2.Chart.yaml b/demo-apps/old-wordpress/helm2.Chart.yaml new file mode 100644 index 00000000..f8bd97f5 --- /dev/null +++ b/demo-apps/old-wordpress/helm2.Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +version: latest +appVersion: "4.0" +name: old-wordpress +description: "Insecure & Outdated Wordpress Instance: Never expose it to the internet!" +type: application +home: https://wordpress.org +icon: https://s.w.org/style/images/about/WordPress-logotype-alternative.png +keywords: + - vulnerable + - wordpress +sources: + - https://github.com/secureCodeBox/helm + - https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/old-wordpress +maintainers: + - name: iteratec GmbH + email: security@iteratec.com diff --git a/demo-apps/swagger-petstore/helm2.Chart.yaml b/demo-apps/swagger-petstore/helm2.Chart.yaml new file mode 100644 index 00000000..7c25ccb8 --- /dev/null +++ b/demo-apps/swagger-petstore/helm2.Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +version: latest +appVersion: "1.0.3" +name: swagger-petstore +description: "This is the sample petstore application" +type: application +home: https://github.com/swagger-api/swagger-petstore +icon: https://static1.smartbear.co/swagger/media/assets/images/swagger_logo.svg +keywords: + - swagger + - openapi +sources: + - https://github.com/secureCodeBox/helm + - https://github.com/swagger-api/swagger-petstore +maintainers: + - name: iteratec GmbH + email: security@iteratec.com From 0e33d6e0fe2171fc1aecd76d39f77a6ce236a459 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 29 Sep 2020 16:01:06 +0200 Subject: [PATCH 152/235] Correct Istio AutoInject Flag to a Annotation --- .../controllers/execution/scans/hook_reconciler.go | 4 +--- .../controllers/execution/scans/parse_reconciler.go | 4 +--- .../controllers/execution/scans/scan_reconciler.go | 12 ++---------- 3 files changed, 4 insertions(+), 16 deletions(-) diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index 7dcbb231..899a9eb7 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -375,9 +375,7 @@ func (r *ScanReconciler) createJobForHook(hook *executionv1.ScanCompletionHook, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ "auto-discovery.experimental.securecodebox.io/ignore": "true", - }, - Labels: map[string]string{ - "sidecar.istio.io/inject": "false", + "sidecar.istio.io/inject": "false", }, }, Spec: corev1.PodSpec{ diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index 0d99dcbd..7323c234 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -93,9 +93,7 @@ func (r *ScanReconciler) startParser(scan *executionv1.Scan) error { ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ "auto-discovery.experimental.securecodebox.io/ignore": "true", - }, - Labels: map[string]string{ - "sidecar.istio.io/inject": "false", + "sidecar.istio.io/inject": "false", }, }, Spec: corev1.PodSpec{ diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 6eca8c14..295f2afd 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -172,6 +172,8 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e podAnnotations = make(map[string]string) } podAnnotations["experimental.securecodebox.io/job-type"] = "scanner" + // Ensuring that istio doesn't inject a sidecar proxy. + podAnnotations["sidecar.istio.io/inject"] = "true" job.Spec.Template.Annotations = podAnnotations job.Spec.Template.Spec.ServiceAccountName = "lurcher" @@ -187,16 +189,6 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e }, }) - // Ensuring that istio doesn't inject a sidecar proxy. - // This currently messes with - if job.Spec.Template.ObjectMeta.Labels != nil { - job.Spec.Template.ObjectMeta.Labels["sidecar.istio.io/inject"] = "true" - } else { - job.Spec.Template.ObjectMeta.Labels = map[string]string{ - "sidecar.istio.io/inject": "false", - } - } - // merging volume mounts (for the primary scanner container) from ScanType (if existing) with standard results volume mount if job.Spec.Template.Spec.Containers[0].VolumeMounts == nil || len(job.Spec.Template.Spec.Containers[0].VolumeMounts) == 0 { job.Spec.Template.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{} From 1943ffe1d6641fe029fc892fac7038491cc2149d Mon Sep 17 00:00:00 2001 From: Daniel Patanin <44839597+dpatanin@users.noreply.github.com> Date: Tue, 29 Sep 2020 16:12:51 +0200 Subject: [PATCH 153/235] Update references - Add reference to superseded adr - Remove chronologically incorrect reference --- docs/adr/adr_0004.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/adr/adr_0004.adoc b/docs/adr/adr_0004.adoc index 08bc5c83..940a6b53 100644 --- a/docs/adr/adr_0004.adoc +++ b/docs/adr/adr_0004.adoc @@ -5,7 +5,7 @@ |==== | Status -| ACCEPTED +| ACCEPTED | SUPERSEDES <> | Date | 2020-09-29 @@ -37,5 +37,5 @@ by Docusaurus itself. As simple and easy it sounds, so it is, meaning that since the build is automated to a very big degree, we are 'forced' to follow Docusaurus' exact guidelines and mechanics. For now they are almost identical to what we require. And of course we can build custom components and custom pages, but the documentation and blog part of the site are very strict. -Since we want to use this website mainly (ideally only) for documentation purposes, we need a separate marketing page (more on that in <>). As far as maintenance goes, +Since we want to use this website mainly (ideally only) for documentation purposes, we need a separate marketing page. As far as maintenance goes, we mostly need to maintain our custom build scripts. Everything else is very much automated. From 69b6bfd42c37c31526b371dde71f43192db8cfc9 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 29 Sep 2020 16:21:39 +0200 Subject: [PATCH 154/235] Acutally set istio inject to false --- operator/controllers/execution/scans/scan_reconciler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 295f2afd..71bddf9a 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -173,7 +173,7 @@ func (r *ScanReconciler) constructJobForScan(scan *executionv1.Scan, scanType *e } podAnnotations["experimental.securecodebox.io/job-type"] = "scanner" // Ensuring that istio doesn't inject a sidecar proxy. - podAnnotations["sidecar.istio.io/inject"] = "true" + podAnnotations["sidecar.istio.io/inject"] = "false" job.Spec.Template.Annotations = podAnnotations job.Spec.Template.Spec.ServiceAccountName = "lurcher" From 58ea60ed7b787e5dc26225a818155d988f329c24 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 29 Sep 2020 18:57:25 +0200 Subject: [PATCH 155/235] Bugfixed HelmChart icons and contact details. --- scanners/amass/Chart.yaml | 8 ++++---- scanners/amass/helm2.Chart.yaml | 8 ++++---- scanners/kube-hunter/Chart.yaml | 9 +++++---- scanners/kube-hunter/helm2.Chart.yaml | 8 ++++---- scanners/ncrack/Chart.yaml | 8 ++++---- scanners/ncrack/helm2.Chart.yaml | 8 ++++---- scanners/nikto/Chart.yaml | 8 ++++---- scanners/nikto/helm2.Chart.yaml | 8 ++++---- scanners/nmap/Chart.yaml | 8 ++++---- scanners/nmap/helm2.Chart.yaml | 8 ++++---- scanners/ssh_scan/Chart.yaml | 8 ++++---- scanners/ssh_scan/helm2.Chart.yaml | 8 ++++---- scanners/sslyze/Chart.yaml | 8 ++++---- scanners/sslyze/helm2.Chart.yaml | 8 ++++---- scanners/trivy/Chart.yaml | 8 ++++---- scanners/trivy/helm2.Chart.yaml | 8 ++++---- scanners/wpscan/Chart.yaml | 8 ++++---- scanners/wpscan/helm2.Chart.yaml | 8 ++++---- scanners/zap/Chart.yaml | 8 ++++---- scanners/zap/helm2.Chart.yaml | 8 ++++---- 20 files changed, 81 insertions(+), 80 deletions(-) diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 0bb5a0cd..2c8f4c2c 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -12,10 +12,10 @@ keywords: - amass - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/amass -icon: https://www.securecodebox.io/scannerIcons/Amass.svg +home: https://docs.securecodebox.io/docs/scanners/Amass +icon: https://docs.securecodebox.io/img/integrationIcons/Amass.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/amass/helm2.Chart.yaml b/scanners/amass/helm2.Chart.yaml index 2653ba04..1e200bd2 100644 --- a/scanners/amass/helm2.Chart.yaml +++ b/scanners/amass/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - amass - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/amass -icon: https://www.securecodebox.io/scannerIcons/Amass.svg +home: https://docs.securecodebox.io/docs/scanners/Amass +icon: https://docs.securecodebox.io/img/integrationIcons/Amass.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml index facdf8f6..e4074db7 100644 --- a/scanners/kube-hunter/Chart.yaml +++ b/scanners/kube-hunter/Chart.yaml @@ -12,10 +12,11 @@ keywords: - kube-hunter - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/kube-hunter -icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg +home: https://docs.securecodebox.io/docs/scanners/kube-hunter +icon: https://docs.securecodebox.io/img/integrationIcons/kube-hunter.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com + diff --git a/scanners/kube-hunter/helm2.Chart.yaml b/scanners/kube-hunter/helm2.Chart.yaml index 69fc6601..e519e1dd 100644 --- a/scanners/kube-hunter/helm2.Chart.yaml +++ b/scanners/kube-hunter/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - kube-hunter - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/kube-hunter -icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg +home: https://docs.securecodebox.io/docs/scanners/kube-hunter +icon: https://docs.securecodebox.io/img/integrationIcons/kube-hunter.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/ncrack/Chart.yaml b/scanners/ncrack/Chart.yaml index 61ccd633..f7b32b49 100644 --- a/scanners/ncrack/Chart.yaml +++ b/scanners/ncrack/Chart.yaml @@ -12,10 +12,10 @@ keywords: - ncrack - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/ncrack -icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg +home: https://docs.securecodebox.io/docs/scanners/Ncrack +icon: https://docs.securecodebox.io/img/integrationIcons/Ncrack.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/ncrack/helm2.Chart.yaml b/scanners/ncrack/helm2.Chart.yaml index 98116391..9df71946 100644 --- a/scanners/ncrack/helm2.Chart.yaml +++ b/scanners/ncrack/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - ncrack - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/ncrack -icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg +home: https://docs.securecodebox.io/docs/scanners/Ncrack +icon: https://docs.securecodebox.io/img/integrationIcons/Ncrack.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/nikto/Chart.yaml b/scanners/nikto/Chart.yaml index 80a2d6d5..aa22befb 100644 --- a/scanners/nikto/Chart.yaml +++ b/scanners/nikto/Chart.yaml @@ -13,10 +13,10 @@ keywords: - nikto - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/nikto -icon: https://www.securecodebox.io/scannerIcons/Nikto.svg +home: https://docs.securecodebox.io/docs/scanners/Nikto +icon: https://docs.securecodebox.io/img/integrationIcons/Nikto.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/nikto/helm2.Chart.yaml b/scanners/nikto/helm2.Chart.yaml index 23c9ddd5..860f7a83 100644 --- a/scanners/nikto/helm2.Chart.yaml +++ b/scanners/nikto/helm2.Chart.yaml @@ -13,10 +13,10 @@ keywords: - nikto - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/nikto -icon: https://www.securecodebox.io/scannerIcons/Nikto.svg +home: https://docs.securecodebox.io/docs/scanners/Nikto +icon: https://docs.securecodebox.io/img/integrationIcons/Nikto.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/nmap/Chart.yaml b/scanners/nmap/Chart.yaml index 3269630f..a5fd3715 100644 --- a/scanners/nmap/Chart.yaml +++ b/scanners/nmap/Chart.yaml @@ -12,10 +12,10 @@ keywords: - nmap - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/nmap -icon: https://www.securecodebox.io/scannerIcons/Nmap.svg +home: https://docs.securecodebox.io/docs/scanners/Nmap +icon: https://docs.securecodebox.io/img/integrationIcons/Nmap.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/nmap/helm2.Chart.yaml b/scanners/nmap/helm2.Chart.yaml index e0cb91ea..af5016d4 100644 --- a/scanners/nmap/helm2.Chart.yaml +++ b/scanners/nmap/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - nmap - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/nmap -icon: https://www.securecodebox.io/scannerIcons/Nmap.svg +home: https://docs.securecodebox.io/docs/scanners/Nmap +icon: https://docs.securecodebox.io/img/integrationIcons/Nmap.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/ssh_scan/Chart.yaml b/scanners/ssh_scan/Chart.yaml index 71925b79..76f15a77 100644 --- a/scanners/ssh_scan/Chart.yaml +++ b/scanners/ssh_scan/Chart.yaml @@ -12,10 +12,10 @@ keywords: - ssh - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/ssh -icon: https://www.securecodebox.io/scannerIcons/SSH.svg +home: https://docs.securecodebox.io/docs/scanners/SSH +icon: https://docs.securecodebox.io/img/integrationIcons/SSH.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/ssh_scan/helm2.Chart.yaml b/scanners/ssh_scan/helm2.Chart.yaml index 32e6e2b7..bd454522 100644 --- a/scanners/ssh_scan/helm2.Chart.yaml +++ b/scanners/ssh_scan/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - ssh - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/ssh -icon: https://www.securecodebox.io/scannerIcons/SSH.svg +home: https://docs.securecodebox.io/docs/scanners/SSH +icon: https://docs.securecodebox.io/img/integrationIcons/SSH.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml index a7625208..b66094f5 100644 --- a/scanners/sslyze/Chart.yaml +++ b/scanners/sslyze/Chart.yaml @@ -12,10 +12,10 @@ keywords: - ssl - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/sslyze -icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg +home: https://docs.securecodebox.io/docs/scanners/SSLyze +icon: https://docs.securecodebox.io/img/integrationIcons/SSLyze.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/sslyze/helm2.Chart.yaml b/scanners/sslyze/helm2.Chart.yaml index 95cf7a69..71949ce2 100644 --- a/scanners/sslyze/helm2.Chart.yaml +++ b/scanners/sslyze/helm2.Chart.yaml @@ -12,10 +12,10 @@ keywords: - ssl - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/sslyze -icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg +home: https://docs.securecodebox.io/docs/scanners/SSLyze +icon: https://docs.securecodebox.io/img/integrationIcons/SSLyze.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index d96f7d29..c60f2172 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -13,10 +13,10 @@ keywords: - image-scanning - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/trivy -icon: https://github.com/aquasecurity/trivy/blob/master/imgs/logo.png +home: https://docs.securecodebox.io/docs/scanners/Trivy +icon: https://docs.securecodebox.io/img/integrationIcons/Trivy.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/trivy/helm2.Chart.yaml b/scanners/trivy/helm2.Chart.yaml index d8c4d8d0..bbeb3b23 100644 --- a/scanners/trivy/helm2.Chart.yaml +++ b/scanners/trivy/helm2.Chart.yaml @@ -13,10 +13,10 @@ keywords: - image-scanning - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/trivy -icon: https://github.com/aquasecurity/trivy/blob/master/imgs/logo.png +home: https://docs.securecodebox.io/docs/scanners/Trivy +icon: https://docs.securecodebox.io/img/integrationIcons/Trivy.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index 60ae4400..1bfc86ce 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -13,10 +13,10 @@ keywords: - wordpress - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/wpscan -icon: https://www.securecodebox.io/scannerIcons/WPScan.svg +home: https://docs.securecodebox.io/docs/scanners/WPScan +icon: https://docs.securecodebox.io/img/integrationIcons/WPScan.svg sources: - - https://github.com/secureCodeBox/scanner-infrastructure-wpscan + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml index c76e339e..70fb107b 100644 --- a/scanners/wpscan/helm2.Chart.yaml +++ b/scanners/wpscan/helm2.Chart.yaml @@ -13,10 +13,10 @@ keywords: - wordpress - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/wpscan -icon: https://www.securecodebox.io/scannerIcons/WPScan.svg +home: https://docs.securecodebox.io/docs/scanners/WPScan +icon: https://docs.securecodebox.io/img/integrationIcons/WPScan.svg sources: - - https://github.com/secureCodeBox/scanner-infrastructure-wpscan + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index 599d6e95..d7fc23b5 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -13,10 +13,10 @@ keywords: - OWASP - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/zap -icon: https://www.securecodebox.io/scannerIcons/ZAP.svg +home: https://docs.securecodebox.io/docs/scanners/ZAP +icon: https://docs.securecodebox.io/img/integrationIcons/ZAP.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com diff --git a/scanners/zap/helm2.Chart.yaml b/scanners/zap/helm2.Chart.yaml index d3e24d33..43088b64 100644 --- a/scanners/zap/helm2.Chart.yaml +++ b/scanners/zap/helm2.Chart.yaml @@ -13,10 +13,10 @@ keywords: - OWASP - scanner - secureCodeBox -home: https://www.securecodebox.io/scanners/zap -icon: https://www.securecodebox.io/scannerIcons/ZAP.svg +home: https://docs.securecodebox.io/docs/scanners/ZAP +icon: https://docs.securecodebox.io/img/integrationIcons/ZAP.svg sources: - - https://github.com/secureCodeBox/secureCodeBox + - https://github.com/secureCodeBox/secureCodeBox-v2 maintainers: - name: iteratec GmbH - email: security@iteratec.com + email: secureCodeBox@iteratec.com From 88725bb2a39a12179b38ecfa4244798c8793e823 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 29 Sep 2020 21:23:41 +0200 Subject: [PATCH 156/235] Added a minimum kubernetes version requirement to each helmchart. --- hooks/declarative-subsequent-scans/Chart.yaml | 1 + .../helm2.Chart.yaml | 3 ++- hooks/generic-webhook/Chart.yaml | 1 + hooks/generic-webhook/helm2.Chart.yaml | 3 ++- hooks/imperative-subsequent-scans/Chart.yaml | 1 + .../helm2.Chart.yaml | 3 ++- hooks/persistence-elastic/Chart.yaml | 2 +- hooks/persistence-elastic/helm2.Chart.yaml | 4 ++-- hooks/update-field/Chart.yaml | 1 + hooks/update-field/helm2.Chart.yaml | 3 ++- operator/Chart.yaml | 13 ++++++++++++ operator/helm2.Chart.yaml | 21 ++++++++++++++++++- scanners/amass/Chart.yaml | 1 + scanners/amass/helm2.Chart.yaml | 1 + scanners/kube-hunter/Chart.yaml | 1 + scanners/kube-hunter/helm2.Chart.yaml | 1 + scanners/ncrack/Chart.yaml | 1 + scanners/ncrack/helm2.Chart.yaml | 1 + scanners/nikto/Chart.yaml | 1 + scanners/nikto/helm2.Chart.yaml | 1 + scanners/nmap/Chart.yaml | 1 + scanners/nmap/helm2.Chart.yaml | 1 + scanners/ssh_scan/Chart.yaml | 1 + scanners/ssh_scan/helm2.Chart.yaml | 1 + scanners/sslyze/Chart.yaml | 1 + scanners/sslyze/helm2.Chart.yaml | 1 + scanners/trivy/Chart.yaml | 1 + scanners/trivy/helm2.Chart.yaml | 1 + scanners/wpscan/Chart.yaml | 1 + scanners/wpscan/helm2.Chart.yaml | 1 + scanners/zap/Chart.yaml | 1 + scanners/zap/helm2.Chart.yaml | 1 + 32 files changed, 68 insertions(+), 8 deletions(-) diff --git a/hooks/declarative-subsequent-scans/Chart.yaml b/hooks/declarative-subsequent-scans/Chart.yaml index fdc20d99..f3bd0dc3 100644 --- a/hooks/declarative-subsequent-scans/Chart.yaml +++ b/hooks/declarative-subsequent-scans/Chart.yaml @@ -6,5 +6,6 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest +kubeVersion: ">=v1.11.0" dependencies: [] diff --git a/hooks/declarative-subsequent-scans/helm2.Chart.yaml b/hooks/declarative-subsequent-scans/helm2.Chart.yaml index 7a26e4fe..88c5babf 100644 --- a/hooks/declarative-subsequent-scans/helm2.Chart.yaml +++ b/hooks/declarative-subsequent-scans/helm2.Chart.yaml @@ -5,4 +5,5 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: latest \ No newline at end of file +version: latest +kubeVersion: ">=v1.11.0" \ No newline at end of file diff --git a/hooks/generic-webhook/Chart.yaml b/hooks/generic-webhook/Chart.yaml index 3b494501..30b67881 100644 --- a/hooks/generic-webhook/Chart.yaml +++ b/hooks/generic-webhook/Chart.yaml @@ -6,5 +6,6 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest +kubeVersion: ">=v1.11.0" dependencies: [] diff --git a/hooks/generic-webhook/helm2.Chart.yaml b/hooks/generic-webhook/helm2.Chart.yaml index c48efb7e..526d6785 100644 --- a/hooks/generic-webhook/helm2.Chart.yaml +++ b/hooks/generic-webhook/helm2.Chart.yaml @@ -5,4 +5,5 @@ description: Lets you send http webhooks after scans are completed type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: latest \ No newline at end of file +version: latest +kubeVersion: ">=v1.11.0" \ No newline at end of file diff --git a/hooks/imperative-subsequent-scans/Chart.yaml b/hooks/imperative-subsequent-scans/Chart.yaml index 024265e8..a321cdb0 100644 --- a/hooks/imperative-subsequent-scans/Chart.yaml +++ b/hooks/imperative-subsequent-scans/Chart.yaml @@ -6,5 +6,6 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest +kubeVersion: ">=v1.11.0" dependencies: [] diff --git a/hooks/imperative-subsequent-scans/helm2.Chart.yaml b/hooks/imperative-subsequent-scans/helm2.Chart.yaml index 8b7d6cb3..0710481f 100644 --- a/hooks/imperative-subsequent-scans/helm2.Chart.yaml +++ b/hooks/imperative-subsequent-scans/helm2.Chart.yaml @@ -5,4 +5,5 @@ description: Starts possible subsequent security scans based on findings (e.g. o type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: latest \ No newline at end of file +version: latest +kubeVersion: ">=v1.11.0" \ No newline at end of file diff --git a/hooks/persistence-elastic/Chart.yaml b/hooks/persistence-elastic/Chart.yaml index 52216b01..e5f71a25 100644 --- a/hooks/persistence-elastic/Chart.yaml +++ b/hooks/persistence-elastic/Chart.yaml @@ -6,8 +6,8 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest - appVersion: 7.6.1 +kubeVersion: ">=v1.11.0" dependencies: - name: elasticsearch diff --git a/hooks/persistence-elastic/helm2.Chart.yaml b/hooks/persistence-elastic/helm2.Chart.yaml index 9b4c102e..f84938d0 100644 --- a/hooks/persistence-elastic/helm2.Chart.yaml +++ b/hooks/persistence-elastic/helm2.Chart.yaml @@ -6,5 +6,5 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest - -appVersion: 7.6.1 \ No newline at end of file +appVersion: 7.6.1 +kubeVersion: ">=v1.11.0" \ No newline at end of file diff --git a/hooks/update-field/Chart.yaml b/hooks/update-field/Chart.yaml index 7d4fbc9f..89401637 100644 --- a/hooks/update-field/Chart.yaml +++ b/hooks/update-field/Chart.yaml @@ -6,5 +6,6 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest +kubeVersion: ">=v1.11.0" dependencies: [] diff --git a/hooks/update-field/helm2.Chart.yaml b/hooks/update-field/helm2.Chart.yaml index 18476835..ddcaec8b 100644 --- a/hooks/update-field/helm2.Chart.yaml +++ b/hooks/update-field/helm2.Chart.yaml @@ -5,4 +5,5 @@ description: Lets you add or override a field to every finding type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: latest \ No newline at end of file +version: latest +kubeVersion: ">=v1.11.0" \ No newline at end of file diff --git a/operator/Chart.yaml b/operator/Chart.yaml index 7b436ba3..662939a6 100644 --- a/operator/Chart.yaml +++ b/operator/Chart.yaml @@ -6,6 +6,19 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest +kubeVersion: ">=v1.11.0" + +keywords: + - security + - secureCodeBox + - operator +home: https://docs.securecodebox.io/docs/getting-started/installation +icon: https://docs.securecodebox.io/img/Logo%20Color.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox-v2 +maintainers: + - name: iteratec GmbH + email: secureCodeBox@iteratec.com dependencies: - name: minio diff --git a/operator/helm2.Chart.yaml b/operator/helm2.Chart.yaml index 85d698a8..6748cf00 100644 --- a/operator/helm2.Chart.yaml +++ b/operator/helm2.Chart.yaml @@ -5,4 +5,23 @@ description: secureCodeBox Operator to automate the execution of security scans type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published -version: latest \ No newline at end of file +version: latest +kubeVersion: ">=v1.11.0" + +keywords: + - security + - secureCodeBox + - operator +home: https://docs.securecodebox.io/docs/getting-started/installation +icon: https://docs.securecodebox.io/img/Logo%20Color.svg +sources: + - https://github.com/secureCodeBox/secureCodeBox-v2 +maintainers: + - name: iteratec GmbH + email: secureCodeBox@iteratec.com + +dependencies: + - name: minio + version: 5.0.19 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: minio.enabled diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 2c8f4c2c..b2cbc9a2 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 3.10.3 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/amass/helm2.Chart.yaml b/scanners/amass/helm2.Chart.yaml index 1e200bd2..b1cc68da 100644 --- a/scanners/amass/helm2.Chart.yaml +++ b/scanners/amass/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 3.10.3 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml index e4074db7..0618ecb8 100644 --- a/scanners/kube-hunter/Chart.yaml +++ b/scanners/kube-hunter/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v0.3.0 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/kube-hunter/helm2.Chart.yaml b/scanners/kube-hunter/helm2.Chart.yaml index e519e1dd..aad800a8 100644 --- a/scanners/kube-hunter/helm2.Chart.yaml +++ b/scanners/kube-hunter/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v0.3.0 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/ncrack/Chart.yaml b/scanners/ncrack/Chart.yaml index f7b32b49..fc0d650c 100644 --- a/scanners/ncrack/Chart.yaml +++ b/scanners/ncrack/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 0.7 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/ncrack/helm2.Chart.yaml b/scanners/ncrack/helm2.Chart.yaml index 9df71946..bb7feee3 100644 --- a/scanners/ncrack/helm2.Chart.yaml +++ b/scanners/ncrack/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 0.7 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/nikto/Chart.yaml b/scanners/nikto/Chart.yaml index aa22befb..c2e02503 100644 --- a/scanners/nikto/Chart.yaml +++ b/scanners/nikto/Chart.yaml @@ -7,6 +7,7 @@ type: application version: latest # appVersion - Nikto doesn't really version its releases appVersion: latest +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/nikto/helm2.Chart.yaml b/scanners/nikto/helm2.Chart.yaml index 860f7a83..627a3921 100644 --- a/scanners/nikto/helm2.Chart.yaml +++ b/scanners/nikto/helm2.Chart.yaml @@ -7,6 +7,7 @@ type: application version: latest # appVersion - Nikto doesn't really version its releases appVersion: latest +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/nmap/Chart.yaml b/scanners/nmap/Chart.yaml index a5fd3715..bf4d292d 100644 --- a/scanners/nmap/Chart.yaml +++ b/scanners/nmap/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 7.80-r2 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/nmap/helm2.Chart.yaml b/scanners/nmap/helm2.Chart.yaml index af5016d4..2f776b29 100644 --- a/scanners/nmap/helm2.Chart.yaml +++ b/scanners/nmap/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: 7.80-r2 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/ssh_scan/Chart.yaml b/scanners/ssh_scan/Chart.yaml index 76f15a77..147df645 100644 --- a/scanners/ssh_scan/Chart.yaml +++ b/scanners/ssh_scan/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: "0.0.43" +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/ssh_scan/helm2.Chart.yaml b/scanners/ssh_scan/helm2.Chart.yaml index bd454522..8ce88cf9 100644 --- a/scanners/ssh_scan/helm2.Chart.yaml +++ b/scanners/ssh_scan/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: "0.0.43" +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml index b66094f5..9590a6e4 100644 --- a/scanners/sslyze/Chart.yaml +++ b/scanners/sslyze/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v3.0.6 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/sslyze/helm2.Chart.yaml b/scanners/sslyze/helm2.Chart.yaml index 71949ce2..93ff499a 100644 --- a/scanners/sslyze/helm2.Chart.yaml +++ b/scanners/sslyze/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v3.0.6 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index c60f2172..2a4636b6 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v0.6.0 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/trivy/helm2.Chart.yaml b/scanners/trivy/helm2.Chart.yaml index bbeb3b23..1feef887 100644 --- a/scanners/trivy/helm2.Chart.yaml +++ b/scanners/trivy/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v0.6.0 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index 1bfc86ce..a2ae8fe9 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: latest +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml index 70fb107b..d966a4b0 100644 --- a/scanners/wpscan/helm2.Chart.yaml +++ b/scanners/wpscan/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: latest +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index d7fc23b5..3b954b42 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v2.9.0 +kubeVersion: ">=v1.11.0" keywords: - security diff --git a/scanners/zap/helm2.Chart.yaml b/scanners/zap/helm2.Chart.yaml index 43088b64..ef378038 100644 --- a/scanners/zap/helm2.Chart.yaml +++ b/scanners/zap/helm2.Chart.yaml @@ -6,6 +6,7 @@ type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: latest appVersion: v2.9.0 +kubeVersion: ">=v1.11.0" keywords: - security From 4231095984d29ec9b65882da442c4eeb2626e17d Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 29 Sep 2020 21:24:55 +0200 Subject: [PATCH 157/235] Added a HelmChart value documentation to each readme based on a template feature. --- hooks/declarative-subsequent-scans/README.md | 13 +- .../README.md.gotmpl | 120 ++++++++++++++ .../declarative-subsequent-scans/values.yaml | 4 +- hooks/generic-webhook/README.md | 12 +- hooks/generic-webhook/README.md.gotmpl | 23 +++ hooks/generic-webhook/values.yaml | 5 +- hooks/imperative-subsequent-scans/README.md | 22 ++- .../README.md.gotmpl | 21 +++ hooks/imperative-subsequent-scans/values.yaml | 22 +-- hooks/persistence-elastic/README.md | 63 ++++---- hooks/persistence-elastic/README.md.gotmpl | 28 ++++ hooks/persistence-elastic/values.yaml | 24 ++- hooks/update-field/README.md | 13 +- hooks/update-field/README.md.gotmpl | 24 +++ hooks/update-field/values.yaml | 6 +- operator/README.md | 42 +++++ operator/README.md.gotmpl | 23 +++ operator/values.yaml | 14 +- scanners/amass/README.md | 17 +- scanners/amass/README.md.gotmpl | 45 ++++++ scanners/amass/values.yaml | 20 ++- scanners/kube-hunter/README.md | 15 +- scanners/kube-hunter/README.md.gotmpl | 39 +++++ scanners/kube-hunter/values.yaml | 26 ++- scanners/ncrack/README.md | 96 ++++++++++- scanners/ncrack/README.md.gotmpl | 153 ++++++++++++++++++ scanners/ncrack/values.yaml | 24 ++- scanners/nikto/README.md | 15 +- scanners/nikto/README.md.gotmpl | 57 +++++++ scanners/nikto/values.yaml | 20 ++- scanners/nmap/README.md | 14 +- scanners/nmap/README.md.gotmpl | 47 ++++++ scanners/nmap/values.yaml | 20 ++- scanners/ssh_scan/README.md | 15 +- scanners/ssh_scan/README.md.gotmpl | 70 ++++++++ scanners/ssh_scan/values.yaml | 20 ++- scanners/sslyze/README.md | 15 +- scanners/sslyze/README.md.gotmpl | 137 ++++++++++++++++ scanners/sslyze/values.yaml | 20 ++- scanners/test-scan/values.yaml | 20 ++- scanners/trivy/README.md | 15 +- scanners/trivy/README.md.gotmpl | 39 +++++ scanners/trivy/values.yaml | 20 ++- scanners/wpscan/README.md | 15 +- scanners/wpscan/README.md.gotmpl | 77 +++++++++ scanners/wpscan/values.yaml | 20 ++- scanners/zap/README.md | 15 +- scanners/zap/README.md.gotmpl | 64 ++++++++ scanners/zap/values.yaml | 25 ++- 49 files changed, 1571 insertions(+), 103 deletions(-) create mode 100644 hooks/declarative-subsequent-scans/README.md.gotmpl create mode 100644 hooks/generic-webhook/README.md.gotmpl create mode 100644 hooks/imperative-subsequent-scans/README.md.gotmpl create mode 100644 hooks/persistence-elastic/README.md.gotmpl create mode 100644 hooks/update-field/README.md.gotmpl create mode 100644 operator/README.md create mode 100644 operator/README.md.gotmpl create mode 100644 scanners/amass/README.md.gotmpl create mode 100644 scanners/kube-hunter/README.md.gotmpl create mode 100644 scanners/ncrack/README.md.gotmpl create mode 100644 scanners/nikto/README.md.gotmpl create mode 100644 scanners/nmap/README.md.gotmpl create mode 100644 scanners/ssh_scan/README.md.gotmpl create mode 100644 scanners/sslyze/README.md.gotmpl create mode 100644 scanners/trivy/README.md.gotmpl create mode 100644 scanners/wpscan/README.md.gotmpl create mode 100644 scanners/zap/README.md.gotmpl diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index dd875b57..fcdec3df 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -11,7 +11,7 @@ usecase: "Cascading Scans based declarative Rules." ## Deployment -Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. +Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. ```bash helm upgrade --install dssh ./hooks/declarative-subsequent-scans/ @@ -25,7 +25,7 @@ dssh ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:la ``` ## CascadingScan Rules -The CascadingRules are included directly in each helm chart of the individual scanners. +The CascadingRules are included directly in each helm chart of the individual scanners. ```bash # Check your CascadingRules @@ -113,4 +113,11 @@ pop3s-tls-scan sslyze non-invasive light smtps-tls-scan sslyze non-invasive light ssh-scan ssh-scan non-invasive light zap-http zap-baseline non-invasive medium -``` \ No newline at end of file +``` + +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/scbexperimental/hook-declarative-subsequent-scans"` | Hook image repository | +| image.tag | string | `nil` | | diff --git a/hooks/declarative-subsequent-scans/README.md.gotmpl b/hooks/declarative-subsequent-scans/README.md.gotmpl new file mode 100644 index 00000000..666e4bfb --- /dev/null +++ b/hooks/declarative-subsequent-scans/README.md.gotmpl @@ -0,0 +1,120 @@ +--- +title: "Cascading Scans" +path: "hooks/declarative-subsequent-scans" +category: "hook" +type: "processing" +state: "released" +usecase: "Cascading Scans based declarative Rules." +--- + + + +## Deployment + +Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. + +```bash +helm upgrade --install dssh ./hooks/declarative-subsequent-scans/ +``` + +### Verification +```bash +kubectl get ScanCompletionHooks +NAME TYPE IMAGE +dssh ReadOnly docker.io/scbexperimental/hook-declarative-subsequent-scans:latest +``` + +## CascadingScan Rules +The CascadingRules are included directly in each helm chart of the individual scanners. + +```bash +# Check your CascadingRules +kubectl get CascadingRules +NAME STARTS INVASIVENESS INTENSIVENESS +https-tls-scan sslyze non-invasive light +imaps-tls-scan sslyze non-invasive light +nikto-http nikto non-invasive medium +nmap-smb nmap non-invasive light +pop3s-tls-scan sslyze non-invasive light +smtps-tls-scan sslyze non-invasive light +ssh-scan ssh-scan non-invasive light +zap-http zap-baseline non-invasive medium +``` + +## Starting a cascading Scan +When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules. +This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one. + +### Example +```yaml +cat < ✍ This documentation is currently work-in-progress. \ No newline at end of file +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/scbexperimental/generic-webhook"` | Hook image repository | +| image.tag | string | `nil` | | +| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint | diff --git a/hooks/generic-webhook/README.md.gotmpl b/hooks/generic-webhook/README.md.gotmpl new file mode 100644 index 00000000..ecb28bf2 --- /dev/null +++ b/hooks/generic-webhook/README.md.gotmpl @@ -0,0 +1,23 @@ +--- +title: "Generic WebHook" +path: "hooks/generic-webhook" +category: "hook" +type: "integration" +state: "released" +usecase: "Publishes Scan Findings as WebHook." +--- + + + +## Deployment + +Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. + +```bash +helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target" +``` +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +{{ template "chart.valuesTable" . }} diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml index 1084e8f6..ccb90e85 100644 --- a/hooks/generic-webhook/values.yaml +++ b/hooks/generic-webhook/values.yaml @@ -2,9 +2,12 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# webhookUrl -- The URL of your WebHook endpoint webhookUrl: "http://example.com" image: + # image.repository -- Hook image repository repository: docker.io/scbexperimental/generic-webhook - # image.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null diff --git a/hooks/imperative-subsequent-scans/README.md b/hooks/imperative-subsequent-scans/README.md index c4b471fc..cb1a7e11 100644 --- a/hooks/imperative-subsequent-scans/README.md +++ b/hooks/imperative-subsequent-scans/README.md @@ -7,4 +7,24 @@ state: "roadmap" usecase: "Cascading Scans based imperative Rules." --- -> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. \ No newline at end of file +## Deployment + +Installing the imperative-subsequent-scans hook will add a ReadOnly Hook to your namespace. + +```bash +helm upgrade --install issh ./hooks/imperative-subsequent-scans/ +``` +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascade.amassNmap | bool | `false` | True if you want to cascade nmap scans for each subdomain found by amass, otherwise false. | +| cascade.nmapNikto | bool | `false` | True if you want to cascade Nikto scans for each HTTP Port found by nmap, otherwise false. | +| cascade.nmapSmb | bool | `false` | True if you want to cascade nmap SMB scans for each SMB Port found by nmap, otherwise false. | +| cascade.nmapSsh | bool | `false` | True if you want to cascade SSH scans for each SSH Port found by nmap, otherwise false. | +| cascade.nmapSsl | bool | `false` | True if you want to cascade SSL scans for each HTTP Port found by nmap, otherwise false. | +| cascade.nmapZapBaseline | bool | `false` | True if you want to cascade ZAP scans for each HTTP Port found by nmap, otherwise false. | +| image.repository | string | `"docker.io/scbexperimental/hook-imperative-subsequent-scans"` | Hook image repository | +| image.tag | string | `nil` | | diff --git a/hooks/imperative-subsequent-scans/README.md.gotmpl b/hooks/imperative-subsequent-scans/README.md.gotmpl new file mode 100644 index 00000000..68d2bac7 --- /dev/null +++ b/hooks/imperative-subsequent-scans/README.md.gotmpl @@ -0,0 +1,21 @@ +--- +title: "Imperative Scans" +path: "hooks/imperative-subsequent-scans" +category: "hook" +type: "integration" +state: "roadmap" +usecase: "Cascading Scans based imperative Rules." +--- + +## Deployment + +Installing the imperative-subsequent-scans hook will add a ReadOnly Hook to your namespace. + +```bash +helm upgrade --install issh ./hooks/imperative-subsequent-scans/ +``` +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +{{ template "chart.valuesTable" . }} diff --git a/hooks/imperative-subsequent-scans/values.yaml b/hooks/imperative-subsequent-scans/values.yaml index 2372d5d2..db9fbb37 100644 --- a/hooks/imperative-subsequent-scans/values.yaml +++ b/hooks/imperative-subsequent-scans/values.yaml @@ -3,20 +3,22 @@ # Declare variables to be passed into your templates. cascade: - # Cascade nmap scans for each subdomain found by amass - amassNmap: true - # Cascade nmap SMB scans for each SMB Port found by nmap + # cascade.amassNmap -- True if you want to cascade nmap scans for each subdomain found by amass, otherwise false. + amassNmap: false + # cascade.nmapSmb -- True if you want to cascade nmap SMB scans for each SMB Port found by nmap, otherwise false. nmapSmb: false - # Cascade SSH scans for each SSH Port found by nmap - nmapSsh: true - # Cascade SSL scans for each HTTP Port found by nmap - nmapSsl: true - # Cascade Nikto scans for each HTTP Port found by nmap + # cascade.nmapSsh -- True if you want to cascade SSH scans for each SSH Port found by nmap, otherwise false. + nmapSsh: false + # cascade.nmapSsl -- True if you want to cascade SSL scans for each HTTP Port found by nmap, otherwise false. + nmapSsl: false + # cascade.nmapNikto -- True if you want to cascade Nikto scans for each HTTP Port found by nmap, otherwise false. nmapNikto: false - # Cascade ZAP scans for each HTTP Port found by nmap + # cascade.nmapZapBaseline -- True if you want to cascade ZAP scans for each HTTP Port found by nmap, otherwise false. nmapZapBaseline: false image: + # image.repository -- Hook image repository repository: docker.io/scbexperimental/hook-imperative-subsequent-scans - # image.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index 21170803..39b91192 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -14,44 +14,39 @@ The ElasticSearch persistenceProvider hook saves all findings and reports into t ## Deployment -Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. +Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. ```bash helm upgrade --install elkh ./hooks/persistence-elastic/ ``` -## Configuration -see values.yaml - -```yaml -# Define a specific index prefix -indexPrefix: "scbv2" - -# Enable this when you already have an Elastic Stack running to which you want to send your results -externalElasticStack: - enabled: false - elasticsearchAddress: "https://elasticsearch.example.com" - kibanaAddress: "https://kibana.example.com" - -# Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch -# user and apikey are mutually exclusive, only set one! -authentication: - # Link a pre-existing generic secret with `username` and `password` key / value pairs - userSecret: null - # Link a pre-existing generic secret with `id` and `key` key / value pairs - apiKeySecret: null - -# Configures included Elasticsearch subchart -elasticsearch: - enabled: true - replicas: 1 - minimumMasterNodes: 1 - # image: docker.elastic.co/elasticsearch/elasticsearch-oss - -# Configures included Elasticsearch subchart -kibana: - enabled: true - # image: docker.elastic.co/kibana/kibana-oss -``` +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| authentication | object | `{"apiKeySecret":null,"userSecret":null}` | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! | +| authentication.apiKeySecret | string | `nil` | Link a pre-existing generic secret with `id` and `key` key / value pairs | +| authentication.userSecret | string | `nil` | Link a pre-existing generic secret with `username` and `password` key / value pairs | +| elasticsearch | object | `{"enabled":true,"minimumMasterNodes":1,"replicas":1}` | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) | +| elasticsearch.enabled | bool | `true` | Enable if you want to deploy an elasticsearch service. | +| elasticsearch.minimumMasterNodes | int | `1` | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 | +| elasticsearch.replicas | int | `1` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | +| externalElasticStack.elasticsearchAddress | string | `"https://elasticsearch.example.com"` | The URL of the elasticsearch service to persists all findings to. | +| externalElasticStack.enabled | bool | `false` | Enable this when you already have an Elastic Stack running to which you want to send your results | +| externalElasticStack.kibanaAddress | string | `"https://kibana.example.com"` | The URL of the kibana service used to visualize all findings. | +| fullnameOverride | string | `""` | | +| image.repository | string | `"docker.io/scbexperimental/persistence-elastic"` | Hook image repository | +| image.tag | string | `nil` | | +| imagePullSecrets | list | `[]` | | +| indexPrefix | string | `"scbv2"` | Define a specific index prefix used for all elasticsearch indices. | +| kibana | object | `{"enabled":true}` | Configures included Elasticsearch subchart | +| kibana.enabled | bool | `true` | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| tolerations | list | `[]` | | [elastic.io]: https://www.elastic.co/products/elasticsearch \ No newline at end of file diff --git a/hooks/persistence-elastic/README.md.gotmpl b/hooks/persistence-elastic/README.md.gotmpl new file mode 100644 index 00000000..e6841ab4 --- /dev/null +++ b/hooks/persistence-elastic/README.md.gotmpl @@ -0,0 +1,28 @@ +--- +title: "Elasticsearch" +path: "hooks/persistence-elastic" +category: "hook" +type: "persistenceProvider" +state: "released" +usecase: "Publishes all Scan Findings to Elasticsearch." +--- + + + +## About +The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io]. + +## Deployment + +Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. + +```bash +helm upgrade --install elkh ./hooks/persistence-elastic/ +``` + +## Chart Configuration + +{{ template "chart.valuesTable" . }} + + +[elastic.io]: https://www.elastic.co/products/elasticsearch \ No newline at end of file diff --git a/hooks/persistence-elastic/values.yaml b/hooks/persistence-elastic/values.yaml index 4f77b409..76b444df 100644 --- a/hooks/persistence-elastic/values.yaml +++ b/hooks/persistence-elastic/values.yaml @@ -3,36 +3,44 @@ # Declare variables to be passed into your templates. image: + # image.repository -- Hook image repository repository: docker.io/scbexperimental/persistence-elastic - # image.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null -# Define a specific index prefix +# indexPrefix -- Define a specific index prefix used for all elasticsearch indices. indexPrefix: "scbv2" -# Enable this when you already have an Elastic Stack running to which you want to send your results externalElasticStack: + # externalElasticStack.enabled -- Enable this when you already have an Elastic Stack running to which you want to send your results enabled: false + # externalElasticStack.elasticsearchAddress -- The URL of the elasticsearch service to persists all findings to. elasticsearchAddress: "https://elasticsearch.example.com" + # externalElasticStack.kibanaAddress -- The URL of the kibana service used to visualize all findings. kibanaAddress: "https://kibana.example.com" -# Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch +# authentication -- Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch # user and apikey are mutually exclusive, only set one! authentication: - # Link a pre-existing generic secret with `username` and `password` key / value pairs + # authentication.userSecret -- Link a pre-existing generic secret with `username` and `password` key / value pairs userSecret: null - # Link a pre-existing generic secret with `id` and `key` key / value pairs + # authentication.apiKeySecret -- Link a pre-existing generic secret with `id` and `key` key / value pairs apiKeySecret: null -# Configures included Elasticsearch subchart +# elasticsearch -- Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) elasticsearch: + # elasticsearch.enabled -- Enable if you want to deploy an elasticsearch service. enabled: true + # elasticsearch.replicas -- Kubernetes replica count for the StatefulSet (i.e. how many pods) replicas: 1 + # elasticsearch.minimumMasterNodes -- The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 minimumMasterNodes: 1 # image: docker.elastic.co/elasticsearch/elasticsearch-oss -# Configures included Elasticsearch subchart +# kibana -- Configures included Elasticsearch subchart kibana: + # kibana.enabled -- Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) enabled: true # image: docker.elastic.co/kibana/kibana-oss diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index 10f6c3a4..6ecdb700 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -11,10 +11,19 @@ usecase: "Updates fields in finding results." ## Deployment -Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. +Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. ```bash helm upgrade --install ufh ./hooks/update-field/ --set attribute.name="category" --set attribute.value="my-own-category" ``` -> ✍ This documentation is currently work-in-progress. +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| attribute.name | string | `"category"` | The name of the attribute you want to add to each finding result | +| attribute.value | string | `"my-own-category"` | The value of the attribute you want to add to each finding result | +| image.repository | string | `"docker.io/scbexperimental/update-field"` | Hook image repository | +| image.tag | string | `nil` | | diff --git a/hooks/update-field/README.md.gotmpl b/hooks/update-field/README.md.gotmpl new file mode 100644 index 00000000..bfc20599 --- /dev/null +++ b/hooks/update-field/README.md.gotmpl @@ -0,0 +1,24 @@ +--- +title: "Update Field" +path: "hooks/update-field" +category: "hook" +type: "dataProcessing" +state: "released" +usecase: "Updates fields in finding results." +--- + + + +## Deployment + +Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. + +```bash +helm upgrade --install ufh ./hooks/update-field/ --set attribute.name="category" --set attribute.value="my-own-category" +``` + +> ✍ This documentation is currently work-in-progress. + +## Chart Configuration + +{{ template "chart.valuesTable" . }} diff --git a/hooks/update-field/values.yaml b/hooks/update-field/values.yaml index 4e09ffa5..257c3d88 100644 --- a/hooks/update-field/values.yaml +++ b/hooks/update-field/values.yaml @@ -3,10 +3,14 @@ # Declare variables to be passed into your templates. attribute: + # attribute.name -- The name of the attribute you want to add to each finding result name: "category" + # attribute.value -- The value of the attribute you want to add to each finding result value: my-own-category image: + # image.repository -- Hook image repository repository: docker.io/scbexperimental/update-field - # image.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null diff --git a/operator/README.md b/operator/README.md new file mode 100644 index 00000000..b9e46fbe --- /dev/null +++ b/operator/README.md @@ -0,0 +1,42 @@ +![operator logo](https://docs.securecodebox.io/img/Logo%20Color.svg) + +The secureCodeBox operator is runniing on kubernetes and the core component of the complete secureCodeBox stack, responsible for operating all scans and ressources. + + + +## Deployment + +The secureCodeBox Operator can be deployed via helm: + +```bash +# Add the secureCodeBox Helm Repo +helm repo add secureCodeBox https://charts.securecodebox.io +# Create a new namespace for the secureCodeBox Operator +kubectl create namespace securecodebox-system +# Install the Operator & CRD's +helm install securecodebox-operator secureCodeBox/operator +``` + +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.pullPolicy | string | `"Always"` | Image pull policy | +| image.repository | string | `"docker.io/scbexperimental/operator"` | The operator image repository | +| image.tag | string | defaults to the charts version | Parser image tag | +| lurcher.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| lurcher.image.repository | string | `"docker.io/scbexperimental/lurcher"` | The operator image repository | +| lurcher.image.tag | string | defaults to the charts version | Parser image tag | +| minio.defaultBucket.enabled | bool | `true` | | +| minio.defaultBucket.name | string | `"securecodebox"` | | +| minio.enabled | bool | `true` | | +| resources | object | `{"limits":{"cpu":"100m","memory":"30Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| s3.bucket | string | `"my-bucket"` | | +| s3.enabled | bool | `false` | | +| s3.endpoint | string | `"fra1.digitaloceanspaces.com"` | | +| s3.keySecret | string | `"my-secret"` | | +| s3.port | string | `nil` | | +| s3.secretAttributeNames.accesskey | string | `"accesskey"` | | +| s3.secretAttributeNames.secretkey | string | `"secretkey"` | | +| telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry | + diff --git a/operator/README.md.gotmpl b/operator/README.md.gotmpl new file mode 100644 index 00000000..0fbbc7c8 --- /dev/null +++ b/operator/README.md.gotmpl @@ -0,0 +1,23 @@ +![operator logo](https://docs.securecodebox.io/img/Logo%20Color.svg) + +The secureCodeBox operator is runniing on kubernetes and the core component of the complete secureCodeBox stack, responsible for operating all scans and ressources. + + + +## Deployment + +The secureCodeBox Operator can be deployed via helm: + +```bash +# Add the secureCodeBox Helm Repo +helm repo add secureCodeBox https://charts.securecodebox.io +# Create a new namespace for the secureCodeBox Operator +kubectl create namespace securecodebox-system +# Install the Operator & CRD's +helm install securecodebox-operator secureCodeBox/operator +``` + +## Chart Configuration + +{{ template "chart.valuesTable" . }} + diff --git a/operator/values.yaml b/operator/values.yaml index a9fdd3da..e6ab5b82 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -6,27 +6,34 @@ telemetryEnabled: true image: + # image.repository -- The operator image repository repository: docker.io/scbexperimental/operator - # image.tag -- defaults to the charts version + # image.tag -- Parser image tag + # @default -- defaults to the charts version tag: null + # image.pullPolicy -- Image pull policy pullPolicy: Always lurcher: image: + # lurcher.image.repository -- The operator image repository repository: docker.io/scbexperimental/lurcher - # lurcher.image.tag -- defaults to the charts version + # lurcher.image.tag -- Parser image tag + # @default -- defaults to the charts version tag: null + # lurcher.image.pullPolicy -- Image pull policy pullPolicy: IfNotPresent minio: + # minio.enabled Enable this to use minio as storage backend instead of a cloud bucket provider like AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. enabled: true defaultBucket: enabled: true name: "securecodebox" # Config for external s3 systems -# enable this and disable minio if you want to directly connect agains AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. s3: + # s3.enabled Enable this and disable minio if you want to directly connect agains AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. enabled: false endpoint: "fra1.digitaloceanspaces.com" bucket: "my-bucket" @@ -45,6 +52,7 @@ s3: # # Config for the operator ressource limits # +# resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) resources: limits: cpu: 100m diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 5509ba4f..84344bcd 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -22,7 +22,7 @@ The AMASS scanType can be deployed via helm: helm upgrade --install amass ./scanners/amass/ ``` -## Configuration +## Scanner Configuration The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. @@ -36,6 +36,19 @@ Special command line options: - Disable saving data into a local database `amass enum -nolocaldb -d example.com` - Domain names separated by commas (can be used multiple times) `amass enum -d example.com` +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| parserImage.repository | string | `"docker.io/scbexperimental/parser-amass"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | Defines how long the scanner job after finishing will be available (see: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/) | + [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass -[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md \ No newline at end of file diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl new file mode 100644 index 00000000..957aa9c5 --- /dev/null +++ b/scanners/amass/README.md.gotmpl @@ -0,0 +1,45 @@ +--- +title: "Amass" +path: "scanners/amass" +category: "scanner" +type: "Network" +state: "released" +appVersion: "3.10.3" +usecase: "Subdomain Enumeration Scanner" +--- + +![owasp logo](https://owasp.org/assets/images/logo.png) + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. + + + +## Deployment + +The AMASS scanType can be deployed via helm: + +```bash +helm upgrade --install amass ./scanners/amass/ +``` + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +## Chart Configuration + +{{ template "chart.valuesTable" . }} + +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md \ No newline at end of file diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml index 2cf199b6..124c97b3 100644 --- a/scanners/amass/values.yaml +++ b/scanners/amass/values.yaml @@ -1,12 +1,16 @@ parserImage: + # parserImage.repository -- Parser image repository repository: docker.io/scbexperimental/parser-amass - # parserImage.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null scannerJob: + # scannerJob.ttlSecondsAfterFinished -- Defines how long the scanner job after finishing will be available (see: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/) ttlSecondsAfterFinished: null + + # scannerJob.resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) resources: {} -# scannerJob: # resources: # requests: # memory: "256Mi" @@ -14,3 +18,15 @@ scannerJob: # limits: # memory: "512Mi" # cpu: "500m" + + # scannerJob.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) + env: [] + + # scannerJob.extraVolumes -- Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) + extraVolumes: [] + + # scannerJob.extraVolumeMounts -- Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) + extraVolumeMounts: [] + + # scannerJob.extraContainers -- Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) + extraContainers: [] \ No newline at end of file diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index e60d7413..937ce3e2 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -22,7 +22,7 @@ The kube-hunter ScanType can be deployed via helm: helm upgrade --install kube-hunter ./scanners/kube-hunter/ ``` -## Configuration +## Scanner Configuration The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. @@ -30,6 +30,19 @@ The following security scan configuration example are based on the [kube-hunter * To specify interface scanning, you can use the --interface option (this will scan all of the machine's network interfaces). Example: `kube-hunter --interface` * To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24` +## Chart Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| parserImage.repository | string | `"docker.io/scbexperimental/parser-kube-hunter"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | Defines how long the scanner job after finishing will be available (see: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/) | + [kube-hunter Website]: https://kube-hunter.aquasec.com/ [kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter [kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options diff --git a/scanners/kube-hunter/README.md.gotmpl b/scanners/kube-hunter/README.md.gotmpl new file mode 100644 index 00000000..c6646967 --- /dev/null +++ b/scanners/kube-hunter/README.md.gotmpl @@ -0,0 +1,39 @@ +--- +title: "kube-hunter" +path: "scanners/kube-hunter" +category: "scanner" +type: "Kubernetes" +state: "released" +appVersion: "0.3.1" +usecase: "Kubernetes Vulnerability Scanner" +--- + +kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own! + +To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website]. + + + +## Deployment + +The kube-hunter ScanType can be deployed via helm: + +```bash +helm upgrade --install kube-hunter ./scanners/kube-hunter/ +``` + +## Scanner Configuration + +The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. + +* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com` +* To specify interface scanning, you can use the --interface option (this will scan all of the machine's network interfaces). Example: `kube-hunter --interface` +* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24` + +## Chart Configuration + +{{ template "chart.valuesTable" . }} + +[kube-hunter Website]: https://kube-hunter.aquasec.com/ +[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter +[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index c70b3bad..ab4c6bb4 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -1,8 +1,32 @@ parserImage: + # parserImage.repository -- Parser image repository repository: docker.io/scbexperimental/parser-kube-hunter - # parserImage.tag - defaults to the charts version + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version tag: null scannerJob: + # scannerJob.ttlSecondsAfterFinished -- Defines how long the scanner job after finishing will be available (see: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/) ttlSecondsAfterFinished: null + + # scannerJob.resources -- CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) resources: {} +# resources: +# requests: +# memory: "256Mi" +# cpu: "250m" +# limits: +# memory: "512Mi" +# cpu: "500m" + + # scannerJob.env -- Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) + env: [] + + # scannerJob.extraVolumes -- Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) + extraVolumes: [] + + # scannerJob.extraVolumeMounts -- Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) + extraVolumeMounts: [] + + # scannerJob.extraContainers -- Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) + extraContainers: [] diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 358590fb..79cac4db 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -25,8 +25,7 @@ kubectl create secret generic --from-file users.txt --from-file passwords.txt nc IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8) - -Now we created a secret named "ncrack-lists". +Now we created a secret named "ncrack-lists". But before we can use the files, we have to install the ncrack ScanType: ```bash @@ -60,12 +59,99 @@ helm upgrade --install ncrack ./scanners/ncrack/ helm delete ncrack ``` -#### Options +## Scanner Configuration -All additional options for ncrack can be found on [Ncrack Documentation]. +The following security scan configuration example are based on the [Ncrack Documentation], please take a look at the original documentation for more configuration examples. ---- +This options summary is printed when Ncrack is run with no arguments. It helps people remember the most common options, but is no substitute for the in-depth documentation in the rest of this manual. + +``` +Ncrack 0.7 ( http://ncrack.org ) +Usage: ncrack [Options] {target and service specification} +TARGET SPECIFICATION: + Can pass hostnames, IP addresses, networks, etc. + Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 + -iX : Input from Nmap's -oX XML output format + -iN : Input from Nmap's -oN Normal output format + -iL : Input from list of hosts/networks + --exclude : Exclude hosts/networks + --excludefile : Exclude list from file +SERVICE SPECIFICATION: + Can pass target specific services in ://target (standard) notation or + using -p which will be applied to all hosts in non-standard notation. + Service arguments can be specified to be host-specific, type of service-specific + (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000 + Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl + -p : services will be applied to all non-standard notation hosts + -m :: options will be applied to all services of this type + -g : options will be applied to every service globally + Misc options: + ssl: enable SSL over this service + path : used in modules like HTTP ('=' needs escaping if used) + db : used in modules like MongoDB to specify the database + domain : used in modules like WinRM to specify the domain +TIMING AND PERFORMANCE: + Options which take