Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added nats sdk #371

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

trivy-testing

2c3a1cd
Select commit
Loading
Failed to load commit list.
Open

added nats sdk #371

trivy-testing
2c3a1cd
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded May 28, 2024 in 1m 26s

DryRun Security

Details

Authn/Authz Analyzer Findings: 6 detected

⚠️ Potential Authn/Authz Function Used or Modified agent/kubviz/k8smetrics_agent.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains variables related to a NATS token, NATS URL, and cluster name, which could potentially be used for authentication or authorization purposes in a web application. The NATS token and NATS URL are commonly used for authenticating and authorizing access to NATS messaging systems, which are often used in web applications for various functionalities.
Filename agent/kubviz/k8smetrics_agent.go
CodeLink

kubviz/agent/kubviz/k8smetrics_agent.go

Lines 56 to 61 in 2c3a1cd

// nats token, natsurl, clustername
var (
ClusterName string = os.Getenv("CLUSTER_NAME")
//for local testing provide the location of kubeconfig
cluster_conf_loc string = os.Getenv("CONFIG_LOCATION")
⚠️ Potential Authn/Authz Function Used or Modified agent/kubviz/plugins/events/event_metrics_utils.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code imports the 'github.com/intelops/kubviz/pkg/nats/sdk' package, which could potentially contain functions related to authentication or authorization. The NATS messaging system often requires authentication and authorization mechanisms, and the SDK package may include functions that handle these aspects.
Filename agent/kubviz/plugins/events/event_metrics_utils.go
CodeLink

kubviz/agent/kubviz/plugins/events/event_metrics_utils.go

Lines 13 to 19 in 2c3a1cd

"github.com/intelops/kubviz/constants"
"github.com/intelops/kubviz/model"
"github.com/intelops/kubviz/pkg/nats/sdk"
"github.com/intelops/kubviz/pkg/opentelemetry"
"github.com/nats-io/nats.go"
"go.opentelemetry.io/otel"
⚠️ Potential Authn/Authz Function Used or Modified agent/kubviz/plugins/events/event_metrics_utils.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function related to authentication or authorization. The verify_token function is used to authenticate a user by verifying a token before issuing a browser-based session token (cookie). This function is commonly used in authentication flows to validate user credentials or session information.
Filename agent/kubviz/plugins/events/event_metrics_utils.go
CodeLink

kubviz/agent/kubviz/plugins/events/event_metrics_utils.go

Lines 13 to 19 in 2c3a1cd

"github.com/intelops/kubviz/constants"
"github.com/intelops/kubviz/model"
"github.com/intelops/kubviz/pkg/nats/sdk"
"github.com/intelops/kubviz/pkg/opentelemetry"
"github.com/nats-io/nats.go"
"go.opentelemetry.io/otel"
⚠️ Potential Authn/Authz Function Used or Modified agent/kubviz/plugins/trivy/trivy_image.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code imports the 'github.com/intelops/kubviz/model' and 'github.com/intelops/kubviz/pkg/nats/sdk' packages, which could potentially contain functions related to authentication or authorization. The 'model' package may define data structures or models used for authentication, and the 'nats/sdk' package may include functions for managing authentication or authorization in the context of the NATS messaging system.
Filename agent/kubviz/plugins/trivy/trivy_image.go
CodeLink

kubviz/agent/kubviz/plugins/trivy/trivy_image.go

Lines 14 to 20 in 2c3a1cd

"github.com/google/uuid"
"github.com/intelops/kubviz/constants"
"github.com/intelops/kubviz/model"
"github.com/intelops/kubviz/pkg/nats/sdk"
"github.com/intelops/kubviz/pkg/opentelemetry"
"github.com/nats-io/nats.go"
"github.com/pkg/errors"
⚠️ Potential Authn/Authz Function Used or Modified agent/kubviz/plugins/trivy/trivy_image.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code imports the 'github.com/intelops/kubviz/model' package, which could potentially contain functions related to authentication or authorization. Additionally, the code imports the 'github.com/nats-io/nats.go' package, which is a NATS messaging system library that may be used for authentication or authorization purposes in the application.
Filename agent/kubviz/plugins/trivy/trivy_image.go
CodeLink

kubviz/agent/kubviz/plugins/trivy/trivy_image.go

Lines 14 to 20 in 2c3a1cd

"github.com/google/uuid"
"github.com/intelops/kubviz/constants"
"github.com/intelops/kubviz/model"
"github.com/intelops/kubviz/pkg/nats/sdk"
"github.com/intelops/kubviz/pkg/opentelemetry"
"github.com/nats-io/nats.go"
"github.com/pkg/errors"
⚠️ Potential Authn/Authz Function Used or Modified pkg/nats/sdk/config.go (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains functions related to authentication or authorization, specifically the natsConfig struct and the loadNatsConfig() function. The natsConfig struct has fields that are related to authentication, such as NatsToken and EnableToken. Additionally, the mtlsConfig struct within natsConfig is related to authentication, as it contains fields for certificate and key file paths, as well as a flag to enable mTLS (mutual TLS) for the NATS connection. These configurations are typically used to authenticate clients or servers in a secure communication setup.
Filename pkg/nats/sdk/config.go
CodeLink

kubviz/pkg/nats/sdk/config.go

Lines 1 to 28 in 2c3a1cd

package sdk
import (
"github.com/kelseyhightower/envconfig"
"github.com/pkg/errors"
)
type natsConfig struct {
NatsAddress string `envconfig:"NATS_ADDRESS"`
NatsToken string `envconfig:"NATS_TOKEN"`
MtlsConfig mtlsConfig
EnableToken bool `envconfig:"ENABLE_TOKEN"`
}
type mtlsConfig struct {
CertificateFilePath string `envconfig:"CERT_FILE" default:""`
KeyFilePath string `envconfig:"KEY_FILE" default:""`
CAFilePath string `envconfig:"CA_FILE" default:""`
IsEnabled bool `envconfig:"ENABLE_MTLS_NATS" default:"false"`
}
func loadNatsConfig() (*natsConfig, error) {
natsConf := &natsConfig{}
if err := envconfig.Process("", natsConf); err != nil {
return nil, errors.WithStack(err)
}
return natsConf, nil
}
View more details on DryRunSecurity