Affected by GO-2024-2582 and 3 other vulnerabilities

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

interfaces

package

v0.0.49 Latest Latest Go to latest Published: May 16, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/minder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package interfaces provides necessary interfaces and implementations for implementing engine plugins

Index ¶

type Action
type ActionCmd
type ActionOpt
- func ActionOptFromString(s *string, defAction ActionOpt) ActionOpt
- func (a ActionOpt) String() string
type ActionType
type ActionsParams
type EvalParamsReadWriter
type EvalParamsReader
type EvalStatusParams
type Evaluator
type Ingester
type Result

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action interface {
	Class() ActionType
	Type() string
	GetOnOffState(*pb.Profile) ActionOpt
	Do(ctx context.Context, cmd ActionCmd, setting ActionOpt, entity protoreflect.ProtoMessage,
		params ActionsParams, metadata *json.RawMessage) (json.RawMessage, error)
}

Action is the interface for a rule type action

type ActionCmd ¶

type ActionCmd string

ActionCmd is the type that defines what effect an action should have

const (
	// ActionCmdOff means turn off the action
	ActionCmdOff ActionCmd = "turn_off"
	// ActionCmdOn means turn on the action
	ActionCmdOn ActionCmd = "turn_on"
	// ActionCmdDoNothing means the action should do nothing
	ActionCmdDoNothing ActionCmd = "do_nothing"
)

type ActionOpt ¶

type ActionOpt int

ActionOpt is the type that defines what action to take when remediating

const (
	// ActionOptOn means perform the remediation
	ActionOptOn ActionOpt = iota
	// ActionOptOff means do not perform the remediation
	ActionOptOff
	// ActionOptDryRun means perform a dry run of the remediation
	ActionOptDryRun
	// ActionOptUnknown means the action is unknown. This is a sentinel value.
	ActionOptUnknown
)

func ActionOptFromString ¶

func ActionOptFromString(s *string, defAction ActionOpt) ActionOpt

ActionOptFromString returns the ActionOpt from a string representation

func (ActionOpt) String ¶ added in v0.0.25

func (a ActionOpt) String() string

type ActionType ¶

type ActionType string

ActionType represents the type of action, i.e., remediate, alert, etc.

type ActionsParams ¶

type ActionsParams interface {
	EvalParamsReader
	GetActionsOnOff() map[ActionType]ActionOpt
	GetActionsErr() evalerrors.ActionsError
	GetEvalErr() error
	GetEvalStatusFromDb() *db.ListRuleEvaluationsByProfileIdRow
	GetRuleType() *pb.RuleType
	GetProfile() *pb.Profile
}

ActionsParams is the interface used for processing a rule type action

type EvalParamsReadWriter ¶ added in v0.0.25

type EvalParamsReadWriter interface {
	EvalParamsReader
	SetIngestResult(*Result)
}

EvalParamsReadWriter is the interface used for a rule type engine, allows setting the ingestion result

type EvalParamsReader ¶ added in v0.0.25

type EvalParamsReader interface {
	GetRule() *pb.Profile_Rule
	GetIngestResult() *Result
}

EvalParamsReader is the interface used for a rule type evaluator

type EvalStatusParams ¶

type EvalStatusParams struct {
	Result           *Result
	Profile          *pb.Profile
	Rule             *pb.Profile_Rule
	RuleType         *pb.RuleType
	ProfileID        uuid.UUID
	RepoID           uuid.NullUUID
	ArtifactID       uuid.NullUUID
	PullRequestID    uuid.NullUUID
	EntityType       db.Entities
	RuleTypeID       uuid.UUID
	EvalStatusFromDb *db.ListRuleEvaluationsByProfileIdRow
	// contains filtered or unexported fields
}

EvalStatusParams is a helper struct to pass parameters to createOrUpdateEvalStatus to avoid confusion with the parameters' order. Since at the moment, all our entities are bound to a repo and most profiles are expecting a repo, the RepoID parameter is mandatory. For entities other than artifacts, the ArtifactID should be 0 that is translated to NULL in the database.

func (*EvalStatusParams) DecorateLogger ¶ added in v0.0.38

func (e *EvalStatusParams) DecorateLogger(l zerolog.Logger) zerolog.Logger

DecorateLogger decorates the logger with the necessary fields

func (*EvalStatusParams) GetActionsErr ¶

func (e *EvalStatusParams) GetActionsErr() evalerrors.ActionsError

GetActionsErr returns the actions' error

func (*EvalStatusParams) GetActionsOnOff ¶ added in v0.0.25

func (e *EvalStatusParams) GetActionsOnOff() map[ActionType]ActionOpt

GetActionsOnOff returns the actions' on/off state

func (*EvalStatusParams) GetEvalErr ¶

func (e *EvalStatusParams) GetEvalErr() error

GetEvalErr returns the evaluation error

func (*EvalStatusParams) GetEvalStatusFromDb ¶

func (e *EvalStatusParams) GetEvalStatusFromDb() *db.ListRuleEvaluationsByProfileIdRow

GetEvalStatusFromDb returns the evaluation status from the database

func (*EvalStatusParams) GetIngestResult ¶ added in v0.0.20

func (e *EvalStatusParams) GetIngestResult() *Result

GetIngestResult returns the result of the ingestion, if any

func (*EvalStatusParams) GetProfile ¶

func (e *EvalStatusParams) GetProfile() *pb.Profile

GetProfile returns the profile

func (*EvalStatusParams) GetRule ¶

func (e *EvalStatusParams) GetRule() *pb.Profile_Rule

GetRule returns the rule

func (*EvalStatusParams) GetRuleType ¶

func (e *EvalStatusParams) GetRuleType() *pb.RuleType

GetRuleType returns the rule type

func (*EvalStatusParams) SetActionsErr ¶

func (e *EvalStatusParams) SetActionsErr(ctx context.Context, actionErr evalerrors.ActionsError)

SetActionsErr sets the actions' error

func (*EvalStatusParams) SetActionsOnOff ¶ added in v0.0.25

func (e *EvalStatusParams) SetActionsOnOff(actionsOnOff map[ActionType]ActionOpt)

SetActionsOnOff sets the actions' on/off state

func (*EvalStatusParams) SetEvalErr ¶

func (e *EvalStatusParams) SetEvalErr(err error)

SetEvalErr sets the evaluation error

func (*EvalStatusParams) SetIngestResult ¶ added in v0.0.20

func (e *EvalStatusParams) SetIngestResult(res *Result)

SetIngestResult sets the result of the ingestion for use later on in the actions

type Evaluator ¶

type Evaluator interface {
	Eval(ctx context.Context, profile map[string]any, res *Result) error
}

Evaluator is the interface for a rule type evaluator

type Ingester ¶

type Ingester interface {
	// Ingest does the actual data ingestion for a rule type
	Ingest(ctx context.Context, ent protoreflect.ProtoMessage, params map[string]any) (*Result, error)
	// GetType returns the type of the ingester
	GetType() string
	// GetConfig returns the config for the ingester
	GetConfig() protoreflect.ProtoMessage
}

Ingester is the interface for a rule type ingester

type Result ¶

type Result struct {
	// Object is the object that was ingested. Normally comes from an external
	// system like an HTTP server.
	Object any
	// Fs is the filesystem that was created as a result of the ingestion. This
	// is normally used by the evaluator to do rule evaluation. The filesystem
	// may be a git repo, or a memory filesystem.
	Fs billy.Filesystem
	// Storer is the git storer that was created as a result of the ingestion.
	// FIXME: It might be cleaner to either wrap both Fs and Storer in a struct
	// or pass out the git.Repository structure instead of the storer.
	Storer storage.Storer
}

Result is the result of an ingester

Source Files ¶

View all Source files

interface.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL