diff --git a/.github/workflows/golang-linter.yaml b/.github/workflows/golang-linter.yaml index a456a2ea90..46dc43acea 100644 --- a/.github/workflows/golang-linter.yaml +++ b/.github/workflows/golang-linter.yaml @@ -15,7 +15,6 @@ jobs: steps: - uses: actions/checkout@v3 with: - # token: ${{ secrets.CI_PAT }} submodules: recursive fetch-depth: "0" - uses: actions/setup-go@v4 @@ -28,3 +27,22 @@ jobs: version: v1.55 only-new-issues: true working-directory: deepfence_bootstrapper + + lint-utils: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3 + with: + submodules: recursive + fetch-depth: "0" + - uses: actions/setup-go@v4 + with: + go-version: '1.21' + cache: false + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: v1.55 + only-new-issues: true + working-directory: deepfence_utils + args: --timeout=30m diff --git a/deepfence_agent/plugins/YaraHunter b/deepfence_agent/plugins/YaraHunter index 3b394cd867..11e2ed7d8f 160000 --- a/deepfence_agent/plugins/YaraHunter +++ b/deepfence_agent/plugins/YaraHunter @@ -1 +1 @@ -Subproject commit 3b394cd8678fc5f586609ffff099ee974a45e4d0 +Subproject commit 11e2ed7d8feeb7a9e38fc73e8dccd6c1f74266d2 diff --git a/deepfence_bootstrapper/controls/controls.go b/deepfence_bootstrapper/controls/controls.go index 4fd5efa608..5b51f8d09e 100644 --- a/deepfence_bootstrapper/controls/controls.go +++ b/deepfence_bootstrapper/controls/controls.go @@ -73,8 +73,8 @@ func SetAgentControls() { linuxScannerUtil.Config{ ComplianceCheckTypes: strings.Split(req.BinArgs["benchmark_types"], ","), ScanID: req.BinArgs["scan_id"], - NodeID: req.NodeId, - NodeName: req.NodeId, + NodeID: req.NodeID, + NodeName: req.NodeID, ComplianceResultsFilePath: fmt.Sprintf("/var/log/fenced/compliance/%s.log", req.BinArgs["scan_id"]), ComplianceStatusFilePath: "/var/log/fenced/compliance-scan-logs/status.log", }) @@ -115,7 +115,7 @@ func SetAgentControls() { log.Info().Msg("Start & download Agent Plugin") router.SetUpgrade() defer router.UnsetUpgrade() - err = supervisor.UpgradeProcessFromURL(req.PluginName, req.BinUrl) + err = supervisor.UpgradeProcessFromURL(req.PluginName, req.BinURL) if err != nil { return err } diff --git a/deepfence_bootstrapper/controls/diagnostic_logs.go b/deepfence_bootstrapper/controls/diagnostic_logs.go index 716053d2b2..05174b6730 100644 --- a/deepfence_bootstrapper/controls/diagnostic_logs.go +++ b/deepfence_bootstrapper/controls/diagnostic_logs.go @@ -23,22 +23,22 @@ func SendAgentDiagnosticLogs(req ctl.SendAgentDiagnosticLogsRequest, pathsToZip fileName := "/tmp/" + req.FileName err = utils.RecursiveZip(pathsToZip, excludePathPrefixes, fileName) if err != nil { - _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error()) + _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeID, utils.ScanStatusFailed, err.Error()) return err } defer os.RemoveAll(fileName) resp, statusCode, err := utils.UploadFile(req.UploadURL, fileName) if err != nil { - _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, err.Error()) + _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeID, utils.ScanStatusFailed, err.Error()) return err } if statusCode != http.StatusOK { - _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_FAILED, string(resp)) + _ = publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeID, utils.ScanStatusFailed, string(resp)) return errors.New(string(resp)) } - return publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeId, utils.SCAN_STATUS_SUCCESS, "") + return publishDiagnosticLogsStatus(ctx, httpsClient.Client(), req.NodeID, utils.ScanStatusSuccess, "") } func publishDiagnosticLogsStatus(ctx context.Context, httpsClient *client.APIClient, nodeID string, status string, message string) error { diff --git a/deepfence_bootstrapper/controls/kubernetes.go b/deepfence_bootstrapper/controls/kubernetes.go index 1544030890..f76748379a 100644 --- a/deepfence_bootstrapper/controls/kubernetes.go +++ b/deepfence_bootstrapper/controls/kubernetes.go @@ -14,8 +14,8 @@ func StartComplianceScan(req ctl.StartComplianceScanRequest) error { k8sscannerutil.Config{ ComplianceCheckType: k8sscannerutil.NsaCisaCheckType, ScanId: req.BinArgs["scan_id"], - NodeId: req.NodeId, - NodeName: req.NodeId, + NodeId: req.NodeID, + NodeName: req.NodeID, ComplianceResultsFilePath: fmt.Sprintf("/var/log/fenced/compliance/%s.log", req.BinArgs["scan_id"]), ComplianceStatusFilePath: "/var/log/fenced/compliance-scan-logs/status.log", }) diff --git a/deepfence_bootstrapper/router/upgrade.go b/deepfence_bootstrapper/router/upgrade.go index a0bbd2bdff..27c882fedb 100644 --- a/deepfence_bootstrapper/router/upgrade.go +++ b/deepfence_bootstrapper/router/upgrade.go @@ -21,8 +21,8 @@ const ( ) func StartAgentUpgrade(req ctl.StartAgentUpgradeRequest) error { - log.Info().Msgf("Fetching %v", req.HomeDirectoryUrl) - err := downloadFile(binariesFile, req.HomeDirectoryUrl) + log.Info().Msgf("Fetching %v", req.HomeDirectoryURL) + err := downloadFile(binariesFile, req.HomeDirectoryURL) if err != nil { return err } diff --git a/deepfence_server/controls/agent.go b/deepfence_server/controls/agent.go index bf0c4ea279..358362b351 100644 --- a/deepfence_server/controls/agent.go +++ b/deepfence_server/controls/agent.go @@ -92,7 +92,7 @@ func GetPendingAgentScans(ctx context.Context, nodeId string, availableWorkload r, err := tx.Run(` MATCH (s) -[:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE s.status = '`+utils.SCAN_STATUS_INPROGRESS+`' + WHERE s.status = '`+utils.ScanStatusInProgress+`' AND s.retries < 3 SET s.retries = s.retries + 1 WITH s @@ -145,7 +145,7 @@ func hasAgentDiagnosticLogRequests(client neo4j.Driver, nodeId string, nodeType r, err := tx.Run(`MATCH (s:AgentDiagnosticLogs) -[:SCHEDULEDLOGS]-> (n{node_id:$id}) WHERE (n:`+controls.ResourceTypeToNeo4j(nodeType)+`) - AND s.status = '`+utils.SCAN_STATUS_STARTING+`' + AND s.status = '`+utils.ScanStatusStarting+`' AND s.retries < 3 WITH s LIMIT $max_work WITH s @@ -186,10 +186,10 @@ func ExtractAgentDiagnosticLogRequests(ctx context.Context, nodeId string, nodeT r, err := tx.Run(`MATCH (s:AgentDiagnosticLogs) -[:SCHEDULEDLOGS]-> (n{node_id:$id}) WHERE (n:`+controls.ResourceTypeToNeo4j(nodeType)+`) - AND s.status = '`+utils.SCAN_STATUS_STARTING+`' + AND s.status = '`+utils.ScanStatusStarting+`' AND s.retries < 3 WITH s LIMIT $max_work - SET s.status = '`+utils.SCAN_STATUS_INPROGRESS+`' + SET s.status = '`+utils.ScanStatusInProgress+`' WITH s RETURN s.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) @@ -234,7 +234,7 @@ func hasPendingAgentScans(client neo4j.Driver, nodeId string, max_work int) (boo defer tx.Close() r, err := tx.Run(`MATCH (s) -[:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE s.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE s.status = '`+utils.ScanStatusStarting+`' AND s.retries < 3 WITH s LIMIT $max_work RETURN s.trigger_action`, @@ -275,10 +275,10 @@ func ExtractStartingAgentScans(ctx context.Context, nodeId string, defer tx.Close() r, err := tx.Run(`MATCH (s) -[:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE s.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE s.status = '`+utils.ScanStatusStarting+`' AND s.retries < 3 WITH s ORDER BY s.is_priority DESC, s.updated_at ASC LIMIT $max_work - SET s.status = '`+utils.SCAN_STATUS_INPROGRESS+`', s.updated_at = TIMESTAMP() + SET s.status = '`+utils.ScanStatusInProgress+`', s.updated_at = TIMESTAMP() WITH s RETURN s.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) @@ -338,9 +338,9 @@ func ExtractStoppingAgentScans(ctx context.Context, nodeId string, defer tx.Close() r, err := tx.Run(`MATCH (s) -[:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE s.status = '`+utils.SCAN_STATUS_CANCEL_PENDING+`' + WHERE s.status = '`+utils.ScanStatusCancelPending+`' WITH s LIMIT $max_work - SET s.status = '`+utils.SCAN_STATUS_CANCELLING+`', s.updated_at = TIMESTAMP() + SET s.status = '`+utils.ScanStatusCancelling+`', s.updated_at = TIMESTAMP() WITH s RETURN s.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) @@ -401,7 +401,7 @@ func hasPendingAgentUpgrade(client neo4j.Driver, nodeId string, max_work int) (b defer tx.Close() r, err := tx.Run(`MATCH (s:AgentVersion) -[r:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE r.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE r.status = '`+utils.ScanStatusStarting+`' AND r.retries < 3 WITH r LIMIT $max_work RETURN r.trigger_action`, @@ -440,10 +440,10 @@ func ExtractPendingAgentUpgrade(ctx context.Context, nodeId string, max_work int defer tx.Close() r, err := tx.Run(`MATCH (s:AgentVersion) -[r:SCHEDULED]-> (n:Node{node_id:$id}) - WHERE r.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE r.status = '`+utils.ScanStatusStarting+`' AND r.retries < 3 WITH r LIMIT $max_work - SET r.status = '`+utils.SCAN_STATUS_INPROGRESS+`' + SET r.status = '`+utils.ScanStatusInProgress+`' WITH r RETURN r.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) @@ -516,5 +516,4 @@ func CheckNodeExist(ctx context.Context, nodeId string) error { } return nil - } diff --git a/deepfence_server/controls/kubernetes_cluster.go b/deepfence_server/controls/kubernetes_cluster.go index 73f137c704..de768eee2c 100644 --- a/deepfence_server/controls/kubernetes_cluster.go +++ b/deepfence_server/controls/kubernetes_cluster.go @@ -34,7 +34,8 @@ func GetKubernetesClusterActions(ctx context.Context, nodeId string, workNumToEx } diagnosticLogActions, scan_err := ExtractAgentDiagnosticLogRequests(ctx, nodeId, controls.KubernetesCluster, workNumToExtract) - workNumToExtract -= len(diagnosticLogActions) + + workNumToExtract -= len(diagnosticLogActions) //nolint:ineffassign if scan_err == nil { actions = append(actions, diagnosticLogActions...) } @@ -66,10 +67,10 @@ func ExtractStartingKubernetesClusterScans(ctx context.Context, nodeId string, m defer tx.Close() r, err := tx.Run(`MATCH (s) -[:SCHEDULED]-> (n:KubernetesCluster{node_id:$id}) - WHERE s.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE s.status = '`+utils.ScanStatusStarting+`' AND s.retries < 3 WITH s LIMIT $max_work - SET s.status = '`+utils.SCAN_STATUS_INPROGRESS+`' + SET s.status = '`+utils.ScanStatusInProgress+`' WITH s RETURN s.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) @@ -123,10 +124,10 @@ func ExtractPendingKubernetesClusterUpgrade(ctx context.Context, nodeId string, defer tx.Close() r, err := tx.Run(`MATCH (s:AgentVersion) -[r:SCHEDULED]-> (n:KubernetesCluster{node_id:$id}) - WHERE r.status = '`+utils.SCAN_STATUS_STARTING+`' + WHERE r.status = '`+utils.ScanStatusStarting+`' AND r.retries < 3 WITH r LIMIT $max_work - SET r.status = '`+utils.SCAN_STATUS_INPROGRESS+`' + SET r.status = '`+utils.ScanStatusInProgress+`' WITH r RETURN r.trigger_action`, map[string]interface{}{"id": nodeId, "max_work": max_work}) diff --git a/deepfence_server/controls/version.go b/deepfence_server/controls/version.go index 35601b6c7f..61e0f1be3f 100644 --- a/deepfence_server/controls/version.go +++ b/deepfence_server/controls/version.go @@ -28,7 +28,7 @@ func PrepareAgentUpgradeAction(ctx context.Context, version string) (ctl.Action, } internal_req := ctl.StartAgentUpgradeRequest{ - HomeDirectoryUrl: url, + HomeDirectoryURL: url, Version: version, } @@ -72,7 +72,7 @@ func ScheduleAgentUpgrade(ctx context.Context, version string, nodeIds []string, map[string]interface{}{ "version": version, "node_ids": nodeIds, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "action": string(action_str), }) @@ -343,7 +343,7 @@ func ScheduleAgentPluginEnable(ctx context.Context, version, plugin_name string, map[string]interface{}{ "version": version, "node_ids": nodeIds, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "action": string(action_str), }) @@ -385,7 +385,7 @@ func ScheduleAgentPluginDisable(ctx context.Context, plugin_name string, nodeIds _, err = tx.Run(query, map[string]interface{}{ "node_ids": nodeIds, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "action": string(action_str), }) diff --git a/deepfence_server/diagnosis/agent-diagnosis/agent_diagnosis.go b/deepfence_server/diagnosis/agent-diagnosis/agent_diagnosis.go index 51ab0fbd2b..fda6b8a243 100644 --- a/deepfence_server/diagnosis/agent-diagnosis/agent_diagnosis.go +++ b/deepfence_server/diagnosis/agent-diagnosis/agent_diagnosis.go @@ -43,8 +43,8 @@ func verifyNodeIds(ctx context.Context, nodeIdentifiers []diagnosis.NodeIdentifi WHERE NOT a.status = $complete AND NOT a.status = $failed RETURN n.node_id,a.status`, map[string]interface{}{"node_ids": nodeIds, - "complete": utils.SCAN_STATUS_SUCCESS, - "failed": utils.SCAN_STATUS_FAILED}) + "complete": utils.ScanStatusSuccess, + "failed": utils.ScanStatusFailed}) if err != nil { return inProgressNodeIds, err } @@ -111,7 +111,7 @@ func GenerateAgentDiagnosticLogs(ctx context.Context, nodeIdentifiers []diagnosi actionBuilder := func(nodeIdentifier diagnosis.NodeIdentifier, uploadUrl string, fileName string, tail string) (ctl.Action, error) { req := ctl.SendAgentDiagnosticLogsRequest{ - NodeId: nodeIdentifier.NodeId, + NodeID: nodeIdentifier.NodeId, NodeType: ctl.StringToResourceType(nodeIdentifier.NodeType), UploadURL: uploadUrl, Tail: tail, @@ -168,7 +168,7 @@ func GenerateAgentDiagnosticLogs(ctx context.Context, nodeIdentifiers []diagnosi MERGE (m:%s{node_id:$node_id}) MERGE (n)-[:SCHEDULEDLOGS]->(m)`, controls.ResourceTypeToNeo4j(controls.StringToResourceType(nodeIdentifier.NodeType))), map[string]interface{}{ - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "node_id": nodeIdentifier.NodeId, "action": string(b), "minio_file_name": fileName, diff --git a/deepfence_server/diagnosis/cloudscanner-diagnosis/cloudscanner_diagnosis.go b/deepfence_server/diagnosis/cloudscanner-diagnosis/cloudscanner_diagnosis.go index b9a6f4c028..703aa1ff00 100644 --- a/deepfence_server/diagnosis/cloudscanner-diagnosis/cloudscanner_diagnosis.go +++ b/deepfence_server/diagnosis/cloudscanner-diagnosis/cloudscanner_diagnosis.go @@ -45,8 +45,8 @@ func getInProgressCloudScannerNodeIds(ctx context.Context, nodeIdentifiers []dia RETURN n.node_id,a.status`, map[string]interface{}{ "node_ids": nodeIds, - "complete": utils.SCAN_STATUS_SUCCESS, - "failed": utils.SCAN_STATUS_FAILED}) + "complete": utils.ScanStatusSuccess, + "failed": utils.ScanStatusFailed}) if err != nil { return inProgressNodeIds, err } @@ -114,7 +114,7 @@ func GenerateCloudScannerDiagnosticLogs(ctx context.Context, nodeIdentifiers []d actionBuilder := func(nodeIdentifier diagnosis.NodeIdentifier, uploadUrl string, fileName string, tail string) (ctl.Action, error) { req := ctl.SendAgentDiagnosticLogsRequest{ - NodeId: nodeIdentifier.NodeId, + NodeID: nodeIdentifier.NodeId, NodeType: ctl.StringToResourceType(nodeIdentifier.NodeType), UploadURL: uploadUrl, Tail: tail, @@ -167,7 +167,7 @@ func GenerateCloudScannerDiagnosticLogs(ctx context.Context, nodeIdentifiers []d MERGE (m:%s{node_id:$node_id}) MERGE (n)-[:SCHEDULEDLOGS]->(m)`, controls.ResourceTypeToNeo4j(controls.StringToResourceType(nodeIdentifier.NodeType))), map[string]interface{}{ - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "node_id": nodeIdentifier.NodeId, "action": string(b), "minio_file_name": fileName, @@ -197,7 +197,7 @@ func GetQueuedCloudScannerDiagnosticLogs(ctx context.Context, nodeIDs []string) WHERE n.status = $status and n.node_id in $node_ids RETURN n.trigger_action ORDER BY n.updated_at ASC LIMIT 1`, - map[string]interface{}{"status": utils.SCAN_STATUS_STARTING, "node_ids": nodeIDs}) + map[string]interface{}{"status": utils.ScanStatusStarting, "node_ids": nodeIDs}) if err != nil { return ctl.Action{}, err diff --git a/deepfence_server/diagnosis/common.go b/deepfence_server/diagnosis/common.go index eb06ddc9b9..4fa1e1f867 100644 --- a/deepfence_server/diagnosis/common.go +++ b/deepfence_server/diagnosis/common.go @@ -176,7 +176,7 @@ func getAgentDiagnosticLogs(ctx context.Context, mc directory.FileManager, pathP } updatedAtTime := time.UnixMilli(updatedAt.(int64)) nodeIdToName[nodeId.(string)] = nodeName.(string) - if message.(string) == "" && status.(string) != utils.SCAN_STATUS_SUCCESS { + if message.(string) == "" && status.(string) != utils.ScanStatusSuccess { message = status.(string) } @@ -255,7 +255,7 @@ func getCloudScannerDiagnosticLogs(ctx context.Context, mc directory.FileManager } updatedAtTime := time.UnixMilli(updatedAt.(int64)) nodeIdToName[nodeId.(string)] = nodeName.(string) - if message.(string) == "" && status.(string) != utils.SCAN_STATUS_SUCCESS { + if message.(string) == "" && status.(string) != utils.ScanStatusSuccess { message = status.(string) } diff --git a/deepfence_server/handler/agent_controls.go b/deepfence_server/handler/agent_controls.go index 33d253cf59..e835cc66cf 100644 --- a/deepfence_server/handler/agent_controls.go +++ b/deepfence_server/handler/agent_controls.go @@ -143,7 +143,7 @@ func (h *Handler) ScheduleAgentPluginsEnable(w http.ResponseWriter, r *http.Requ } internal_req := ctl.EnableAgentPluginRequest{ - BinUrl: url, + BinURL: url, Version: agentUp.Version, PluginName: agentUp.PluginName, } diff --git a/deepfence_server/handler/agent_upload.go b/deepfence_server/handler/agent_upload.go index abef130622..2fe10c91f6 100644 --- a/deepfence_server/handler/agent_upload.go +++ b/deepfence_server/handler/agent_upload.go @@ -191,7 +191,7 @@ func ScheduleAutoUpgradeForPatchChanges(ctx context.Context, latest map[string]s AND v.node_id <> row.latest MERGE (vnew) -[:SCHEDULED{status: $status, retries: 0, trigger_action: row.action, updated_at: TIMESTAMP()}]-> (n)`, map[string]interface{}{ - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "batch": tags_to_ingest}); err != nil { return err } diff --git a/deepfence_server/handler/audit_log.go b/deepfence_server/handler/audit_log.go index 45acb1510a..6fe6648a42 100644 --- a/deepfence_server/handler/audit_log.go +++ b/deepfence_server/handler/audit_log.go @@ -19,10 +19,10 @@ import ( ) const ( - EVENT_COMPLIANCE_SCAN = string(utils.NEO4J_COMPLIANCE_SCAN) - EVENT_VULNERABILITY_SCAN = string(utils.NEO4J_VULNERABILITY_SCAN) - EVENT_SECRET_SCAN = string(utils.NEO4J_SECRET_SCAN) - EVENT_MALWARE_SCAN = string(utils.NEO4J_MALWARE_SCAN) + EVENT_COMPLIANCE_SCAN = string(utils.NEO4JComplianceScan) + EVENT_VULNERABILITY_SCAN = string(utils.NEO4JVulnerabilityScan) + EVENT_SECRET_SCAN = string(utils.NEO4JSecretScan) + EVENT_MALWARE_SCAN = string(utils.NEO4JMalwareScan) EVENT_INTEGRATION = "integration" EVENT_GENERATIVE_AI_INTEGRATION = "generative-ai-integration" EVENT_AUTH = "auth" @@ -152,7 +152,7 @@ func (h *Handler) AddAuditLog(namespace string, params postgresql_db.CreateAudit } h.IngestChan <- &kgo.Record{ - Topic: utils.AUDIT_LOGS, + Topic: utils.AuditLogs, Value: data, Headers: []kgo.RecordHeader{ {Key: "namespace", Value: []byte(namespace)}, diff --git a/deepfence_server/handler/cloud_node.go b/deepfence_server/handler/cloud_node.go index 258880da04..33d5980c8e 100644 --- a/deepfence_server/handler/cloud_node.go +++ b/deepfence_server/handler/cloud_node.go @@ -10,6 +10,7 @@ import ( ctl "github.com/deepfence/ThreatMapper/deepfence_utils/controls" cloudscanner_diagnosis "github.com/deepfence/ThreatMapper/deepfence_server/diagnosis/cloudscanner-diagnosis" + "github.com/deepfence/ThreatMapper/deepfence_server/model" reporters_scan "github.com/deepfence/ThreatMapper/deepfence_server/reporters/scan" "github.com/deepfence/ThreatMapper/deepfence_utils/directory" @@ -26,11 +27,12 @@ func (h *Handler) RegisterCloudNodeAccountCount(w http.ResponseWriter, r *http.R func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http.Request) { req, err := h.extractCloudNodeDetails(w, r) if err != nil { + log.Error().Msgf("Errored out extracting cloud node details error") h.complianceError(w, "Extract cloud node details error") return } - logrus.Debugf("Register Cloud Node Account Request: %+v", req) + log.Debug().Msgf("Register Cloud Node Account Request: %+v", req) var logRequestAction ctl.Action monitoredAccountIds := req.MonitoredAccountIds @@ -43,7 +45,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http doRefresh := "false" - logrus.Debugf("Monitored account ids count: %d", len(monitoredAccountIds)) + log.Debug().Msgf("Monitored account ids count: %d", len(monitoredAccountIds)) if len(monitoredAccountIds) != 0 { logrus.Debugf("More than 1 account to be monitored: %+v", monitoredAccountIds) if orgAccountId == "" { @@ -82,7 +84,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http h.complianceError(w, err.Error()) return } - pendingScansList, err := reporters_scan.GetCloudCompliancePendingScansList(ctx, utils.NEO4J_CLOUD_COMPLIANCE_SCAN, monitoredNodeId) + pendingScansList, err := reporters_scan.GetCloudCompliancePendingScansList(ctx, utils.NEO4JCloudComplianceScan, monitoredNodeId) if err != nil { continue } @@ -92,7 +94,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http log.Error().Msgf("Error getting controls for compliance type: %+v", scan.BenchmarkTypes) } stopRequested := false - if scan.Status == utils.SCAN_STATUS_CANCELLING { + if scan.Status == utils.ScanStatusCancelling { stopRequested = true } @@ -111,17 +113,17 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http log.Error().Msgf("Error getting queued cloudscanner diagnostic logs: %+v", err) } } else { - logrus.Debugf("Single account monitoring for node: %s", nodeId) + log.Debug().Msgf("Single account monitoring for node: %s", nodeId) node := map[string]interface{}{ "node_id": nodeId, "cloud_provider": req.CloudProvider, "node_name": req.CloudAccount, "version": req.Version, } - logrus.Debugf("Node for upsert: %+v", node) + log.Debug().Msgf("Node for upsert: %+v", node) err = model.UpsertCloudComplianceNode(ctx, node, "") if err != nil { - logrus.Infof("Error while upserting node: %+v", err) + log.Error().Msgf("Error while upserting node: %+v", err) h.complianceError(w, err.Error()) return } @@ -130,9 +132,8 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http if err != nil { log.Error().Msgf("Error getting queued cloudscanner diagnostic logs: %+v", err) } - pendingScansList, err := reporters_scan.GetCloudCompliancePendingScansList(ctx, utils.NEO4J_CLOUD_COMPLIANCE_SCAN, nodeId) + pendingScansList, err := reporters_scan.GetCloudCompliancePendingScansList(ctx, utils.NEO4JCloudComplianceScan, nodeId) if err != nil || len(pendingScansList.ScansInfo) == 0 { - logrus.Debugf("No pending scans found for node id: %s", nodeId) err = httpext.JSON(w, http.StatusOK, model.CloudNodeAccountRegisterResp{Data: model.CloudNodeAccountRegisterRespData{Scans: scanList, CloudtrailTrails: cloudtrailTrails, Refresh: doRefresh, LogAction: logRequestAction}}) @@ -148,7 +149,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http } stopRequested := false - if scan.Status == utils.SCAN_STATUS_CANCELLING { + if scan.Status == utils.ScanStatusCancelling { stopRequested = true } scanDetail := model.CloudComplianceScanDetails{ @@ -160,7 +161,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http } scanList[scan.ScanId] = scanDetail } - logrus.Debugf("Pending scans for node: %+v", scanList) + log.Debug().Msgf("Pending scans for node: %+v", scanList) } log.Debug().Msgf("Returning response: Scan List %+v cloudtrailTrails %+v Refresh %s", scanList, cloudtrailTrails, doRefresh) diff --git a/deepfence_server/handler/export_reports.go b/deepfence_server/handler/export_reports.go index be494a7abe..1edf183c82 100644 --- a/deepfence_server/handler/export_reports.go +++ b/deepfence_server/handler/export_reports.go @@ -88,7 +88,7 @@ func (h *Handler) DeleteReport(w http.ResponseWriter, r *http.Request) { } // skip report file delete, in case of error we don't save the file - if report.Status != utils.SCAN_STATUS_FAILED { + if report.Status != utils.ScanStatusFailed { err = mc.DeleteFile(r.Context(), report.StoragePath, false, minio.RemoveObjectOptions{ForceDelete: true}) if err != nil { h.respondError(err, w) @@ -299,7 +299,7 @@ func (h *Handler) GenerateReport(w http.ResponseWriter, r *http.Request) { vars := map[string]interface{}{ "type": req.ReportType, "uid": report_id, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "filters": req.Filters.String(), "duration": req.Duration, } diff --git a/deepfence_server/handler/scan_reports.go b/deepfence_server/handler/scan_reports.go index e8e5fa1d68..38e7953087 100644 --- a/deepfence_server/handler/scan_reports.go +++ b/deepfence_server/handler/scan_reports.go @@ -194,11 +194,11 @@ func StartScanActionBuilder(ctx context.Context, scanType ctl.ActionID, addition switch scanType { case ctl.StartVulnerabilityScan: - internal_req = ctl.StartVulnerabilityScanRequest{NodeId: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} + internal_req = ctl.StartVulnerabilityScanRequest{NodeID: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} case ctl.StartSecretScan: - internal_req = ctl.StartSecretScanRequest{NodeId: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} + internal_req = ctl.StartSecretScanRequest{NodeID: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} case ctl.StartMalwareScan: - internal_req = ctl.StartMalwareScanRequest{NodeId: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} + internal_req = ctl.StartMalwareScanRequest{NodeID: req.NodeId, NodeType: nodeTypeInternal, BinArgs: binArgs} } b, err := json.Marshal(internal_req) @@ -241,7 +241,7 @@ func (h *Handler) StartVulnerabilityScanHandler(w http.ResponseWriter, r *http.R actionBuilder := StartScanActionBuilder(r.Context(), ctl.StartVulnerabilityScan, binArgs) - scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4J_VULNERABILITY_SCAN, reqs.ScanTriggerCommon, actionBuilder) + scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4JVulnerabilityScan, reqs.ScanTriggerCommon, actionBuilder) if err != nil { if err.Error() == "Result contains no more records" { h.respondError(&noNodesMatchedInNeo4jError, w) @@ -269,7 +269,7 @@ func (h *Handler) DiffAddVulnerabilityScan(w http.ResponseWriter, r *http.Reques h.respondError(&BadDecoding{err}, w) } - new, err := reporters_scan.GetScanResultDiff[model.Vulnerability](r.Context(), utils.NEO4J_VULNERABILITY_SCAN, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) + new, err := reporters_scan.GetScanResultDiff[model.Vulnerability](r.Context(), utils.NEO4JVulnerabilityScan, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) if err != nil { h.respondError(err, w) return @@ -289,7 +289,7 @@ func (h *Handler) DiffAddSecretScan(w http.ResponseWriter, r *http.Request) { h.respondError(&BadDecoding{err}, w) } - new, err := reporters_scan.GetScanResultDiff[model.Secret](r.Context(), utils.NEO4J_SECRET_SCAN, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) + new, err := reporters_scan.GetScanResultDiff[model.Secret](r.Context(), utils.NEO4JSecretScan, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) if err != nil { h.respondError(err, w) return @@ -309,7 +309,7 @@ func (h *Handler) DiffAddComplianceScan(w http.ResponseWriter, r *http.Request) h.respondError(&BadDecoding{err}, w) } - new, err := reporters_scan.GetScanResultDiff[model.Compliance](r.Context(), utils.NEO4J_COMPLIANCE_SCAN, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) + new, err := reporters_scan.GetScanResultDiff[model.Compliance](r.Context(), utils.NEO4JComplianceScan, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) if err != nil { h.respondError(err, w) return @@ -329,7 +329,7 @@ func (h *Handler) DiffAddMalwareScan(w http.ResponseWriter, r *http.Request) { h.respondError(&BadDecoding{err}, w) } - new, err := reporters_scan.GetScanResultDiff[model.Malware](r.Context(), utils.NEO4J_MALWARE_SCAN, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) + new, err := reporters_scan.GetScanResultDiff[model.Malware](r.Context(), utils.NEO4JMalwareScan, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) if err != nil { h.respondError(err, w) return @@ -349,7 +349,7 @@ func (h *Handler) DiffAddCloudComplianceScan(w http.ResponseWriter, r *http.Requ h.respondError(&BadDecoding{err}, w) } - new, err := reporters_scan.GetScanResultDiff[model.CloudCompliance](r.Context(), utils.NEO4J_CLOUD_COMPLIANCE_SCAN, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) + new, err := reporters_scan.GetScanResultDiff[model.CloudCompliance](r.Context(), utils.NEO4JCloudComplianceScan, req.BaseScanID, req.ToScanID, req.FieldsFilter, req.Window) if err != nil { h.respondError(err, w) return @@ -371,7 +371,7 @@ func (h *Handler) StartSecretScanHandler(w http.ResponseWriter, r *http.Request) actionBuilder := StartScanActionBuilder(r.Context(), ctl.StartSecretScan, nil) - scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4J_SECRET_SCAN, reqs.ScanTriggerCommon, actionBuilder) + scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4JSecretScan, reqs.ScanTriggerCommon, actionBuilder) if err != nil { if err.Error() == "Result contains no more records" { h.respondError(&noNodesMatchedInNeo4jError, w) @@ -446,10 +446,10 @@ func (h *Handler) StartComplianceScanHandler(w http.ResponseWriter, r *http.Requ scanTrigger.NodeType == controls.ResourceTypeToString(controls.KubernetesCluster) || scanTrigger.NodeType == controls.ResourceTypeToString(controls.Host) { scanIds, bulkId, err = StartMultiCloudComplianceScan(ctx, nodes, reqs.BenchmarkTypes, reqs.IsPriority) - scanStatusType = utils.CLOUD_COMPLIANCE_SCAN_STATUS + scanStatusType = utils.CloudComplianceScanStatus } else { scanIds, bulkId, err = startMultiComplianceScan(ctx, nodes, reqs.BenchmarkTypes) - scanStatusType = utils.COMPLIANCE_SCAN_STATUS + scanStatusType = utils.ComplianceScanStatus } if err != nil { if err.Error() == "Result contains no more records" { @@ -462,7 +462,7 @@ func (h *Handler) StartComplianceScanHandler(w http.ResponseWriter, r *http.Requ } for _, i := range scanIds { - h.SendScanStatus(r.Context(), scanStatusType, NewScanStatus(i, utils.SCAN_STATUS_STARTING, "")) + h.SendScanStatus(r.Context(), scanStatusType, NewScanStatus(i, utils.ScanStatusStarting, "")) } if len(scanIds) == 0 { @@ -489,7 +489,7 @@ func (h *Handler) StartMalwareScanHandler(w http.ResponseWriter, r *http.Request actionBuilder := StartScanActionBuilder(r.Context(), ctl.StartMalwareScan, nil) - scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4J_MALWARE_SCAN, reqs.ScanTriggerCommon, actionBuilder) + scan_ids, bulkId, err := StartMultiScan(r.Context(), true, utils.NEO4JMalwareScan, reqs.ScanTriggerCommon, actionBuilder) if err != nil { if err.Error() == "Result contains no more records" { h.respondError(&noNodesMatchedInNeo4jError, w) @@ -616,7 +616,7 @@ func (h *Handler) IngestSbomHandler(w http.ResponseWriter, r *http.Request) { return } - if params.ScanId == "" { + if params.ScanID == "" { log.Error().Msgf("error scan id is empty, params: %+v", params) err = httpext.JSON(w, http.StatusBadRequest, model.ErrorResponse{Message: "scan_id is required to process sbom"}) @@ -633,7 +633,7 @@ func (h *Handler) IngestSbomHandler(w http.ResponseWriter, r *http.Request) { return } - sbomFile := path.Join("sbom", utils.ScanIdReplacer.Replace(params.ScanId)+".json.gz") + sbomFile := path.Join("sbom", utils.ScanIDReplacer.Replace(params.ScanID)+".json.gz") info, err := mc.UploadFile(r.Context(), sbomFile, b64, true, minio.PutObjectOptions{ContentType: "application/gzip"}) if err != nil { @@ -644,7 +644,7 @@ func (h *Handler) IngestSbomHandler(w http.ResponseWriter, r *http.Request) { // check if sbom has to be scanned if params.SkipScan { - log.Info().Msgf("skip sbom scan for id %s", params.ScanId) + log.Info().Msgf("skip sbom scan for id %s", params.ScanID) err = httpext.JSON(w, http.StatusOK, info) if err != nil { log.Error().Msgf("%v", err) @@ -675,7 +675,7 @@ func (h *Handler) IngestSbomHandler(w http.ResponseWriter, r *http.Request) { return } - log.Info().Msgf("scan_id: %s, minio file info: %+v", params.ScanId, info) + log.Info().Msgf("scan_id: %s, minio file info: %+v", params.ScanID, info) err = httpext.JSON(w, http.StatusOK, info) if err != nil { log.Error().Msgf("%v", err) @@ -799,7 +799,7 @@ func (h *Handler) stopScan(w http.ResponseWriter, r *http.Request, tag string) { if req.ScanType == "CloudComplianceScan" { tag = "StopCloudComplianceScan" - log.Info().Msgf("StopCloudComplianceScan request, type: %s, scan id: %v", + log.Info().Msgf("StopCloudComplianceScan request, tag: %v, type: %s, scan id: %v", tag, req.ScanType, req.ScanIds) err = reporters_scan.StopCloudComplianceScan(r.Context(), req.ScanIds) @@ -821,23 +821,23 @@ func (h *Handler) stopScan(w http.ResponseWriter, r *http.Request, tag string) { } func (h *Handler) StatusVulnerabilityScanHandler(w http.ResponseWriter, r *http.Request) { - h.statusScanHandler(w, r, utils.NEO4J_VULNERABILITY_SCAN) + h.statusScanHandler(w, r, utils.NEO4JVulnerabilityScan) } func (h *Handler) StatusSecretScanHandler(w http.ResponseWriter, r *http.Request) { - h.statusScanHandler(w, r, utils.NEO4J_SECRET_SCAN) + h.statusScanHandler(w, r, utils.NEO4JSecretScan) } func (h *Handler) StatusComplianceScanHandler(w http.ResponseWriter, r *http.Request) { - h.statusScanHandler(w, r, utils.NEO4J_COMPLIANCE_SCAN) + h.statusScanHandler(w, r, utils.NEO4JComplianceScan) } func (h *Handler) StatusMalwareScanHandler(w http.ResponseWriter, r *http.Request) { - h.statusScanHandler(w, r, utils.NEO4J_MALWARE_SCAN) + h.statusScanHandler(w, r, utils.NEO4JMalwareScan) } func (h *Handler) StatusCloudComplianceScanHandler(w http.ResponseWriter, r *http.Request) { - h.complianceStatusScanHandler(w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + h.complianceStatusScanHandler(w, r, utils.NEO4JCloudComplianceScan) } func (h *Handler) statusScanHandler(w http.ResponseWriter, r *http.Request, scan_type utils.Neo4jScanType) { @@ -857,7 +857,7 @@ func (h *Handler) statusScanHandler(w http.ResponseWriter, r *http.Request, scan statuses, err = reporters_scan.GetScanStatus(r.Context(), scan_type, req.ScanIds) } - if err == reporters.NotFoundErr { + if err == reporters.ErrNotFound { err = &NotFoundError{err} } @@ -903,23 +903,23 @@ func (h *Handler) complianceStatusScanHandler(w http.ResponseWriter, r *http.Req } func (h *Handler) ListVulnerabilityScansHandler(w http.ResponseWriter, r *http.Request) { - h.listScansHandler(w, r, utils.NEO4J_VULNERABILITY_SCAN) + h.listScansHandler(w, r, utils.NEO4JVulnerabilityScan) } func (h *Handler) ListSecretScansHandler(w http.ResponseWriter, r *http.Request) { - h.listScansHandler(w, r, utils.NEO4J_SECRET_SCAN) + h.listScansHandler(w, r, utils.NEO4JSecretScan) } func (h *Handler) ListComplianceScansHandler(w http.ResponseWriter, r *http.Request) { - h.listScansHandler(w, r, utils.NEO4J_COMPLIANCE_SCAN) + h.listScansHandler(w, r, utils.NEO4JComplianceScan) } func (h *Handler) ListMalwareScansHandler(w http.ResponseWriter, r *http.Request) { - h.listScansHandler(w, r, utils.NEO4J_MALWARE_SCAN) + h.listScansHandler(w, r, utils.NEO4JMalwareScan) } func (h *Handler) ListCloudComplianceScansHandler(w http.ResponseWriter, r *http.Request) { - h.listScansHandler(w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + h.listScansHandler(w, r, utils.NEO4JCloudComplianceScan) } func (h *Handler) listScansHandler(w http.ResponseWriter, r *http.Request, scan_type utils.Neo4jScanType) { @@ -933,7 +933,7 @@ func (h *Handler) listScansHandler(w http.ResponseWriter, r *http.Request, scan_ } infos, err := reporters_scan.GetScansList(r.Context(), scan_type, req.NodeIds, req.FieldsFilter, req.Window) - if err == reporters.NotFoundErr { + if err == reporters.ErrNotFound { err = &NotFoundError{err} } @@ -1016,12 +1016,12 @@ func (h *Handler) GetScanReportFields(w http.ResponseWriter, r *http.Request) { } func (h *Handler) ListVulnerabilityScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, common, err := listScanResultsHandler[model.Vulnerability](w, r, utils.NEO4J_VULNERABILITY_SCAN) + entries, common, err := listScanResultsHandler[model.Vulnerability](w, r, utils.NEO4JVulnerabilityScan) if err != nil { h.respondError(err, w) return } - counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4J_VULNERABILITY_SCAN, common.ScanID) + counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4JVulnerabilityScan, common.ScanID) if err != nil { log.Error().Err(err).Msg("Counts computation issue") } @@ -1034,13 +1034,13 @@ func (h *Handler) ListVulnerabilityScanResultsHandler(w http.ResponseWriter, r * } func (h *Handler) ListSecretScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, common, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4J_SECRET_SCAN) + entries, common, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4JSecretScan) if err != nil { h.respondError(err, w) return } - counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4J_SECRET_SCAN, common.ScanID) + counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4JSecretScan, common.ScanID) if err != nil { log.Error().Err(err).Msg("Counts computation issue") } @@ -1053,7 +1053,7 @@ func (h *Handler) ListSecretScanResultsHandler(w http.ResponseWriter, r *http.Re } func (h *Handler) ListSecretScanResultRulesHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4J_SECRET_SCAN) + entries, _, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4JSecretScan) if err != nil { h.respondError(err, w) return @@ -1071,12 +1071,12 @@ func (h *Handler) ListSecretScanResultRulesHandler(w http.ResponseWriter, r *htt } func (h *Handler) ListComplianceScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, common, err := listScanResultsHandler[model.Compliance](w, r, utils.NEO4J_COMPLIANCE_SCAN) + entries, common, err := listScanResultsHandler[model.Compliance](w, r, utils.NEO4JComplianceScan) if err != nil { h.respondError(err, w) return } - additionalInfo, err := reporters_scan.GetCloudComplianceStats(r.Context(), common.ScanID, utils.NEO4J_COMPLIANCE_SCAN) + additionalInfo, err := reporters_scan.GetCloudComplianceStats(r.Context(), common.ScanID, utils.NEO4JComplianceScan) if err != nil { log.Error().Err(err).Msg("Counts computation issue") } @@ -1089,13 +1089,13 @@ func (h *Handler) ListComplianceScanResultsHandler(w http.ResponseWriter, r *htt } func (h *Handler) ListMalwareScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, common, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4J_MALWARE_SCAN) + entries, common, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4JMalwareScan) if err != nil { h.respondError(err, w) return } - counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4J_MALWARE_SCAN, common.ScanID) + counts, err := reporters_scan.GetSevCounts(r.Context(), utils.NEO4JMalwareScan, common.ScanID) if err != nil { log.Error().Err(err).Msg("Counts computation issue") } @@ -1107,7 +1107,7 @@ func (h *Handler) ListMalwareScanResultsHandler(w http.ResponseWriter, r *http.R } func (h *Handler) ListMalwareScanResultRulesHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4J_MALWARE_SCAN) + entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4JMalwareScan) if err != nil { h.respondError(err, w) return @@ -1125,7 +1125,7 @@ func (h *Handler) ListMalwareScanResultRulesHandler(w http.ResponseWriter, r *ht } func (h *Handler) ListMalwareScanResultClassHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4J_MALWARE_SCAN) + entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4JMalwareScan) if err != nil { h.respondError(err, w) return @@ -1143,13 +1143,13 @@ func (h *Handler) ListMalwareScanResultClassHandler(w http.ResponseWriter, r *ht } func (h *Handler) ListCloudComplianceScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, common, err := listScanResultsHandler[model.CloudCompliance](w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + entries, common, err := listScanResultsHandler[model.CloudCompliance](w, r, utils.NEO4JCloudComplianceScan) if err != nil { h.respondError(err, w) return } - additionalInfo, err := reporters_scan.GetCloudComplianceStats(r.Context(), common.ScanID, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + additionalInfo, err := reporters_scan.GetCloudComplianceStats(r.Context(), common.ScanID, utils.NEO4JCloudComplianceScan) if err != nil { log.Error().Err(err).Msg("Counts computation issue") } @@ -1162,7 +1162,7 @@ func (h *Handler) ListCloudComplianceScanResultsHandler(w http.ResponseWriter, r } func (h *Handler) CountVulnerabilityScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Vulnerability](w, r, utils.NEO4J_VULNERABILITY_SCAN) + entries, _, err := listScanResultsHandler[model.Vulnerability](w, r, utils.NEO4JVulnerabilityScan) if err != nil { h.respondError(err, w) return @@ -1177,7 +1177,7 @@ func (h *Handler) CountVulnerabilityScanResultsHandler(w http.ResponseWriter, r } func (h *Handler) CountSecretScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4J_SECRET_SCAN) + entries, _, err := listScanResultsHandler[model.Secret](w, r, utils.NEO4JSecretScan) if err != nil { h.respondError(err, w) return @@ -1192,7 +1192,7 @@ func (h *Handler) CountSecretScanResultsHandler(w http.ResponseWriter, r *http.R } func (h *Handler) CountComplianceScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Compliance](w, r, utils.NEO4J_COMPLIANCE_SCAN) + entries, _, err := listScanResultsHandler[model.Compliance](w, r, utils.NEO4JComplianceScan) if err != nil { h.respondError(err, w) return @@ -1207,7 +1207,7 @@ func (h *Handler) CountComplianceScanResultsHandler(w http.ResponseWriter, r *ht } func (h *Handler) CountMalwareScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4J_MALWARE_SCAN) + entries, _, err := listScanResultsHandler[model.Malware](w, r, utils.NEO4JMalwareScan) if err != nil { h.respondError(err, w) return @@ -1222,7 +1222,7 @@ func (h *Handler) CountMalwareScanResultsHandler(w http.ResponseWriter, r *http. } func (h *Handler) CountCloudComplianceScanResultsHandler(w http.ResponseWriter, r *http.Request) { - entries, _, err := listScanResultsHandler[model.CloudCompliance](w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + entries, _, err := listScanResultsHandler[model.CloudCompliance](w, r, utils.NEO4JCloudComplianceScan) if err != nil { h.respondError(err, w) return @@ -1401,7 +1401,7 @@ func (h *Handler) CloudComplianceFiltersHandler(w http.ResponseWriter, r *http.R log.Error().Msgf("%v", err) h.respondError(err, w) } - res, err := reporters_scan.GetFilters(r.Context(), req.Having, utils.ScanTypeDetectedNode[utils.NEO4J_CLOUD_COMPLIANCE_SCAN], req.RequiredFilters) + res, err := reporters_scan.GetFilters(r.Context(), req.Having, utils.ScanTypeDetectedNode[utils.NEO4JCloudComplianceScan], req.RequiredFilters) if err != nil { log.Error().Msgf("%v", err) h.respondError(err, w) @@ -1420,7 +1420,7 @@ func (h *Handler) ComplianceFiltersHandler(w http.ResponseWriter, r *http.Reques log.Error().Msgf("%v", err) h.respondError(err, w) } - res, err := reporters_scan.GetFilters(r.Context(), req.Having, utils.ScanTypeDetectedNode[utils.NEO4J_COMPLIANCE_SCAN], req.RequiredFilters) + res, err := reporters_scan.GetFilters(r.Context(), req.Having, utils.ScanTypeDetectedNode[utils.NEO4JComplianceScan], req.RequiredFilters) if err != nil { log.Error().Msgf("%v", err) h.respondError(err, w) @@ -1522,7 +1522,7 @@ func (h *Handler) scanResultActionHandler(w http.ResponseWriter, r *http.Request switch action { case "delete": err = reporters_scan.DeleteScan(r.Context(), utils.Neo4jScanType(req.ScanType), req.ScanID, req.ResultIDs) - if req.ScanType == string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) { + if req.ScanType == string(utils.NEO4JCloudComplianceScan) { err := h.CachePostureProviders(r.Context()) if err != nil { h.respondError(err, w) @@ -1657,7 +1657,7 @@ func (h *Handler) scanIdActionHandler(w http.ResponseWriter, r *http.Request, ac h.respondError(err, w) } w.Header().Set("Content-Disposition", - "attachment; filename="+strconv.Quote(utils.ScanIdReplacer.Replace(req.ScanID)+".json")) + "attachment; filename="+strconv.Quote(utils.ScanIDReplacer.Replace(req.ScanID)+".json")) w.Header().Set("Content-Type", "application/octet-stream") w.WriteHeader(http.StatusOK) _, err = w.Write(data) @@ -1672,7 +1672,7 @@ func (h *Handler) scanIdActionHandler(w http.ResponseWriter, r *http.Request, ac h.respondError(err, w) return } - if req.ScanType == string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) { + if req.ScanType == string(utils.NEO4JCloudComplianceScan) { err := h.CachePostureProviders(r.Context()) if err != nil { h.respondError(err, w) @@ -1782,7 +1782,7 @@ func (h *Handler) sbomHandler(w http.ResponseWriter, r *http.Request, action str switch action { case "get": sbom := make([]model.SbomResponse, 0) - runtimeSbom := path.Join("/sbom", "runtime-"+utils.ScanIdReplacer.Replace(req.ScanID)+".json") + runtimeSbom := path.Join("/sbom", "runtime-"+utils.ScanIDReplacer.Replace(req.ScanID)+".json") buff, err := mc.DownloadFileContexts(r.Context(), runtimeSbom, minio.GetObjectOptions{}) if err != nil { log.Error().Msg(err.Error()) @@ -1800,10 +1800,10 @@ func (h *Handler) sbomHandler(w http.ResponseWriter, r *http.Request, action str } case "download": resp := model.DownloadReportResponse{} - sbomFile := path.Join("/sbom", utils.ScanIdReplacer.Replace(req.ScanID)+".json.gz") + sbomFile := path.Join("/sbom", utils.ScanIDReplacer.Replace(req.ScanID)+".json.gz") cd := url.Values{ "response-content-disposition": []string{ - "attachment; filename=" + strconv.Quote(utils.ScanIdReplacer.Replace(req.ScanID)+".json.gz")}, + "attachment; filename=" + strconv.Quote(utils.ScanIDReplacer.Replace(req.ScanID)+".json.gz")}, } url, err := mc.ExposeFile(r.Context(), sbomFile, true, DownloadReportUrlExpiry, cd) if err != nil { @@ -2230,9 +2230,9 @@ func StartMultiCloudComplianceScan(ctx context.Context, reqs []model.NodeIdentif } bulkId := bulkScanId() - scanType := utils.NEO4J_CLOUD_COMPLIANCE_SCAN + scanType := utils.NEO4JCloudComplianceScan if reqs[0].NodeType == controls.ResourceTypeToString(controls.KubernetesCluster) || reqs[0].NodeType == controls.ResourceTypeToString(controls.Host) { - scanType = utils.NEO4J_COMPLIANCE_SCAN + scanType = utils.NEO4JComplianceScan } err = ingesters.AddBulkScan(ingesters.WriteDBTransaction{Tx: tx}, scanType, bulkId, scanIds) if err != nil { diff --git a/deepfence_server/handler/search_reports.go b/deepfence_server/handler/search_reports.go index a76b9adb19..8b3a0b15f5 100644 --- a/deepfence_server/handler/search_reports.go +++ b/deepfence_server/handler/search_reports.go @@ -201,23 +201,23 @@ func (h *Handler) SearchVulnerabilityRules(w http.ResponseWriter, r *http.Reques } func (h *Handler) SearchVulnerabilityScans(w http.ResponseWriter, r *http.Request) { - h.SearchScans(w, r, utils.NEO4J_VULNERABILITY_SCAN) + h.SearchScans(w, r, utils.NEO4JVulnerabilityScan) } func (h *Handler) SearchSecretScans(w http.ResponseWriter, r *http.Request) { - h.SearchScans(w, r, utils.NEO4J_SECRET_SCAN) + h.SearchScans(w, r, utils.NEO4JSecretScan) } func (h *Handler) SearchMalwareScans(w http.ResponseWriter, r *http.Request) { - h.SearchScans(w, r, utils.NEO4J_MALWARE_SCAN) + h.SearchScans(w, r, utils.NEO4JMalwareScan) } func (h *Handler) SearchComplianceScans(w http.ResponseWriter, r *http.Request) { - h.SearchScans(w, r, utils.NEO4J_COMPLIANCE_SCAN) + h.SearchScans(w, r, utils.NEO4JComplianceScan) } func (h *Handler) SearchCloudComplianceScans(w http.ResponseWriter, r *http.Request) { - h.SearchScans(w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + h.SearchScans(w, r, utils.NEO4JCloudComplianceScan) } func (h *Handler) SearchCloudNodes(w http.ResponseWriter, r *http.Request) { @@ -293,23 +293,23 @@ func (h *Handler) SearchVulnerabilityRulesCount(w http.ResponseWriter, r *http.R } func (h *Handler) SearchVulnerabilityScansCount(w http.ResponseWriter, r *http.Request) { - h.SearchScansCount(w, r, utils.NEO4J_VULNERABILITY_SCAN) + h.SearchScansCount(w, r, utils.NEO4JVulnerabilityScan) } func (h *Handler) SearchSecretScansCount(w http.ResponseWriter, r *http.Request) { - h.SearchScansCount(w, r, utils.NEO4J_SECRET_SCAN) + h.SearchScansCount(w, r, utils.NEO4JSecretScan) } func (h *Handler) SearchMalwareScansCount(w http.ResponseWriter, r *http.Request) { - h.SearchScansCount(w, r, utils.NEO4J_MALWARE_SCAN) + h.SearchScansCount(w, r, utils.NEO4JMalwareScan) } func (h *Handler) SearchComplianceScansCount(w http.ResponseWriter, r *http.Request) { - h.SearchScansCount(w, r, utils.NEO4J_COMPLIANCE_SCAN) + h.SearchScansCount(w, r, utils.NEO4JComplianceScan) } func (h *Handler) SearchCloudComplianceScansCount(w http.ResponseWriter, r *http.Request) { - h.SearchScansCount(w, r, utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + h.SearchScansCount(w, r, utils.NEO4JCloudComplianceScan) } func (h *Handler) SearchScans(w http.ResponseWriter, r *http.Request, scan_type utils.Neo4jScanType) { diff --git a/deepfence_server/ingesters/cloud_compliance_ingester.go b/deepfence_server/ingesters/cloud_compliance_ingester.go index a9cf39fdb4..44fc8be707 100644 --- a/deepfence_server/ingesters/cloud_compliance_ingester.go +++ b/deepfence_server/ingesters/cloud_compliance_ingester.go @@ -38,7 +38,7 @@ func (tc *CloudComplianceIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.CLOUD_COMPLIANCE_SCAN, + Topic: utils.CloudComplianceScan, Value: cb, Headers: rh, } @@ -75,7 +75,7 @@ func (tc *CloudComplianceScanStatusIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.CLOUD_COMPLIANCE_SCAN_STATUS, + Topic: utils.CloudComplianceScanStatus, Value: cb, Headers: rh, } diff --git a/deepfence_server/ingesters/cloud_resource_ingester.go b/deepfence_server/ingesters/cloud_resource_ingester.go index fd1a08af00..c67ccd0eff 100644 --- a/deepfence_server/ingesters/cloud_resource_ingester.go +++ b/deepfence_server/ingesters/cloud_resource_ingester.go @@ -38,7 +38,7 @@ func (tc *CloudResourceIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.CLOUD_RESOURCE, + Topic: utils.CloudResource, Value: cb, Headers: rh, } diff --git a/deepfence_server/ingesters/compliance_ingester.go b/deepfence_server/ingesters/compliance_ingester.go index a9e7ca2005..a7abc631ed 100644 --- a/deepfence_server/ingesters/compliance_ingester.go +++ b/deepfence_server/ingesters/compliance_ingester.go @@ -37,7 +37,7 @@ func (tc *ComplianceIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.COMPLIANCE_SCAN, + Topic: utils.ComplianceScan, Value: cb, Headers: rh, } @@ -73,7 +73,7 @@ func (tc *ComplianceScanStatusIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.COMPLIANCE_SCAN_STATUS, + Topic: utils.ComplianceScanStatus, Value: cb, Headers: rh, } diff --git a/deepfence_server/ingesters/malware_ingester.go b/deepfence_server/ingesters/malware_ingester.go index ed95d353dd..3379c98424 100644 --- a/deepfence_server/ingesters/malware_ingester.go +++ b/deepfence_server/ingesters/malware_ingester.go @@ -37,7 +37,7 @@ func (tc *MalwareIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.MALWARE_SCAN, + Topic: utils.MalwareScan, Value: cb, Headers: rh, } @@ -73,7 +73,7 @@ func (tc *MalwareScanStatusIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.MALWARE_SCAN_STATUS, + Topic: utils.MalwareScanStatus, Value: cb, Headers: rh, } diff --git a/deepfence_server/ingesters/scan_status.go b/deepfence_server/ingesters/scan_status.go index 6a670c3a6c..1a4342f98c 100644 --- a/deepfence_server/ingesters/scan_status.go +++ b/deepfence_server/ingesters/scan_status.go @@ -96,9 +96,9 @@ func AddNewScan(tx WriteDBTransaction, RETURN n.node_id, m.agent_running`, controls.ResourceTypeToNeo4j(node_type), scan_type), map[string]interface{}{ "node_id": node_id, - "complete": utils.SCAN_STATUS_SUCCESS, - "failed": utils.SCAN_STATUS_FAILED, - "cancelled": utils.SCAN_STATUS_CANCELLED}) + "complete": utils.ScanStatusSuccess, + "failed": utils.ScanStatusFailed, + "cancelled": utils.ScanStatusCancelled}) if err != nil { return err } @@ -134,14 +134,14 @@ func AddNewScan(tx WriteDBTransaction, MERGE (n)-[:SCANNED]->(m)`, scan_type, controls.ResourceTypeToNeo4j(node_type)), map[string]interface{}{ "scan_id": scan_id, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "node_id": node_id, "action": string(b), "is_priority": isPriority}); err != nil { return err } - latestScanIDFieldName := ingestersUtil.LatestScanIdField[scan_type] + latestScanIDFieldName := ingestersUtil.LatestScanIDField[scan_type] scanStatusFieldName := ingestersUtil.ScanStatusField[scan_type] if _, err = tx.Run(fmt.Sprintf(` @@ -155,7 +155,7 @@ func AddNewScan(tx WriteDBTransaction, scan_type, scanStatusFieldName, latestScanIDFieldName), map[string]interface{}{ "scan_id": scan_id, - "status": utils.SCAN_STATUS_STARTING}); err != nil { + "status": utils.ScanStatusStarting}); err != nil { return err } @@ -196,7 +196,7 @@ func AddNewScan(tx WriteDBTransaction, if _, err = tx.Run(fmt.Sprintf(podQuery, scanStatusFieldName), map[string]interface{}{ "node_id": node_id, - "status": utils.SCAN_STATUS_STARTING}); err != nil { + "status": utils.ScanStatusStarting}); err != nil { return err } case controls.Image: @@ -227,13 +227,13 @@ func AddNewCloudComplianceScan(tx WriteDBTransaction, isPriority bool) error { neo4jNodeType := "CloudNode" - scanType := utils.NEO4J_CLOUD_COMPLIANCE_SCAN + scanType := utils.NEO4JCloudComplianceScan if nodeType == controls.ResourceTypeToString(controls.KubernetesCluster) { neo4jNodeType = "KubernetesCluster" - scanType = utils.NEO4J_COMPLIANCE_SCAN + scanType = utils.NEO4JComplianceScan } else if nodeType == controls.ResourceTypeToString(controls.Host) { neo4jNodeType = "Node" - scanType = utils.NEO4J_COMPLIANCE_SCAN + scanType = utils.NEO4JComplianceScan } res, err := tx.Run(fmt.Sprintf(` OPTIONAL MATCH (n:%s{node_id:$node_id}) @@ -272,9 +272,9 @@ func AddNewCloudComplianceScan(tx WriteDBTransaction, RETURN n.node_id, m.agent_running`, neo4jNodeType, scanType), map[string]interface{}{ "node_id": nodeId, - "complete": utils.SCAN_STATUS_SUCCESS, - "failed": utils.SCAN_STATUS_FAILED, - "cancelled": utils.SCAN_STATUS_CANCELLED, + "complete": utils.ScanStatusSuccess, + "failed": utils.ScanStatusFailed, + "cancelled": utils.ScanStatusCancelled, "benchmark_types": benchmarkTypes, }) if err != nil { @@ -305,7 +305,7 @@ func AddNewCloudComplianceScan(tx WriteDBTransaction, nt = ctl.Host } internalReq, _ := json.Marshal(ctl.StartComplianceScanRequest{ - NodeId: nodeId, + NodeID: nodeId, NodeType: nt, BinArgs: map[string]string{"scan_id": scanId, "benchmark_types": strings.Join(benchmarkTypes, ",")}, }) @@ -319,7 +319,7 @@ MERGE (n:%s{node_id: $scan_id, status: $status, status_message: "", retries: 0, MERGE (n)-[:SCANNED]->(m)`, scanType, neo4jNodeType), map[string]interface{}{ "scan_id": scanId, - "status": utils.SCAN_STATUS_STARTING, + "status": utils.ScanStatusStarting, "node_id": nodeId, "benchmark_types": benchmarkTypes, "action": string(action), @@ -328,7 +328,7 @@ MERGE (n:%s{node_id: $scan_id, status: $status, status_message: "", retries: 0, return err } - latestScanIDFieldName := ingestersUtil.LatestScanIdField[scanType] + latestScanIDFieldName := ingestersUtil.LatestScanIDField[scanType] scanStatusFieldName := ingestersUtil.ScanStatusField[scanType] if _, err = tx.Run(fmt.Sprintf(` @@ -342,7 +342,7 @@ MERGE (n:%s{node_id: $scan_id, status: $status, status_message: "", retries: 0, scanType, scanStatusFieldName, latestScanIDFieldName), map[string]interface{}{ "scan_id": scanId, - "status": utils.SCAN_STATUS_STARTING}); err != nil { + "status": utils.ScanStatusStarting}); err != nil { return err } diff --git a/deepfence_server/ingesters/secret_ingester.go b/deepfence_server/ingesters/secret_ingester.go index a7895bec85..14222c6ee6 100644 --- a/deepfence_server/ingesters/secret_ingester.go +++ b/deepfence_server/ingesters/secret_ingester.go @@ -37,7 +37,7 @@ func (tc *SecretIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.SECRET_SCAN, + Topic: utils.SecretScan, Value: cb, Headers: rh, } @@ -73,7 +73,7 @@ func (tc *SecretScanStatusIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.SECRET_SCAN_STATUS, + Topic: utils.SecretScanStatus, Value: cb, Headers: rh, } diff --git a/deepfence_server/ingesters/vulnerability_ingester.go b/deepfence_server/ingesters/vulnerability_ingester.go index 956aca180f..7e29d09184 100644 --- a/deepfence_server/ingesters/vulnerability_ingester.go +++ b/deepfence_server/ingesters/vulnerability_ingester.go @@ -38,7 +38,7 @@ func (tc *VulnerabilityIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.VULNERABILITY_SCAN, + Topic: utils.VulnerabilityScan, Value: cb, Headers: rh, } @@ -74,7 +74,7 @@ func (tc *VulnerabilityStatusIngester) Ingest( log.Error().Msg(err.Error()) } else { ingestC <- &kgo.Record{ - Topic: utils.VULNERABILITY_SCAN_STATUS, + Topic: utils.VulnerabilityScanStatus, Value: cb, Headers: rh, } diff --git a/deepfence_server/model/cloud_node.go b/deepfence_server/model/cloud_node.go index 738d5b651f..9e3d8df6e2 100644 --- a/deepfence_server/model/cloud_node.go +++ b/deepfence_server/model/cloud_node.go @@ -94,11 +94,11 @@ func (CloudNodeAccountInfo) ExtendedField() string { func (v CloudNodeAccountInfo) ScanType() utils.Neo4jScanType { switch v.CloudProvider { case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg: - return utils.NEO4J_CLOUD_COMPLIANCE_SCAN + return utils.NEO4JCloudComplianceScan case PostureProviderKubernetes, PostureProviderLinux: - return utils.NEO4J_COMPLIANCE_SCAN + return utils.NEO4JComplianceScan default: - return utils.NEO4J_CLOUD_COMPLIANCE_SCAN + return utils.NEO4JCloudComplianceScan } } diff --git a/deepfence_server/model/registry.go b/deepfence_server/model/registry.go index 013fdb1aa7..dab5aafdc8 100644 --- a/deepfence_server/model/registry.go +++ b/deepfence_server/model/registry.go @@ -576,7 +576,7 @@ func toScansCount(scans []interface{}) Summary { counts.ScansTotal++ l := n.(string) switch l { - case utils.SCAN_STATUS_SUCCESS, utils.SCAN_STATUS_FAILED: + case utils.ScanStatusSuccess, utils.ScanStatusFailed: counts.ScansComplete++ default: counts.ScansInProgress++ @@ -639,7 +639,7 @@ func RegistrySummary(ctx context.Context, registryId mo.Option[string], registry ) if regId, ok := registryId.Get(); ok { if result, err = tx.Run(queryPerRegistry, map[string]interface{}{"id": regId}); err != nil { - log.Error().Err(err).Msgf("failed to query summary for registry id %d", regId) + log.Error().Err(err).Msgf("failed to query summary for registry id %v", regId) return count, err } } else if regType, ok := registryType.Get(); ok { diff --git a/deepfence_server/model/scans.go b/deepfence_server/model/scans.go index b20f1138ee..b2b0434159 100644 --- a/deepfence_server/model/scans.go +++ b/deepfence_server/model/scans.go @@ -91,9 +91,9 @@ type ComplianceScanInfo struct { } const ( - SCAN_STATUS_SUCCESS = utils.SCAN_STATUS_SUCCESS - SCAN_STATUS_STARTING = utils.SCAN_STATUS_STARTING - SCAN_STATUS_INPROGRESS = utils.SCAN_STATUS_INPROGRESS + SCAN_STATUS_SUCCESS = utils.ScanStatusSuccess + SCAN_STATUS_STARTING = utils.ScanStatusStarting + SCAN_STATUS_INPROGRESS = utils.ScanStatusInProgress ) type ScanTriggerResp struct { diff --git a/deepfence_server/model/scheduled_tasks.go b/deepfence_server/model/scheduled_tasks.go index 71a2c23a47..6ab492c29b 100644 --- a/deepfence_server/model/scheduled_tasks.go +++ b/deepfence_server/model/scheduled_tasks.go @@ -137,14 +137,14 @@ func InitializeScheduledTasks(ctx context.Context, pgClient *postgresqlDb.Querie for _, nodeType := range []string{utils.NodeTypeHost, utils.NodeTypeContainer} { payload := map[string]string{"node_type": nodeType} - scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.VULNERABILITY_SCAN, "payload": payload, "cron": VULNERABILITY_SCAN_CRON}) + scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.VulnerabilityScan, "payload": payload, "cron": VULNERABILITY_SCAN_CRON}) if utils.InSlice(utils.GenerateHashFromString(string(scheduleStr)), jobHashes) { continue } payloadJson, _ := json.Marshal(payload) _, err = pgClient.CreateSchedule(ctx, postgresqlDb.CreateScheduleParams{ - Action: utils.VULNERABILITY_SCAN, + Action: utils.VulnerabilityScan, Description: fmt.Sprintf("Vulnerability scan on all %ss", nodeTypeLabels[nodeType]), CronExpr: VULNERABILITY_SCAN_CRON, Payload: payloadJson, @@ -160,14 +160,14 @@ func InitializeScheduledTasks(ctx context.Context, pgClient *postgresqlDb.Querie for _, nodeType := range []string{utils.NodeTypeHost, utils.NodeTypeContainer} { payload := map[string]string{"node_type": nodeType} - scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.SECRET_SCAN, "payload": payload, "cron": SECRET_SCAN_CRON}) + scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.SecretScan, "payload": payload, "cron": SECRET_SCAN_CRON}) if utils.InSlice(utils.GenerateHashFromString(string(scheduleStr)), jobHashes) { continue } payloadJson, _ := json.Marshal(payload) _, err = pgClient.CreateSchedule(ctx, postgresqlDb.CreateScheduleParams{ - Action: utils.SECRET_SCAN, + Action: utils.SecretScan, Description: fmt.Sprintf("Secret scan on all %ss", nodeTypeLabels[nodeType]), CronExpr: SECRET_SCAN_CRON, Payload: payloadJson, @@ -183,14 +183,14 @@ func InitializeScheduledTasks(ctx context.Context, pgClient *postgresqlDb.Querie for _, nodeType := range []string{utils.NodeTypeHost, utils.NodeTypeContainer} { payload := map[string]string{"node_type": nodeType} - scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.MALWARE_SCAN, "payload": payload, "cron": MALWARE_SCAN_CRON}) + scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.MalwareScan, "payload": payload, "cron": MALWARE_SCAN_CRON}) if utils.InSlice(utils.GenerateHashFromString(string(scheduleStr)), jobHashes) { continue } payloadJson, _ := json.Marshal(payload) _, err = pgClient.CreateSchedule(ctx, postgresqlDb.CreateScheduleParams{ - Action: utils.MALWARE_SCAN, + Action: utils.MalwareScan, Description: fmt.Sprintf("Malware scan on all %ss", nodeTypeLabels[nodeType]), CronExpr: MALWARE_SCAN_CRON, Payload: payloadJson, @@ -206,14 +206,14 @@ func InitializeScheduledTasks(ctx context.Context, pgClient *postgresqlDb.Querie for _, nodeType := range []string{utils.NodeTypeHost, utils.NodeTypeKubernetesCluster} { payload := map[string]string{"node_type": nodeType} - scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.COMPLIANCE_SCAN, "payload": payload, "cron": COMPLIANCE_SCAN_CRON}) + scheduleStr, _ := json.Marshal(map[string]interface{}{"action": utils.ComplianceScan, "payload": payload, "cron": COMPLIANCE_SCAN_CRON}) if utils.InSlice(utils.GenerateHashFromString(string(scheduleStr)), jobHashes) { continue } payloadJson, _ := json.Marshal(payload) _, err = pgClient.CreateSchedule(ctx, postgresqlDb.CreateScheduleParams{ - Action: utils.COMPLIANCE_SCAN, + Action: utils.ComplianceScan, Description: fmt.Sprintf("Compliance scan on all %ss", nodeTypeLabels[nodeType]), CronExpr: COMPLIANCE_SCAN_CRON, Payload: payloadJson, diff --git a/deepfence_server/pkg/integration/aws-security-hub/awssecurityhub.go b/deepfence_server/pkg/integration/aws-security-hub/awssecurityhub.go index fd8fc8bb4a..642a8b3540 100644 --- a/deepfence_server/pkg/integration/aws-security-hub/awssecurityhub.go +++ b/deepfence_server/pkg/integration/aws-security-hub/awssecurityhub.go @@ -129,9 +129,9 @@ func (a AwsSecurityHub) SendNotification(ctx context.Context, message string, ex } func getResource(ctx context.Context, scanType, scanID, region, accountID string) ([]*securityhub.Resource, error) { - if scanType == utils.ScanTypeDetectedNode[utils.NEO4J_VULNERABILITY_SCAN] { + if scanType == utils.ScanTypeDetectedNode[utils.NEO4JVulnerabilityScan] { return getResourceForVulnerability(ctx, scanID, region, accountID) - } else if scanType == utils.ScanTypeDetectedNode[utils.NEO4J_COMPLIANCE_SCAN] { + } else if scanType == utils.ScanTypeDetectedNode[utils.NEO4JComplianceScan] { return getResourceForCompliance(ctx, scanID, region, accountID) } return nil, fmt.Errorf("not aws") @@ -282,7 +282,7 @@ func getResourceForCompliance(ctx context.Context, scanID, region, accountID str func (a AwsSecurityHub) mapPayloadToFindings(msg []map[string]interface{}, resource []*securityhub.Resource, accountID string) *securityhub.BatchImportFindingsInput { findings := securityhub.BatchImportFindingsInput{} - if a.Resource == utils.ScanTypeDetectedNode[utils.NEO4J_VULNERABILITY_SCAN] { + if a.Resource == utils.ScanTypeDetectedNode[utils.NEO4JVulnerabilityScan] { for _, m := range msg { accID, found := m["cloud_account_id"] if !found { @@ -363,7 +363,7 @@ func (a AwsSecurityHub) mapPayloadToFindings(msg []map[string]interface{}, resou }}) findings.SetFindings(append(findings.Findings, &finding)) } - } else if a.Resource == utils.ScanTypeDetectedNode[utils.NEO4J_COMPLIANCE_SCAN] { + } else if a.Resource == utils.ScanTypeDetectedNode[utils.NEO4JComplianceScan] { for _, m := range msg { accID, found := m["cloud_account_id"] if !found { diff --git a/deepfence_server/pkg/integration/elasticsearch/elasticsearch.go b/deepfence_server/pkg/integration/elasticsearch/elasticsearch.go index 830155010d..62be6dcf59 100644 --- a/deepfence_server/pkg/integration/elasticsearch/elasticsearch.go +++ b/deepfence_server/pkg/integration/elasticsearch/elasticsearch.go @@ -4,9 +4,10 @@ import ( "bytes" "context" "encoding/json" - "github.com/deepfence/ThreatMapper/deepfence_utils/utils" "net/http" "strings" + + "github.com/deepfence/ThreatMapper/deepfence_utils/utils" ) func New(ctx context.Context, b []byte) (*ElasticSearch, error) { @@ -55,7 +56,7 @@ func (e ElasticSearch) SendNotification(ctx context.Context, message string, ext req.Header.Set("Content-Type", "application/x-ndjson") // Make the HTTP request. - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return err diff --git a/deepfence_server/pkg/integration/google-chronicle/googlechronicle.go b/deepfence_server/pkg/integration/google-chronicle/googlechronicle.go index da9fbe6239..8d18fc4bb1 100644 --- a/deepfence_server/pkg/integration/google-chronicle/googlechronicle.go +++ b/deepfence_server/pkg/integration/google-chronicle/googlechronicle.go @@ -4,8 +4,9 @@ import ( "bytes" "context" "encoding/json" - "github.com/deepfence/ThreatMapper/deepfence_utils/utils" "net/http" + + "github.com/deepfence/ThreatMapper/deepfence_utils/utils" ) func New(ctx context.Context, b []byte) (*GoogleChronicle, error) { @@ -40,7 +41,7 @@ func (g GoogleChronicle) SendNotification(ctx context.Context, message string, e req.Header.Set("Content-Type", "application/json") // Make the HTTP request. - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return err diff --git a/deepfence_server/pkg/integration/http-endpoint/http-endpoint.go b/deepfence_server/pkg/integration/http-endpoint/http-endpoint.go index 7a699c9ead..241f7c80ec 100644 --- a/deepfence_server/pkg/integration/http-endpoint/http-endpoint.go +++ b/deepfence_server/pkg/integration/http-endpoint/http-endpoint.go @@ -4,8 +4,9 @@ import ( "bytes" "context" "encoding/json" - "github.com/deepfence/ThreatMapper/deepfence_utils/utils" "net/http" + + "github.com/deepfence/ThreatMapper/deepfence_utils/utils" ) // todo: add support for batch size @@ -43,7 +44,7 @@ func (h HTTPEndpoint) SendNotification(ctx context.Context, message string, extr req.Header.Set("Content-Type", "application/json") // Make the HTTP request. - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return err diff --git a/deepfence_server/pkg/integration/pagerduty/pagerduty.go b/deepfence_server/pkg/integration/pagerduty/pagerduty.go index da93ed19f3..2644e9c11c 100644 --- a/deepfence_server/pkg/integration/pagerduty/pagerduty.go +++ b/deepfence_server/pkg/integration/pagerduty/pagerduty.go @@ -96,7 +96,7 @@ func createPagerDutyEvent(pagerDutyAPIToken string, event pagerduty.V2Event) err req.Header.Set("Content-Type", "application/json") req.Header.Set("Authorization", "Token token="+pagerDutyAPIToken) - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return err @@ -145,7 +145,7 @@ func IsValidCreds(p PagerDuty) (bool, error) { req.Header.Set("Content-Type", "application/json") // Make the HTTP request. - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return false, err diff --git a/deepfence_server/pkg/integration/slack/slack.go b/deepfence_server/pkg/integration/slack/slack.go index ae1428e542..568d30c46c 100644 --- a/deepfence_server/pkg/integration/slack/slack.go +++ b/deepfence_server/pkg/integration/slack/slack.go @@ -159,7 +159,7 @@ func (s Slack) SendNotification(ctx context.Context, message string, extras map[ req.Header.Set("Content-Type", "application/json") // Make the HTTP request. - client := utils.GetHttpClient() + client := utils.GetHTTPClient() resp, err := client.Do(req) if err != nil { return err diff --git a/deepfence_server/pkg/integration/splunk/splunk.go b/deepfence_server/pkg/integration/splunk/splunk.go index 3a1421f6b1..3a6fc270d5 100644 --- a/deepfence_server/pkg/integration/splunk/splunk.go +++ b/deepfence_server/pkg/integration/splunk/splunk.go @@ -31,7 +31,7 @@ func New(ctx context.Context, b []byte) (Splunk, error) { } func (s Splunk) SendNotification(ctx context.Context, message string, extras map[string]interface{}) error { - s.client = utils.GetInsecureHttpClient() + s.client = utils.GetInsecureHTTPClient() var msg []map[string]interface{} d := json.NewDecoder(strings.NewReader(message)) if err := d.Decode(&msg); err != nil { diff --git a/deepfence_server/pkg/integration/sumologic/sumologic.go b/deepfence_server/pkg/integration/sumologic/sumologic.go index ab1abd5d97..52d07a8afa 100644 --- a/deepfence_server/pkg/integration/sumologic/sumologic.go +++ b/deepfence_server/pkg/integration/sumologic/sumologic.go @@ -40,7 +40,7 @@ func (s SumoLogic) FormatMessage(message []map[string]interface{}) (bytes.Buffer func (s SumoLogic) SendNotification(ctx context.Context, data string, extra map[string]interface{}) error { // Create an HTTP client with a timeout - client := utils.GetHttpClient() + client := utils.GetHTTPClient() var d []map[string]interface{} dec := json.NewDecoder(strings.NewReader(data)) diff --git a/deepfence_server/pkg/integration/teams/teams.go b/deepfence_server/pkg/integration/teams/teams.go index 87c2d5c897..fd3c7c9810 100644 --- a/deepfence_server/pkg/integration/teams/teams.go +++ b/deepfence_server/pkg/integration/teams/teams.go @@ -44,7 +44,7 @@ func (t Teams) FormatMessage(message map[string]interface{}, position int, entir } func (t Teams) SendNotification(ctx context.Context, message string, extras map[string]interface{}) error { - t.client = utils.GetHttpClient() + t.client = utils.GetHTTPClient() var msg []map[string]interface{} d := json.NewDecoder(strings.NewReader(message)) diff --git a/deepfence_server/reporters/common.go b/deepfence_server/reporters/common.go index f9b966380f..01fff86075 100644 --- a/deepfence_server/reporters/common.go +++ b/deepfence_server/reporters/common.go @@ -8,20 +8,20 @@ import ( ) var ( - NotFoundErr = errors.New("Resource not found") + ErrNotFound = errors.New("resource not found") ScanResultMaskNode = map[utils.Neo4jScanType]string{ - utils.NEO4J_VULNERABILITY_SCAN: "VulnerabilityStub", - utils.NEO4J_SECRET_SCAN: "Secret", - utils.NEO4J_MALWARE_SCAN: "Malware", - utils.NEO4J_COMPLIANCE_SCAN: "Compliance", - utils.NEO4J_CLOUD_COMPLIANCE_SCAN: "CloudCompliance", + utils.NEO4JVulnerabilityScan: "VulnerabilityStub", + utils.NEO4JSecretScan: "Secret", + utils.NEO4JMalwareScan: "Malware", + utils.NEO4JComplianceScan: "Compliance", + utils.NEO4JCloudComplianceScan: "CloudCompliance", } ScanResultIDField = map[utils.Neo4jScanType]string{ - utils.NEO4J_VULNERABILITY_SCAN: "cve_id", - utils.NEO4J_SECRET_SCAN: "node_id", - utils.NEO4J_MALWARE_SCAN: "node_id", - utils.NEO4J_COMPLIANCE_SCAN: "node_id", - utils.NEO4J_CLOUD_COMPLIANCE_SCAN: "node_id", + utils.NEO4JVulnerabilityScan: "cve_id", + utils.NEO4JSecretScan: "node_id", + utils.NEO4JMalwareScan: "node_id", + utils.NEO4JComplianceScan: "node_id", + utils.NEO4JCloudComplianceScan: "node_id", } ) diff --git a/deepfence_server/reporters/scan/scan_reporters.go b/deepfence_server/reporters/scan/scan_reporters.go index a64393a11d..d3467607aa 100644 --- a/deepfence_server/reporters/scan/scan_reporters.go +++ b/deepfence_server/reporters/scan/scan_reporters.go @@ -78,7 +78,7 @@ func GetScanStatus(ctx context.Context, scan_type utils.Neo4jScanType, scan_ids recs, err := res.Collect() if err != nil { - return model.ScanStatusResp{}, reporters.NotFoundErr + return model.ScanStatusResp{}, reporters.ErrNotFound } return model.ScanStatusResp{Statuses: extractStatuses(recs)}, nil @@ -538,7 +538,7 @@ func processScansListQuery(query string, nodeIds []string, tx neo4j.Transaction) recs, err := res.Collect() if err != nil { - return scansInfo, reporters.NotFoundErr + return scansInfo, reporters.ErrNotFound } for _, rec := range recs { @@ -578,7 +578,7 @@ func GetCloudCompliancePendingScansList(ctx context.Context, scanType utils.Neo4 MATCH (m:`+string(scanType)+`) -[:SCANNED]-> (n:CloudNode{node_id: $node_id}) WHERE m.status = $starting RETURN m.node_id, m.benchmark_types, m.status, m.status_message, n.node_id, m.updated_at, n.node_name ORDER BY m.updated_at`, - map[string]interface{}{"node_id": nodeId, "starting": utils.SCAN_STATUS_STARTING}) + map[string]interface{}{"node_id": nodeId, "starting": utils.ScanStatusStarting}) if err != nil { return model.CloudComplianceScanListResp{}, err } @@ -600,8 +600,8 @@ func GetCloudCompliancePendingScansList(ctx context.Context, scanType utils.Neo4 RETURN m.node_id, m.status, m.status_message, n.node_id, m.updated_at, n.node_name ORDER BY m.updated_at`, map[string]interface{}{"node_id": nodeId, - "cancel_pending": utils.SCAN_STATUS_CANCEL_PENDING, - "cancelling": utils.SCAN_STATUS_CANCELLING}) + "cancel_pending": utils.ScanStatusCancelPending, + "cancelling": utils.ScanStatusCancelling}) if err != nil { log.Info().Msgf("Failed to get stopping scan list for node:%s, error is:%v", nodeId, err) } else { @@ -883,15 +883,15 @@ func GetFilters(ctx context.Context, having map[string]interface{}, detectedType func scanResultId_field(scan_type utils.Neo4jScanType) string { switch scan_type { - case utils.NEO4J_VULNERABILITY_SCAN: + case utils.NEO4JVulnerabilityScan: return "cve_id" - case utils.NEO4J_SECRET_SCAN: + case utils.NEO4JSecretScan: return "node_id" - case utils.NEO4J_MALWARE_SCAN: + case utils.NEO4JMalwareScan: return "node_id" - case utils.NEO4J_COMPLIANCE_SCAN: + case utils.NEO4JComplianceScan: return "test_number" - case utils.NEO4J_CLOUD_COMPLIANCE_SCAN: + case utils.NEO4JCloudComplianceScan: return "control_id" } return "" @@ -899,15 +899,15 @@ func scanResultId_field(scan_type utils.Neo4jScanType) string { func type2sev_field(scan_type utils.Neo4jScanType) string { switch scan_type { - case utils.NEO4J_VULNERABILITY_SCAN: + case utils.NEO4JVulnerabilityScan: return "cve_severity" - case utils.NEO4J_SECRET_SCAN: + case utils.NEO4JSecretScan: return "level" - case utils.NEO4J_MALWARE_SCAN: + case utils.NEO4JMalwareScan: return "file_severity" - case utils.NEO4J_COMPLIANCE_SCAN: + case utils.NEO4JComplianceScan: return "status" - case utils.NEO4J_CLOUD_COMPLIANCE_SCAN: + case utils.NEO4JCloudComplianceScan: return "status" } return "error_sev_field_unknown" @@ -933,7 +933,7 @@ func GetSevCounts(ctx context.Context, scan_type utils.Neo4jScanType, scan_id st defer tx.Close() query := ` - MATCH (m:` + string(scan_type) + `{node_id: $scan_id, status: "` + utils.SCAN_STATUS_SUCCESS + `"}) -[r:DETECTED]-> (d) + MATCH (m:` + string(scan_type) + `{node_id: $scan_id, status: "` + utils.ScanStatusSuccess + `"}) -[r:DETECTED]-> (d) WHERE r.masked = false RETURN d.` + type2sev_field(scan_type) + `, COUNT(*)` @@ -1058,7 +1058,7 @@ func GetCloudComplianceStats(ctx context.Context, scanId string, neo4jCompliance additionalInfo.BenchmarkTypes = benchmarkTypes cloudComplianceFields := "" - if neo4jComplianceType == utils.NEO4J_CLOUD_COMPLIANCE_SCAN { + if neo4jComplianceType == utils.NEO4JCloudComplianceScan { cloudComplianceFields = "DISTINCT d.control_id AS control_id, d.resource AS resource," } nres, err := tx.Run(` @@ -1147,7 +1147,7 @@ func GetBulkScans(ctx context.Context, scan_type utils.Neo4jScanType, scan_id st recs, err := neo_res.Collect() if err != nil { - return scan_ids, reporters.NotFoundErr + return scan_ids, reporters.ErrNotFound } return model.ScanStatusResp{ diff --git a/deepfence_server/reporters/scan/scan_result_actions.go b/deepfence_server/reporters/scan/scan_result_actions.go index 6bd4a888e2..c6ac92619b 100644 --- a/deepfence_server/reporters/scan/scan_result_actions.go +++ b/deepfence_server/reporters/scan/scan_result_actions.go @@ -63,7 +63,7 @@ func UpdateScanResultMasked(ctx context.Context, req *model.ScanResultsMaskReque defer tx.Close() switch req.MaskAction { - case utils.MASK_GLOBAL: + case utils.MaskGlobal: nodeTag := utils.ScanTypeDetectedNode[utils.Neo4jScanType(req.ScanType)] globalQuery := ` MATCH (o:` + nodeTag + `) -[:IS]-> (r) @@ -96,7 +96,7 @@ func UpdateScanResultMasked(ctx context.Context, req *model.ScanResultsMaskReque _, err = tx.Run(globalQuery, map[string]interface{}{"node_ids": req.ResultIDs, "value": value, "active": !value}) - case utils.MASK_ALL_IMAGE_TAG, utils.MASK_ENTITY: + case utils.MaskAllImageTag, utils.MaskEntity: entityQuery := ` MATCH (s:` + string(req.ScanType) + `) - [d:DETECTED] -> (n) WHERE n.node_id IN $node_ids @@ -106,7 +106,7 @@ func UpdateScanResultMasked(ctx context.Context, req *model.ScanResultsMaskReque _, err = tx.Run(entityQuery, map[string]interface{}{"node_ids": req.ResultIDs, "value": value}) - case utils.MASK_IMAGE_TAG: + case utils.MaskImageTag: maskImageTagQuery := ` MATCH (s:` + string(req.ScanType) + `) -[d:DETECTED] -> (n) WHERE n.node_id IN $node_ids AND s.node_id=$scan_id @@ -194,7 +194,7 @@ func DeleteScan(ctx context.Context, scanType utils.Neo4jScanType, scanId string if err != nil { return err } - if scanType == utils.NEO4J_VULNERABILITY_SCAN { + if scanType == utils.NEO4JVulnerabilityScan { tx3, err := session.BeginTransaction(neo4j.WithTxTimeout(30 * time.Second)) if err != nil { return err @@ -218,13 +218,13 @@ func DeleteScan(ctx context.Context, scanType utils.Neo4jScanType, scanId string log.Error().Err(err).Msg("failed to get minio client") return err } - sbomFile := path.Join("/sbom", utils.ScanIdReplacer.Replace(scanId)+".json.gz") + sbomFile := path.Join("/sbom", utils.ScanIDReplacer.Replace(scanId)+".json.gz") err = mc.DeleteFile(ctx, sbomFile, true, minio.RemoveObjectOptions{ForceDelete: true}) if err != nil { log.Error().Err(err).Msgf("failed to delete sbom for scan id %s", scanId) return err } - runtimeSbomFile := path.Join("/sbom", "runtime-"+utils.ScanIdReplacer.Replace(scanId)+".json") + runtimeSbomFile := path.Join("/sbom", "runtime-"+utils.ScanIDReplacer.Replace(scanId)+".json") err = mc.DeleteFile(ctx, runtimeSbomFile, true, minio.RemoveObjectOptions{ForceDelete: true}) if err != nil { log.Error().Err(err).Msgf("failed to delete runtime sbom for scan id %s", scanId) @@ -235,27 +235,27 @@ func DeleteScan(ctx context.Context, scanType utils.Neo4jScanType, scanId string // update nodes scan result query := "" switch scanType { - case utils.NEO4J_VULNERABILITY_SCAN: + case utils.NEO4JVulnerabilityScan: query = `MATCH (n) WHERE (n:Node OR n:Container or n:ContainerImage) AND n.vulnerability_latest_scan_id="%s" SET n.vulnerability_latest_scan_id="", n.vulnerabilities_count=0, n.vulnerability_scan_status=""` - case utils.NEO4J_SECRET_SCAN: + case utils.NEO4JSecretScan: query = `MATCH (n) WHERE (n:Node OR n:Container or n:ContainerImage) AND n.secret_latest_scan_id="%s" SET n.secret_latest_scan_id="", n.secrets_count=0, n.secret_scan_status=""` - case utils.NEO4J_MALWARE_SCAN: + case utils.NEO4JMalwareScan: query = `MATCH (n) WHERE (n:Node OR n:Container or n:ContainerImage) AND n.malware_latest_scan_id="%s" SET n.malware_latest_scan_id="", n.malwares_count=0, n.malware_scan_status=""` - case utils.NEO4J_COMPLIANCE_SCAN: + case utils.NEO4JComplianceScan: query = `MATCH (n) WHERE (n:Node OR n:KubernetesCluster) AND n.compliance_latest_scan_id="%s" SET n.compliance_latest_scan_id="", n.compliances_count=0, n.compliance_scan_status=""` - case utils.NEO4J_CLOUD_COMPLIANCE_SCAN: + case utils.NEO4JCloudComplianceScan: query = `MATCH (n) WHERE (n:CloudResource) AND n.cloud_compliance_latest_scan_id="%s" @@ -306,8 +306,8 @@ func StopCloudComplianceScan(ctx context.Context, scanIds []string) error { if _, err = tx.Run(query, map[string]interface{}{ "scan_id": scanid, - "in_progress": utils.SCAN_STATUS_INPROGRESS, - "cancel_pending": utils.SCAN_STATUS_CANCEL_PENDING, + "in_progress": utils.ScanStatusInProgress, + "cancel_pending": utils.ScanStatusCancelPending, }); err != nil { log.Error().Msgf("StopCloudComplianceScan: Error in setting the state in neo4j: %v", err) return err @@ -344,10 +344,10 @@ func StopScan(ctx context.Context, scanType string, scanIds []string) error { if _, err = tx.Run(queryStr, map[string]interface{}{ "scan_id": scanid, - "starting": utils.SCAN_STATUS_STARTING, - "in_progress": utils.SCAN_STATUS_INPROGRESS, - "cancel_pending": utils.SCAN_STATUS_CANCEL_PENDING, - "cancelled": utils.SCAN_STATUS_CANCELLED, + "starting": utils.ScanStatusStarting, + "in_progress": utils.ScanStatusInProgress, + "cancel_pending": utils.ScanStatusCancelPending, + "cancelled": utils.ScanStatusCancelled, }); err != nil { return err } @@ -357,7 +357,7 @@ func StopScan(ctx context.Context, scanType string, scanIds []string) error { func NotifyScanResult(ctx context.Context, scanType utils.Neo4jScanType, scanId string, scanIDs []string) error { switch scanType { - case utils.NEO4J_VULNERABILITY_SCAN: + case utils.NEO4JVulnerabilityScan: res, common, err := GetSelectedScanResults[model.Vulnerability](ctx, scanType, scanId, scanIDs) if err != nil { return err @@ -365,7 +365,7 @@ func NotifyScanResult(ctx context.Context, scanType utils.Neo4jScanType, scanId if err := Notify[model.Vulnerability](ctx, res, common, string(scanType)); err != nil { return err } - case utils.NEO4J_SECRET_SCAN: + case utils.NEO4JSecretScan: res, common, err := GetSelectedScanResults[model.Secret](ctx, scanType, scanId, scanIDs) if err != nil { return err @@ -373,7 +373,7 @@ func NotifyScanResult(ctx context.Context, scanType utils.Neo4jScanType, scanId if err := Notify[model.Secret](ctx, res, common, string(scanType)); err != nil { return err } - case utils.NEO4J_MALWARE_SCAN: + case utils.NEO4JMalwareScan: res, common, err := GetSelectedScanResults[model.Malware](ctx, scanType, scanId, scanIDs) if err != nil { return err @@ -381,7 +381,7 @@ func NotifyScanResult(ctx context.Context, scanType utils.Neo4jScanType, scanId if err := Notify[model.Malware](ctx, res, common, string(scanType)); err != nil { return err } - case utils.NEO4J_COMPLIANCE_SCAN: + case utils.NEO4JComplianceScan: res, common, err := GetSelectedScanResults[model.Compliance](ctx, scanType, scanId, scanIDs) if err != nil { return err @@ -389,7 +389,7 @@ func NotifyScanResult(ctx context.Context, scanType utils.Neo4jScanType, scanId if err := Notify[model.Compliance](ctx, res, common, string(scanType)); err != nil { return err } - case utils.NEO4J_CLOUD_COMPLIANCE_SCAN: + case utils.NEO4JCloudComplianceScan: res, common, err := GetSelectedScanResults[model.CloudCompliance](ctx, scanType, scanId, scanIDs) if err != nil { return err diff --git a/deepfence_utils/controls/agent.go b/deepfence_utils/controls/agent.go index f7cab1ac22..18387eac23 100644 --- a/deepfence_utils/controls/agent.go +++ b/deepfence_utils/controls/agent.go @@ -97,25 +97,25 @@ func StringToResourceType(s string) ScanResource { } type StartVulnerabilityScanRequest struct { - NodeId string `json:"node_id" required:"true"` + NodeID string `json:"node_id" required:"true"` NodeType ScanResource `json:"node_type" required:"true"` BinArgs map[string]string `json:"bin_args" required:"true"` } type StartSecretScanRequest struct { - NodeId string `json:"node_id" required:"true"` + NodeID string `json:"node_id" required:"true"` NodeType ScanResource `json:"node_type" required:"true"` BinArgs map[string]string `json:"bin_args" required:"true"` } type StartComplianceScanRequest struct { - NodeId string `json:"node_id" required:"true"` + NodeID string `json:"node_id" required:"true"` NodeType ScanResource `json:"node_type" required:"true"` BinArgs map[string]string `json:"bin_args" required:"true"` } type StartMalwareScanRequest struct { - NodeId string `json:"node_id" required:"true"` + NodeID string `json:"node_id" required:"true"` NodeType ScanResource `json:"node_type" required:"true"` BinArgs map[string]string `json:"bin_args" required:"true"` } @@ -126,7 +126,7 @@ type StopVulnerabilityScanRequest StartSecretScanRequest type StopComplianceScanRequest StartSecretScanRequest type SendAgentDiagnosticLogsRequest struct { - NodeId string `json:"node_id" required:"true"` + NodeID string `json:"node_id" required:"true"` NodeType ScanResource `json:"node_type" required:"true"` UploadURL string `json:"upload_url" required:"true"` FileName string `json:"file_name" required:"true"` @@ -134,14 +134,14 @@ type SendAgentDiagnosticLogsRequest struct { } type StartAgentUpgradeRequest struct { - HomeDirectoryUrl string `json:"home_directory_url" required:"true"` + HomeDirectoryURL string `json:"home_directory_url" required:"true"` Version string `json:"version" required:"true"` } type EnableAgentPluginRequest struct { PluginName string `json:"plugin_name" required:"true"` Version string `json:"version" required:"true"` - BinUrl string `json:"bin_url" required:"true"` + BinURL string `json:"bin_url" required:"true"` } type DisableAgentPluginRequest struct { @@ -166,22 +166,22 @@ func (ac AgentControls) ToBytes() ([]byte, error) { return json.Marshal(ac) } -func GetBinArgs(T interface{}) map[string]string { - switch T.(type) { +func GetBinArgs(t interface{}) map[string]string { + switch val := t.(type) { case StartVulnerabilityScanRequest: - return T.(StartVulnerabilityScanRequest).BinArgs + return val.BinArgs case StartSecretScanRequest: - return T.(StartSecretScanRequest).BinArgs + return val.BinArgs case StartComplianceScanRequest: - return T.(StartComplianceScanRequest).BinArgs + return val.BinArgs case StartMalwareScanRequest: - return T.(StartMalwareScanRequest).BinArgs + return val.BinArgs case StopSecretScanRequest: - return T.(StopSecretScanRequest).BinArgs + return val.BinArgs case StopMalwareScanRequest: - return T.(StopVulnerabilityScanRequest).BinArgs + return val.BinArgs case StopVulnerabilityScanRequest: - return T.(StopVulnerabilityScanRequest).BinArgs + return val.BinArgs } return nil } diff --git a/deepfence_utils/controls/workload_allocator.go b/deepfence_utils/controls/workload_allocator.go index 36d9f6ff33..63292839ed 100644 --- a/deepfence_utils/controls/workload_allocator.go +++ b/deepfence_utils/controls/workload_allocator.go @@ -5,9 +5,7 @@ import ( "sync" ) -var ( - NotEnoughRoomError = errors.New("Not enough room") -) +var ErrNotEnoughRoom = errors.New("not enough room") type WorkloadAllocator struct { currentWorkload int32 diff --git a/deepfence_utils/directory/context.go b/deepfence_utils/directory/context.go index dcf21cff52..056125acfe 100644 --- a/deepfence_utils/directory/context.go +++ b/deepfence_utils/directory/context.go @@ -30,6 +30,8 @@ func Injector(next http.Handler) http.Handler { http.Error(w, err.Error(), http.StatusInternalServerError) return } + + //nolint:staticcheck ctx := context.WithValue(r.Context(), NamespaceKey, NamespaceID(namespace)) // Token is authenticated, pass it through next.ServeHTTP(w, r.WithContext(ctx)) @@ -38,20 +40,24 @@ func Injector(next http.Handler) http.Handler { func NewGlobalContext() context.Context { ctx := context.Background() + //nolint:staticcheck ctx = context.WithValue(ctx, NamespaceKey, GlobalDirKey) return ctx } func WithGlobalContext(ctx context.Context) context.Context { + //nolint:staticcheck return context.WithValue(ctx, NamespaceKey, GlobalDirKey) } func WithDatabaseContext(ctx context.Context) context.Context { + //nolint:staticcheck return context.WithValue(ctx, NamespaceKey, DatabaseDirKey) } func NewContextWithNameSpace(ns NamespaceID) context.Context { ctx := context.Background() + //nolint:staticcheck ctx = context.WithValue(ctx, NamespaceKey, ns) return ctx } diff --git a/deepfence_utils/directory/directory.go b/deepfence_utils/directory/directory.go index a87a21f25f..39c1535935 100644 --- a/deepfence_utils/directory/directory.go +++ b/deepfence_utils/directory/directory.go @@ -142,7 +142,7 @@ func FetchNamespace(email string) NamespaceID { namespaces := GetAllNamespaces() if len(namespaces) == 1 && namespaces[0] == NonSaaSDirKey { return NonSaaSDirKey - } else { + } else { //nolint:staticcheck // TODO: Fetch namespace for SaaS tenant } return "" @@ -169,19 +169,19 @@ func initRedis() RedisConfig { } redisEndpoint := redisHost + ":" + redisPort redisPassword := os.Getenv("DEEPFENCE_REDIS_PASSWORD") - redisDbNumber := 0 + redisDBNumber := 0 var err error - redisDbNumberStr := os.Getenv("DEEPFENCE_REDIS_DB_NUMBER") - if redisDbNumberStr != "" { - redisDbNumber, err = strconv.Atoi(redisDbNumberStr) + redisDBNumberStr := os.Getenv("DEEPFENCE_REDIS_DB_NUMBER") + if redisDBNumberStr != "" { + redisDBNumber, err = strconv.Atoi(redisDBNumberStr) if err != nil { - redisDbNumber = 0 + redisDBNumber = 0 } } return RedisConfig{ Endpoint: redisEndpoint, Password: redisPassword, - Database: redisDbNumber, + Database: redisDBNumber, } } diff --git a/deepfence_utils/directory/minio.go b/deepfence_utils/directory/minio.go index 1da07e73e9..cee33906c4 100644 --- a/deepfence_utils/directory/minio.go +++ b/deepfence_utils/directory/minio.go @@ -266,7 +266,7 @@ func (mfm *MinioFileManager) DownloadFileContexts(ctx context.Context, remoteFil func (mfm *MinioFileManager) ExposeFile(ctx context.Context, filePath string, addFilePathPrefix bool, expires time.Duration, reqParams url.Values) (string, error) { // Force browser to download file - url.Values{"response-content-disposition": []string{"attachment; filename=\"b.txt\""}}, - consoleIp, err := GetManagementHost(ctx) + consoleIP, err := GetManagementHost(ctx) if err != nil { return "", err } @@ -280,7 +280,7 @@ func (mfm *MinioFileManager) ExposeFile(ctx context.Context, filePath string, ad headers := http.Header{} if !strings.Contains(mfm.client.EndpointURL().Hostname(), "s3.amazonaws.com") { - headers.Add("Host", consoleIp) + headers.Add("Host", consoleIP) } urlLink, err := mfm.client.PresignHeader( @@ -296,18 +296,18 @@ func (mfm *MinioFileManager) ExposeFile(ctx context.Context, filePath string, ad return "", err } - return updateURL(urlLink.String(), consoleIp), nil + return updateURL(urlLink.String(), consoleIP), nil } func (mfm *MinioFileManager) CreatePublicUploadURL(ctx context.Context, filePath string, addFilePathPrefix bool, expires time.Duration, reqParams url.Values) (string, error) { - consoleIp, err := GetManagementHost(ctx) + consoleIP, err := GetManagementHost(ctx) if err != nil { return "", err } headers := http.Header{} if !strings.Contains(mfm.client.EndpointURL().Hostname(), "s3.amazonaws.com") { - headers.Add("Host", consoleIp) + headers.Add("Host", consoleIP) } urlLink, err := mfm.client.PresignHeader( @@ -323,7 +323,7 @@ func (mfm *MinioFileManager) CreatePublicUploadURL(ctx context.Context, filePath return "", err } - return updateURL(urlLink.String(), consoleIp), nil + return updateURL(urlLink.String(), consoleIP), nil } func (mfm *MinioFileManager) Client() interface{} { @@ -378,13 +378,13 @@ func (mfm *MinioFileManager) CleanNamespace(ctx context.Context) error { return nil } -func updateURL(url string, consoleIp string) string { +func updateURL(url string, consoleIP string) string { minioHost := utils.GetEnvOrDefault("DEEPFENCE_MINIO_HOST", "deepfence-file-server") minioPort := utils.GetEnvOrDefault("DEEPFENCE_MINIO_PORT", "9000") updated := strings.ReplaceAll(url, fmt.Sprintf("%s:%s", minioHost, minioPort), - fmt.Sprintf("%s/file-server", consoleIp), + fmt.Sprintf("%s/file-server", consoleIP), ) return strings.ReplaceAll(updated, "http://", "https://") diff --git a/deepfence_utils/directory/neo4j.go b/deepfence_utils/directory/neo4j.go index fb7188cb47..8a5bb6410f 100644 --- a/deepfence_utils/directory/neo4j.go +++ b/deepfence_utils/directory/neo4j.go @@ -15,10 +15,10 @@ import ( "go.opentelemetry.io/otel" ) -var neo4j_clients_pool sync.Map +var neo4jClientsPool sync.Map func init() { - neo4j_clients_pool = sync.Map{} + neo4jClientsPool = sync.Map{} } type CypherTransaction struct { @@ -93,10 +93,7 @@ func (cd CypherDriver) NewSession(config neo4j.SessionConfig) neo4j.Session { return CypherSession{impl: cd.impl.NewSession(config)} } func (cd CypherDriver) Session(accessMode neo4j.AccessMode, bookmarks ...string) (neo4j.Session, error) { - s, err := cd.impl.Session(accessMode, bookmarks...) - if err != nil { - return nil, err - } + s := cd.impl.NewSession(neo4j.SessionConfig{Bookmarks: bookmarks}) return CypherSession{impl: s}, nil } func (cd CypherDriver) VerifyConnectivity() error { @@ -106,9 +103,9 @@ func (cd CypherDriver) Close() error { return cd.impl.Close() } -func new_neo4j_client(endpoints DBConfigs) (*CypherDriver, error) { +func newNeo4JClient(endpoints DBConfigs) (*CypherDriver, error) { if endpoints.Neo4j == nil { - return nil, errors.New("No defined Neo4j config") + return nil, errors.New("no defined Neo4j config") } driver, err := neo4j.NewDriver(endpoints.Neo4j.Endpoint, neo4j.BasicAuth(endpoints.Neo4j.Username, endpoints.Neo4j.Password, ""), @@ -123,7 +120,7 @@ func new_neo4j_client(endpoints DBConfigs) (*CypherDriver, error) { } func Neo4jClient(ctx context.Context) (neo4j.Driver, error) { - driver, err := getClient(ctx, &neo4j_clients_pool, new_neo4j_client) + driver, err := getClient(ctx, &neo4jClientsPool, newNeo4JClient) if err != nil { return nil, err } @@ -131,7 +128,7 @@ func Neo4jClient(ctx context.Context) (neo4j.Driver, error) { err = driver.VerifyConnectivity() if err != nil { key, _ := ExtractNamespace(ctx) - old, has := neo4j_clients_pool.LoadAndDelete(key) + old, has := neo4jClientsPool.LoadAndDelete(key) if has { old.(*CypherDriver).Close() } diff --git a/deepfence_utils/directory/postgresql.go b/deepfence_utils/directory/postgresql.go index e80ceb4a02..27bda97fc9 100644 --- a/deepfence_utils/directory/postgresql.go +++ b/deepfence_utils/directory/postgresql.go @@ -57,7 +57,7 @@ func PostgresClient(ctx context.Context) (*postgresqlDb.Queries, error) { return driver, err } -func NewSqlConnection(ctx context.Context) (*sql.DB, error) { +func NewSQLConnection(ctx context.Context) (*sql.DB, error) { endpoints, err := GetDatabaseConfig(ctx) if err != nil { return nil, err diff --git a/deepfence_utils/directory/utils.go b/deepfence_utils/directory/utils.go index c7bf24abe5..c8843b5a32 100644 --- a/deepfence_utils/directory/utils.go +++ b/deepfence_utils/directory/utils.go @@ -9,7 +9,7 @@ import ( "github.com/redis/go-redis/v9" ) -func getClient[T *redis.Client | *CypherDriver | *postgresqlDb.Queries | *minio.Client | *asyncq_clients](ctx context.Context, pool *sync.Map, newClient func(DBConfigs) (T, error)) (T, error) { +func getClient[T *redis.Client | *CypherDriver | *postgresqlDb.Queries | *minio.Client | *asynqClients](ctx context.Context, pool *sync.Map, newClientFN func(DBConfigs) (T, error)) (T, error) { key, err := ExtractNamespace(ctx) if err != nil { return nil, err @@ -23,10 +23,10 @@ func getClient[T *redis.Client | *CypherDriver | *postgresqlDb.Queries | *minio. directory.RLock() namespace := directory.Directory[key] directory.RUnlock() - client, err := newClient(namespace) + client, err := newClientFN(namespace) if err != nil { return nil, err } - new_client, _ := pool.LoadOrStore(key, client) - return new_client.(T), nil + newClient, _ := pool.LoadOrStore(key, client) + return newClient.(T), nil } diff --git a/deepfence_utils/directory/worker.go b/deepfence_utils/directory/worker.go index a10fdb814d..0201b92307 100644 --- a/deepfence_utils/directory/worker.go +++ b/deepfence_utils/directory/worker.go @@ -9,38 +9,38 @@ import ( ) const ( - max_size = 500 * 1024 * 1024 // 500 MB + maxSize = 500 * 1024 * 1024 // 500 MB ) -var ErrExhaustedResources = errors.New("Exhausted worker resources") +var ErrExhaustedResources = errors.New("exhausted worker resources") -type asyncq_clients struct { +type asynqClients struct { client *asynq.Client inspector *asynq.Inspector } type WorkEnqueuer struct { - clients asyncq_clients + clients asynqClients } -var worker_clients_pool sync.Map +var workerClientsPool sync.Map func init() { - worker_clients_pool = sync.Map{} + workerClientsPool = sync.Map{} } -func new_asynq_client(endpoints DBConfigs) (*asyncq_clients, error) { +func newAsynqClient(endpoints DBConfigs) (*asynqClients, error) { if endpoints.Redis == nil { - return nil, errors.New("No defined Redis config") + return nil, errors.New("no defined Redis config") } redisCfg := asynq.RedisClientOpt{Addr: endpoints.Redis.Endpoint} - return &asyncq_clients{ + return &asynqClients{ client: asynq.NewClient(redisCfg), inspector: asynq.NewInspector(redisCfg), }, nil } -func (ws WorkEnqueuer) Enqueue(task_enum string, data []byte, opts ...asynq.Option) error { +func (ws WorkEnqueuer) Enqueue(taskEnum string, data []byte, opts ...asynq.Option) error { client := ws.clients.client inspector := ws.clients.inspector @@ -58,17 +58,17 @@ func (ws WorkEnqueuer) Enqueue(task_enum string, data []byte, opts ...asynq.Opti size += res.Size } - if size >= max_size { + if size >= maxSize { return ErrExhaustedResources } - _, err = client.Enqueue(asynq.NewTask(task_enum, data), opts...) + _, err = client.Enqueue(asynq.NewTask(taskEnum, data), opts...) return err } func Worker(ctx context.Context) (WorkEnqueuer, error) { - client, err := getClient(ctx, &worker_clients_pool, new_asynq_client) + client, err := getClient(ctx, &workerClientsPool, newAsynqClient) if err != nil { return WorkEnqueuer{}, err } diff --git a/deepfence_utils/log/log.go b/deepfence_utils/log/log.go index fd605c6ddf..5be4f49779 100644 --- a/deepfence_utils/log/log.go +++ b/deepfence_utils/log/log.go @@ -14,7 +14,7 @@ import ( type LogErrorWriter struct{} func (LogErrorWriter) Write(b []byte) (int, error) { - if len(b) <= 0 { + if len(b) == 0 { return 0, nil } log.Error().CallerSkipFrame(3).Msg(strings.TrimSpace(string(b))) @@ -24,7 +24,7 @@ func (LogErrorWriter) Write(b []byte) (int, error) { type LogInfoWriter struct{} func (LogInfoWriter) Write(b []byte) (int, error) { - if len(b) <= 0 { + if len(b) == 0 { return 0, nil } log.Info().CallerSkipFrame(3).Msg(strings.TrimSpace(string(b))) @@ -46,9 +46,9 @@ func init() { ).With().Caller().Logger() } -func Initialize(log_level string) { +func Initialize(logLevel string) { - switch log_level { + switch logLevel { case zerolog.LevelTraceValue: zerolog.SetGlobalLevel(zerolog.TraceLevel) case zerolog.LevelDebugValue: diff --git a/deepfence_utils/telemetry/common.go b/deepfence_utils/telemetry/common.go index 36df7eeaf8..e56626b59f 100644 --- a/deepfence_utils/telemetry/common.go +++ b/deepfence_utils/telemetry/common.go @@ -12,8 +12,8 @@ type SpanWrapper struct { impl trace.Span } -func NewSpan(ctx context.Context, tracer_name string, operation_name string) SpanWrapper { - _, span := otel.Tracer(tracer_name).Start(ctx, operation_name) +func NewSpan(ctx context.Context, tracerName string, operationName string) SpanWrapper { + _, span := otel.Tracer(tracerName).Start(ctx, operationName) return SpanWrapper{impl: span} } diff --git a/deepfence_utils/utils/asynq.go b/deepfence_utils/utils/asynq.go index cfbe3e969b..17e801f364 100644 --- a/deepfence_utils/utils/asynq.go +++ b/deepfence_utils/utils/asynq.go @@ -9,9 +9,9 @@ import ( const ( DefaultTaskMaxRetries = 3 - Q_CRITICAL = "critical" - Q_DEFAULT = "default" - Q_LOW = "low" + QCritical = "critical" + QDefault = "default" + QLow = "low" ) var ( @@ -35,13 +35,13 @@ func TaskOptions(queue string, opts ...asynq.Option) []asynq.Option { } func CritialTaskOpts(opts ...asynq.Option) []asynq.Option { - return TaskOptions(Q_CRITICAL, append(opts, TasksMaxRetries())...) + return TaskOptions(QCritical, append(opts, TasksMaxRetries())...) } func DefaultTaskOpts(opts ...asynq.Option) []asynq.Option { - return TaskOptions(Q_DEFAULT, append(opts, TasksMaxRetries())...) + return TaskOptions(QDefault, append(opts, TasksMaxRetries())...) } func LowTaskOpts(opts ...asynq.Option) []asynq.Option { - return TaskOptions(Q_LOW, append(opts, TasksMaxRetries())...) + return TaskOptions(QLow, append(opts, TasksMaxRetries())...) } diff --git a/deepfence_utils/utils/beatcheck.go b/deepfence_utils/utils/beatcheck.go index d052c78b1f..520adb50a6 100644 --- a/deepfence_utils/utils/beatcheck.go +++ b/deepfence_utils/utils/beatcheck.go @@ -10,7 +10,7 @@ import ( "github.com/deepfence/ThreatMapper/deepfence_utils/log" ) -func tcp_connect(host string, port string, timeout time.Duration) error { +func tcpConnect(host string, port string, timeout time.Duration) error { conn, err := net.DialTimeout("tcp", net.JoinHostPort(host, port), timeout) if err != nil { return err @@ -21,13 +21,13 @@ func tcp_connect(host string, port string, timeout time.Duration) error { return nil } -func WaitServiceTcpConn(host string, port string, timeout time.Duration) error { +func WaitServiceTCPConn(host string, port string, timeout time.Duration) error { ctx, cancel := context.WithTimeout(context.Background(), timeout) defer cancel() op := func() error { - return tcp_connect(host, port, 5*time.Second) + return tcpConnect(host, port, 5*time.Second) } notify := func(err error, d time.Duration) { diff --git a/deepfence_utils/utils/constants.go b/deepfence_utils/utils/constants.go index be20cb4686..c4d243a3a4 100644 --- a/deepfence_utils/utils/constants.go +++ b/deepfence_utils/utils/constants.go @@ -1,30 +1,27 @@ package utils const ( + Project = "ThreatMapper" ErrorUserNotFound = "user not found" ) -const ( - Project = "ThreatMapper" -) - // kafka topics const ( - AUDIT_LOGS = "audit-logs" - VULNERABILITY_SCAN = "vulnerability-scan" - VULNERABILITY_SCAN_STATUS = "vulnerability-scan-status" - SECRET_SCAN = "secret-scan" - SECRET_SCAN_STATUS = "secret-scan-status" - MALWARE_SCAN = "malware-scan" - MALWARE_SCAN_STATUS = "malware-scan-status" - SBOM_ARTIFACTS = "sbom-artifact" - SBOM_CVE_SCAN = "sbom-cve-scan" - CLOUD_COMPLIANCE_SCAN = "cloud-compliance-scan" - CLOUD_COMPLIANCE_SCAN_STATUS = "cloud-compliance-scan-status" - COMPLIANCE_SCAN = "compliance-scan" - COMPLIANCE_SCAN_STATUS = "compliance-scan-status" - CLOUD_TRAIL_ALERTS = "cloudtrail-alert" - CLOUD_RESOURCE = "cloud-resource" + AuditLogs = "audit-logs" + VulnerabilityScan = "vulnerability-scan" + VulnerabilityScanStatus = "vulnerability-scan-status" + SecretScan = "secret-scan" + SecretScanStatus = "secret-scan-status" + MalwareScan = "malware-scan" + MalwareScanStatus = "malware-scan-status" + SbomArtifacts = "sbom-artifact" + SbomCVEScan = "sbom-cve-scan" + CloudComplianceScan = "cloud-compliance-scan" + CloudComplianceScanStatus = "cloud-compliance-scan-status" + ComplianceScan = "compliance-scan" + ComplianceScanStatus = "compliance-scan-status" + CloudTrailAlerts = "cloudtrail-alert" + CloudResource = "cloud-resource" ) // task names @@ -59,13 +56,13 @@ const ( ) const ( - SCAN_STATUS_SUCCESS = "COMPLETE" - SCAN_STATUS_STARTING = "STARTING" - SCAN_STATUS_INPROGRESS = "IN_PROGRESS" - SCAN_STATUS_FAILED = "ERROR" - SCAN_STATUS_CANCEL_PENDING = "CANCEL_PENDING" - SCAN_STATUS_CANCELLING = "CANCELLING" - SCAN_STATUS_CANCELLED = "CANCELLED" + ScanStatusSuccess = "COMPLETE" + ScanStatusStarting = "STARTING" + ScanStatusInProgress = "IN_PROGRESS" + ScanStatusFailed = "ERROR" + ScanStatusCancelPending = "CANCEL_PENDING" + ScanStatusCancelling = "CANCELLING" + ScanStatusCancelled = "CANCELLED" ) // Neo4j Node Labels @@ -86,25 +83,25 @@ const ( type Neo4jScanType string const ( - NEO4J_SECRET_SCAN Neo4jScanType = "SecretScan" - NEO4J_VULNERABILITY_SCAN Neo4jScanType = "VulnerabilityScan" - NEO4J_MALWARE_SCAN Neo4jScanType = "MalwareScan" - NEO4J_COMPLIANCE_SCAN Neo4jScanType = "ComplianceScan" - NEO4J_CLOUD_COMPLIANCE_SCAN Neo4jScanType = "CloudComplianceScan" + NEO4JSecretScan Neo4jScanType = "SecretScan" + NEO4JVulnerabilityScan Neo4jScanType = "VulnerabilityScan" + NEO4JMalwareScan Neo4jScanType = "MalwareScan" + NEO4JComplianceScan Neo4jScanType = "ComplianceScan" + NEO4JCloudComplianceScan Neo4jScanType = "CloudComplianceScan" ) func StringToNeo4jScanType(s string) Neo4jScanType { switch s { case "VulnerabilityScan": - return NEO4J_VULNERABILITY_SCAN + return NEO4JVulnerabilityScan case "SecretScan": - return NEO4J_SECRET_SCAN + return NEO4JSecretScan case "MalwareScan": - return NEO4J_MALWARE_SCAN + return NEO4JMalwareScan case "ComplianceScan": - return NEO4J_COMPLIANCE_SCAN + return NEO4JComplianceScan case "CloudComplianceScan": - return NEO4J_CLOUD_COMPLIANCE_SCAN + return NEO4JCloudComplianceScan default: return "" } @@ -112,18 +109,18 @@ func StringToNeo4jScanType(s string) Neo4jScanType { var ( ScanTypeDetectedNode = map[Neo4jScanType]string{ - NEO4J_VULNERABILITY_SCAN: "Vulnerability", - NEO4J_SECRET_SCAN: "Secret", - NEO4J_MALWARE_SCAN: "Malware", - NEO4J_COMPLIANCE_SCAN: "Compliance", - NEO4J_CLOUD_COMPLIANCE_SCAN: "CloudCompliance", + NEO4JVulnerabilityScan: "Vulnerability", + NEO4JSecretScan: "Secret", + NEO4JMalwareScan: "Malware", + NEO4JComplianceScan: "Compliance", + NEO4JCloudComplianceScan: "CloudCompliance", } DetectedNodeScanType = map[string]Neo4jScanType{ - "Vulnerability": NEO4J_VULNERABILITY_SCAN, - "Secret": NEO4J_SECRET_SCAN, - "Malware": NEO4J_MALWARE_SCAN, - "Compliance": NEO4J_COMPLIANCE_SCAN, - "CloudCompliance": NEO4J_CLOUD_COMPLIANCE_SCAN, + "Vulnerability": NEO4JVulnerabilityScan, + "Secret": NEO4JSecretScan, + "Malware": NEO4JMalwareScan, + "Compliance": NEO4JComplianceScan, + "CloudCompliance": NEO4JCloudComplianceScan, } ) @@ -171,18 +168,18 @@ func ResourceTypeToNeo4jLabel(t CloudProvider) string { } var Topics = []string{ - VULNERABILITY_SCAN, VULNERABILITY_SCAN_STATUS, - SECRET_SCAN, SECRET_SCAN_STATUS, - MALWARE_SCAN, MALWARE_SCAN_STATUS, - SBOM_ARTIFACTS, SBOM_CVE_SCAN, - CLOUD_COMPLIANCE_SCAN, CLOUD_COMPLIANCE_SCAN_STATUS, - COMPLIANCE_SCAN, COMPLIANCE_SCAN_STATUS, - CLOUD_TRAIL_ALERTS, - AUDIT_LOGS, - CLOUD_RESOURCE, + VulnerabilityScan, VulnerabilityScanStatus, + SecretScan, SecretScanStatus, + MalwareScan, MalwareScanStatus, + SbomArtifacts, SbomCVEScan, + CloudComplianceScan, CloudComplianceScanStatus, + ComplianceScan, ComplianceScanStatus, + CloudTrailAlerts, + AuditLogs, + CloudResource, } -// list of task names to create topics +// Tasks is a list of task names to create topics var Tasks = []string{ CleanUpGraphDBTask, CleanUpPostgresqlTask, @@ -224,8 +221,8 @@ const ( // mask_entity: This is to mask for an entity other than container/container image. E.g. Host. // mask_image_tag: This is to apply mask for an image and tag. const ( - MASK_GLOBAL = "mask_global" - MASK_ALL_IMAGE_TAG = "mask_all_image_tag" - MASK_ENTITY = "mask_entity" - MASK_IMAGE_TAG = "mask_image_tag" + MaskGlobal = "mask_global" + MaskAllImageTag = "mask_all_image_tag" + MaskEntity = "mask_entity" + MaskImageTag = "mask_image_tag" ) diff --git a/deepfence_utils/utils/ingesters/cloud_compliance.go b/deepfence_utils/utils/ingesters/cloud_compliance.go index f3a6dd1cde..17470bb9e1 100644 --- a/deepfence_utils/utils/ingesters/cloud_compliance.go +++ b/deepfence_utils/utils/ingesters/cloud_compliance.go @@ -26,7 +26,7 @@ type CloudComplianceScanStatus struct { } type CloudCompliance struct { - DocId string `json:"doc_id"` + DocID string `json:"doc_id"` Timestamp string `json:"@timestamp"` Count int `json:"count,omitempty"` Reason string `json:"reason"` diff --git a/deepfence_utils/utils/ingesters/cloud_resource.go b/deepfence_utils/utils/ingesters/cloud_resource.go index 3470a34dea..c64d30a15b 100644 --- a/deepfence_utils/utils/ingesters/cloud_resource.go +++ b/deepfence_utils/utils/ingesters/cloud_resource.go @@ -41,7 +41,7 @@ type CloudResource struct { InstanceID string `json:"instance_id"` NetworkMode string `json:"network_mode,omitempty"` Scheme string `json:"scheme,omitempty"` - DbClusterIdentifier string `json:"db_cluster_identifier,omitempty"` + DDClusterIDentifier string `json:"db_cluster_identifier,omitempty"` Connectivity string `json:"connectivity,omitempty"` Group string `json:"group,omitempty"` ServiceName string `json:"service_name,omitempty"` @@ -51,16 +51,16 @@ type CloudResource struct { VpcID string `json:"vpc_id,omitempty"` AllowBlobPublicAccess bool `json:"allow_blob_public_access,omitempty"` PublicAccess string `json:"public_access,omitempty"` - GroupId string `json:"group_id,omitempty"` + GroupID string `json:"group_id,omitempty"` CidrIpv4 string `json:"cidr_ipv4,omitempty"` PublicNetworkAccess string `json:"public_network_access,omitempty"` StorageAccountName string `json:"storage_account_name,omitempty"` IamInstanceProfileArn string `json:"iam_instance_profile_arn,omitempty"` - IamInstanceProfileId string `json:"iam_instance_profile_id,omitempty"` - PublicIpAddress string `json:"public_ip_address"` - PrivateIpAddress string `json:"private_ip_address,omitempty"` + IamInstanceProfileID string `json:"iam_instance_profile_id,omitempty"` + PublicIPAddress string `json:"public_ip_address"` + PrivateIPAddress string `json:"private_ip_address,omitempty"` InstanceType string `json:"instance_type,omitempty"` - PrivateDnsName string `json:"private_dns_name,omitempty"` + PrivateDNSName string `json:"private_dns_name,omitempty"` Tags *json.RawMessage `json:"tags,omitempty"` PolicyStd *json.RawMessage `json:"policy_std,omitempty"` Containers *json.RawMessage `json:"containers,omitempty"` @@ -70,7 +70,7 @@ type CloudResource struct { PublicIps *json.RawMessage `json:"public_ips,omitempty"` NetworkInterfaces *json.RawMessage `json:"network_interfaces,omitempty"` IamPolicy *json.RawMessage `json:"iam_policy,omitempty"` - IpConfiguration *json.RawMessage `json:"ip_configuration,omitempty"` + IPConfiguration *json.RawMessage `json:"ip_configuration,omitempty"` IngressSettings string `json:"ingress_settings,omitempty"` SecurityGroups *json.RawMessage `json:"security_groups,omitempty"` VpcSecurityGroups *json.RawMessage `json:"vpc_security_groups,omitempty"` @@ -83,19 +83,19 @@ type CloudResource struct { Groups *json.RawMessage `json:"groups"` InlinePolicies *json.RawMessage `json:"inline_policies"` Path string `json:"path"` - UserId string `json:"user_id"` + UserID string `json:"user_id"` AccessLevel string `json:"access_level"` Action string `json:"action"` Description string `json:"description"` Privilege string `json:"privilege"` - OrganizationId string `json:"organization_id"` + OrganizationID string `json:"organization_id"` OrganizationMasterAccountArn string `json:"organization_master_account_arn"` OrganizationMasterAccountEmail string `json:"organization_master_account_email"` TargetHealthDescriptions *json.RawMessage `json:"target_health_descriptions"` InstanceProfileArns *json.RawMessage `json:"instance_profile_arns"` Instances *json.RawMessage `json:"instances"` TargetGroupArn string `json:"target_group_arn"` - VpcSecurityGroupIds *json.RawMessage `json:"vpc_security_group_ids"` + VpcSecurityGroupIDs *json.RawMessage `json:"vpc_security_group_ids"` Users *json.RawMessage `json:"users"` UserGroups *json.RawMessage `json:"user-groups"` ResourcesVpcConfig *json.RawMessage `json:"resources_vpc_config"` @@ -139,37 +139,38 @@ func (c *CloudResource) ToMap() (map[string]interface{}, error) { bb = convertStructFieldToJSONString(bb, "resources_vpc_config") bb = convertStructFieldToJSONString(bb, "tags") - if strings.Contains("azure", bb["resource_id"].(string)) { + if strings.Contains(bb["resource_id"].(string), "azure") { if bb["resource_id"].(string) == "azure_compute_virtual_machine" { bb["node_id"] = bb["vm_id"] } else { bb["node_id"] = bb["name"] } } else { - if bb["arn"] != nil { + switch { + case bb["arn"] != nil: bb["node_id"] = bb["arn"] - } else if bb["id"] != nil { + case bb["id"] != nil: bb["node_id"] = bb["id"] - } else if bb["resource_id"] != nil { + case bb["resource_id"] != nil: bb["node_id"] = bb["resource_id"] - } else { + default: bb["node_id"] = "error" } } - accountId, present := bb["account_id"] + accountID, present := bb["account_id"] if present { - splits := strings.Split(fmt.Sprintf("%v", accountId), "-") + splits := strings.Split(fmt.Sprintf("%v", accountID), "-") if len(splits) > 2 { bb["cloud_provider"] = splits[2] } } bb["node_type"] = bb["resource_id"] - cloud_region := "global" + cloudRegion := "global" if v, has := bb["region"]; has && v != nil { - cloud_region = v.(string) + cloudRegion = v.(string) } - bb["cloud_region"] = cloud_region + bb["cloud_region"] = cloudRegion bb["node_name"] = bb["name"] return bb, nil diff --git a/deepfence_utils/utils/ingesters/common.go b/deepfence_utils/utils/ingesters/common.go index cecde9514a..47629351f7 100644 --- a/deepfence_utils/utils/ingesters/common.go +++ b/deepfence_utils/utils/ingesters/common.go @@ -6,26 +6,26 @@ import ( var ( ScanStatusField = map[utils.Neo4jScanType]string{ - utils.NEO4J_SECRET_SCAN: "secret_scan_status", - utils.NEO4J_VULNERABILITY_SCAN: "vulnerability_scan_status", - utils.NEO4J_MALWARE_SCAN: "malware_scan_status", - utils.NEO4J_COMPLIANCE_SCAN: "compliance_scan_status", - utils.NEO4J_CLOUD_COMPLIANCE_SCAN: "cloud_compliance_scan_status", + utils.NEO4JSecretScan: "secret_scan_status", + utils.NEO4JVulnerabilityScan: "vulnerability_scan_status", + utils.NEO4JMalwareScan: "malware_scan_status", + utils.NEO4JComplianceScan: "compliance_scan_status", + utils.NEO4JCloudComplianceScan: "cloud_compliance_scan_status", } - LatestScanIdField = map[utils.Neo4jScanType]string{ - utils.NEO4J_SECRET_SCAN: "secret_latest_scan_id", - utils.NEO4J_VULNERABILITY_SCAN: "vulnerability_latest_scan_id", - utils.NEO4J_MALWARE_SCAN: "malware_latest_scan_id", - utils.NEO4J_COMPLIANCE_SCAN: "compliance_latest_scan_id", - utils.NEO4J_CLOUD_COMPLIANCE_SCAN: "cloud_compliance_latest_scan_id", + LatestScanIDField = map[utils.Neo4jScanType]string{ + utils.NEO4JSecretScan: "secret_latest_scan_id", + utils.NEO4JVulnerabilityScan: "vulnerability_latest_scan_id", + utils.NEO4JMalwareScan: "malware_latest_scan_id", + utils.NEO4JComplianceScan: "compliance_latest_scan_id", + utils.NEO4JCloudComplianceScan: "cloud_compliance_latest_scan_id", } ScanCountField = map[utils.Neo4jScanType]string{ - utils.NEO4J_SECRET_SCAN: "secrets_count", - utils.NEO4J_VULNERABILITY_SCAN: "vulnerabilities_count", - utils.NEO4J_MALWARE_SCAN: "malwares_count", - utils.NEO4J_COMPLIANCE_SCAN: "compliances_count", - utils.NEO4J_CLOUD_COMPLIANCE_SCAN: "cloud_compliances_count", + utils.NEO4JSecretScan: "secrets_count", + utils.NEO4JVulnerabilityScan: "vulnerabilities_count", + utils.NEO4JMalwareScan: "malwares_count", + utils.NEO4JComplianceScan: "compliances_count", + utils.NEO4JCloudComplianceScan: "cloud_compliances_count", } ) diff --git a/deepfence_utils/utils/ingesters/compliance.go b/deepfence_utils/utils/ingesters/compliance.go index 5db1963891..792d7da6f8 100644 --- a/deepfence_utils/utils/ingesters/compliance.go +++ b/deepfence_utils/utils/ingesters/compliance.go @@ -20,8 +20,8 @@ type Compliance struct { TestDesc string `json:"test_desc"` Status string `json:"status"` ComplianceCheckType string `json:"compliance_check_type"` - ScanId string `json:"scan_id"` - NodeId string `json:"node_id"` + ScanID string `json:"scan_id"` + NodeID string `json:"node_id"` NodeType string `json:"node_type"` } @@ -34,7 +34,7 @@ type ComplianceData struct { TestSeverity string `json:"test_severity"` Status string `json:"status"` ComplianceCheckType string `json:"compliance_check_type"` - NodeId string `json:"node_id"` + NodeID string `json:"node_id"` NodeType string `json:"node_type"` } @@ -57,7 +57,7 @@ func (c Compliance) Split() (ComplianceData, ComplianceRule) { TestSeverity: c.TestSeverity, Status: c.Status, ComplianceCheckType: c.ComplianceCheckType, - NodeId: c.NodeId, + NodeID: c.NodeID, NodeType: c.NodeType, }, ComplianceRule{ TestCategory: c.TestCategory, diff --git a/deepfence_utils/utils/ingesters/vulnerabilities.go b/deepfence_utils/utils/ingesters/vulnerabilities.go index dec02d6911..31c28b2af3 100644 --- a/deepfence_utils/utils/ingesters/vulnerabilities.go +++ b/deepfence_utils/utils/ingesters/vulnerabilities.go @@ -7,8 +7,8 @@ type VulnerabilityScanStatus struct { } type Vulnerability struct { - ScanId string `json:"scan_id"` - CveId string `json:"cve_id"` + ScanID string `json:"scan_id"` + CveID string `json:"cve_id"` CveType string `json:"cve_type"` CveSeverity string `json:"cve_severity"` CveCausedByPackage string `json:"cve_caused_by_package"` @@ -29,7 +29,7 @@ type Vulnerability struct { } type VulnerabilityRule struct { - CveId string `json:"cve_id"` + CveID string `json:"cve_id"` CveType string `json:"cve_type"` CveSeverity string `json:"cve_severity"` CveFixedIn string `json:"cve_fixed_in"` @@ -44,7 +44,7 @@ type VulnerabilityRule struct { } type VulnerabilityData struct { - CveId string `json:"cve_id"` + CveID string `json:"cve_id"` CveSeverity string `json:"cve_severity"` CveCausedByPackage string `json:"cve_caused_by_package"` CveCausedByPackagePath string `json:"cve_caused_by_package_path"` @@ -57,7 +57,7 @@ type VulnerabilityData struct { func (c Vulnerability) Split() (VulnerabilityData, VulnerabilityRule) { return VulnerabilityData{ - CveId: c.CveId, + CveID: c.CveID, CveSeverity: c.CveSeverity, CveCausedByPackage: c.CveCausedByPackage, CveCausedByPackagePath: c.CveCausedByPackagePath, @@ -67,7 +67,7 @@ func (c Vulnerability) Split() (VulnerabilityData, VulnerabilityRule) { InitExploitabilityScore: c.InitExploitabilityScore, HasLiveConnection: c.HasLiveConnection, }, VulnerabilityRule{ - CveId: c.CveId, + CveID: c.CveID, CveType: c.CveType, CveSeverity: c.CveSeverity, CveFixedIn: c.CveFixedIn, diff --git a/deepfence_utils/utils/kafka.go b/deepfence_utils/utils/kafka.go index d4309bffaa..a967b56108 100644 --- a/deepfence_utils/utils/kafka.go +++ b/deepfence_utils/utils/kafka.go @@ -35,7 +35,7 @@ func CreateMissingTopics( topics []string, partitions int32, replicas int16, - retention_ms string, + retentionMS string, ) error { log.Info().Msgf("create topics with partitions=%d and replicas=%d", partitions, replicas) @@ -57,7 +57,7 @@ func CreateMissingTopics( defer adminClient.Close() topicConfig := map[string]*string{ - "retention.ms": kadm.StringPtr(retention_ms), + "retention.ms": kadm.StringPtr(retentionMS), } resp, err := adminClient.CreateTopics(context.Background(), diff --git a/deepfence_utils/utils/structs.go b/deepfence_utils/utils/structs.go index b9eb7038a7..1b4988b85e 100644 --- a/deepfence_utils/utils/structs.go +++ b/deepfence_utils/utils/structs.go @@ -13,8 +13,8 @@ type MinioError struct { Key string `xml:"Key"` BucketName string `xml:"BucketName"` Resource string `xml:"Resource"` - RequestId string `xml:"RequestId"` - HostId string `xml:"HostId"` + RequestID string `xml:"RequestID"` + HostID string `xml:"HostID"` } type ScanSbomRequest struct { @@ -24,17 +24,17 @@ type ScanSbomRequest struct { type SbomParameters struct { ImageName string `json:"image_name"` - ImageId string `json:"image_id"` - ScanId string `json:"scan_id" required:"true"` + ImageID string `json:"image_id"` + ScanID string `json:"scan_id" required:"true"` KubernetesClusterName string `json:"kubernetes_cluster_name"` HostName string `json:"host_name"` - NodeId string `json:"node_id"` + NodeID string `json:"node_id"` NodeType string `json:"node_type"` ScanType string `json:"scan_type"` ContainerName string `json:"container_name"` SBOMFilePath string `json:"sbom_file_path"` Mode string `json:"mode,omitempty"` - RegistryId string `json:"registry_id,omitempty"` + RegistryID string `json:"registry_id,omitempty"` SkipScan bool `json:"skip_scan,omitempty"` } @@ -44,30 +44,30 @@ type SbomBody struct { type SecretScanParameters struct { ImageName string `json:"image_name"` - ImageId string `json:"image_id"` - ScanId string `json:"scan_id" required:"true"` + ImageID string `json:"image_id"` + ScanID string `json:"scan_id" required:"true"` KubernetesClusterName string `json:"kubernetes_cluster_name"` HostName string `json:"host_name"` - NodeId string `json:"node_id"` + NodeID string `json:"node_id"` NodeType string `json:"node_type"` ScanType string `json:"scan_type"` ContainerName string `json:"container_name"` Mode string `json:"mode,omitempty"` - RegistryId string `json:"registry_id,omitempty"` + RegistryID string `json:"registry_id,omitempty"` } type MalwareScanParameters struct { ImageName string `json:"image_name"` - ImageId string `json:"image_id"` - ScanId string `json:"scan_id" required:"true"` + ImageID string `json:"image_id"` + ScanID string `json:"scan_id" required:"true"` KubernetesClusterName string `json:"kubernetes_cluster_name"` HostName string `json:"host_name"` - NodeId string `json:"node_id"` + NodeID string `json:"node_id"` NodeType string `json:"node_type"` ScanType string `json:"scan_type"` ContainerName string `json:"container_name"` Mode string `json:"mode,omitempty"` - RegistryId string `json:"registry_id,omitempty"` + RegistryID string `json:"registry_id,omitempty"` } type ReportParams struct { @@ -78,8 +78,8 @@ type ReportParams struct { } type ReportFilters struct { - ScanId string `json:"scan_id"` - ScanType string `json:"scan_type" validate:"required" required:"true" enum:"vulnerability,secret,malware,compliance,cloud_compliance"` + ScanID string `json:"scan_id"` + ScanType string `json:"scan_type" validate:"required" required:"true" enum:"vulnerability,secret,malware,compliance,cloud_compliance,alert"` NodeType string `json:"node_type" validate:"required" required:"true" enum:"host,container,container_image,linux,cluster,aws,gcp,azure"` SeverityOrCheckType []string `json:"severity_or_check_type" enum:"critical,high,medium,low,cis,gdpr,nist,hipaa,pci,soc_2"` IncludeDeadNode bool `json:"include_dead_nodes"` @@ -98,7 +98,7 @@ type AdvancedReportFilters struct { ContainerName []string `json:"container_name,omitempty"` ImageName []string `json:"image_name,omitempty"` HostName []string `json:"host_name,omitempty"` - AccountId []string `json:"account_id,omitempty"` + AccountID []string `json:"account_id,omitempty"` KubernetesClusterName []string `json:"kubernetes_cluster_name,omitempty"` } diff --git a/deepfence_utils/utils/utils.go b/deepfence_utils/utils/utils.go index 8bbf712236..4602702f30 100644 --- a/deepfence_utils/utils/utils.go +++ b/deepfence_utils/utils/utils.go @@ -35,25 +35,21 @@ import ( "github.com/lestrrat-go/jwx/v2/jwt" ) -var ScanIdReplacer = strings.NewReplacer("/", "_", ":", "_", ".", "_") +const ansi = "[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))" var ( + ScanIDReplacer = strings.NewReplacer("/", "_", ":", "_", ".", "_") + matchFirstCap = regexp.MustCompile("(.)([A-Z][a-z]+)") matchAllCap = regexp.MustCompile("([a-z0-9])([A-Z])") once1, once2 sync.Once secureClient, insecureClient *http.Client -) - -const ( - ansi = "[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))" -) -var ( removeAnsiColorRegex = regexp.MustCompile(ansi) emptyStrByte = []byte("") ) -func GetHttpClient() *http.Client { +func GetHTTPClient() *http.Client { once1.Do(func() { secureClient = &http.Client{Timeout: time.Second * 10} }) @@ -61,11 +57,11 @@ func GetHttpClient() *http.Client { return secureClient } -func GetHttpClientWithTimeout(duration time.Duration) *http.Client { +func GetHTTPClientWithTimeout(duration time.Duration) *http.Client { return &http.Client{Timeout: duration} } -func GetInsecureHttpClient() *http.Client { +func GetInsecureHTTPClient() *http.Client { once2.Do(func() { tlsConfig := &tls.Config{RootCAs: x509.NewCertPool(), InsecureSkipVerify: true} insecureClient = &http.Client{ @@ -152,7 +148,7 @@ func GetCustomerNamespace(s string) (string, error) { } lastCharPos := len(namespace) - 1 if '0' <= namespace[lastCharPos] && namespace[lastCharPos] <= '9' || namespace[lastCharPos] == '-' { - namespace = namespace + "-c" + namespace += "-c" } if len(namespace) > 63 { return "", errors.New("at most 63 characters allowed") @@ -160,10 +156,10 @@ func GetCustomerNamespace(s string) (string, error) { return namespace, nil } -func RemoveURLPath(inUrl string) (string, error) { - u, err := url.Parse(inUrl) +func RemoveURLPath(inURL string) (string, error) { + u, err := url.Parse(inURL) if err != nil { - return inUrl, err + return inURL, err } u.Path = "" u.User = nil @@ -218,7 +214,7 @@ func StructToMap[T any](c T) map[string]interface{} { t := reflect.TypeOf(c) v := reflect.ValueOf(c) - num_fields := 0 + numFields := 0 for i := 0; i < t.NumField(); i++ { key := t.Field(i).Tag.Get("json") if strings.HasSuffix(key, ",omitempty") { @@ -226,10 +222,10 @@ func StructToMap[T any](c T) map[string]interface{} { continue } } - num_fields += 1 + numFields += 1 } - bb := make(map[string]interface{}, num_fields) + bb := make(map[string]interface{}, numFields) for i := 0; i < t.NumField(); i++ { key := t.Field(i).Tag.Get("json") @@ -296,15 +292,16 @@ func FromMap(bb map[string]interface{}, c interface{}) { } if t.Field(i).Tag.Get("nested_json") == "true" { tmp := map[string]interface{}{} - json.Unmarshal([]byte(data.(string)), &tmp) + _ = json.Unmarshal([]byte(data.(string)), &tmp) data = tmp } - if t.Field(i).Type.Kind() == reflect.Slice { + switch t.Field(i).Type.Kind() { + case reflect.Slice: slice, ok := data.([]map[string]interface{}) if !ok { if t.Field(i).Type.Elem().Kind() == reflect.String { - //We are not able to convert the []interface{} to []string - //Hence we need to have this special handling + // We are not able to convert the []interface{} to []string + // Hence we need to have this special handling var outStr []string rv := reflect.ValueOf(data) for i := 0; i < rv.Len(); i++ { @@ -326,7 +323,7 @@ func FromMap(bb map[string]interface{}, c interface{}) { tmp = reflect.Append(tmp, reflect.Indirect(tmp2)) } v.Field(i).Set(tmp) - } else if t.Field(i).Type.Kind() == reflect.Struct { + case reflect.Struct: struc, ok := data.(map[string]interface{}) if !ok { continue @@ -334,7 +331,7 @@ func FromMap(bb map[string]interface{}, c interface{}) { tmp := reflect.New(t.Field(i).Type) FromMap(struc, tmp.Interface()) v.Field(i).Set(reflect.Indirect(tmp)) - } else { + default: vv := reflect.ValueOf(data).Convert(t.Field(i).Type) v.Field(i).Set(vv) } @@ -548,7 +545,7 @@ func BoolArrayToInterfaceArray(a []bool) []interface{} { func GetScheduledJobHash(schedule postgresqlDb.Scheduler) string { var payload map[string]string - json.Unmarshal(schedule.Payload, &payload) + _ = json.Unmarshal(schedule.Payload, &payload) message := map[string]interface{}{"action": schedule.Action, "payload": payload, "cron": schedule.CronExpr} scheduleStr, _ := json.Marshal(message) return GenerateHashFromString(string(scheduleStr)) @@ -594,12 +591,12 @@ func URLDecode(s string) (string, error) { return url.QueryUnescape(s) } -func GetErrorRedirectUrl(consoleUrl, errorMessage string) string { - return consoleUrl + "/?errorMessage=" + URLEncode(errorMessage) +func GetErrorRedirectURL(consoleURL, errorMessage string) string { + return consoleURL + "/?errorMessage=" + URLEncode(errorMessage) } -func GetInfoRedirectUrl(consoleUrl, message string) string { - return consoleUrl + "/auth/sso?message=" + URLEncode(message) +func GetInfoRedirectURL(urlPath, message string) string { + return urlPath + "?message=" + URLEncode(message) } func RandomString(nByte int) (string, error) { diff --git a/deepfence_utils/vulnerability_db/database.go b/deepfence_utils/vulnerability_db/database.go index 147c661576..26c3375df7 100644 --- a/deepfence_utils/vulnerability_db/database.go +++ b/deepfence_utils/vulnerability_db/database.go @@ -1,3 +1,4 @@ +//nolint:stylecheck package vulnerability_db import ( @@ -26,10 +27,10 @@ const ( ) var ( - ListingJson = "listing.json" - VulnerabilityDbStore = "vulnerability" - ListingPath = path.Join(VulnerabilityDbStore, ListingJson) - DEEPFENCE_THREAT_INTEL_URL = "https://threat-intel.deepfence.io/vulnerability-db/listing.json" + ListingJSON = "listing.json" + VulnerabilityDBStore = "vulnerability" + ListingPath = path.Join(VulnerabilityDBStore, ListingJSON) + DeepfenceThreatIntelURL = "https://threat-intel.deepfence.io/vulnerability-db/listing.json" ) type DBUploadRequest struct { @@ -78,7 +79,7 @@ func (v *VulnerabilityDBListing) Sort(version string) { } dbs := v.Available[version] - sort.Slice(dbs[:], func(i, j int) bool { + sort.Slice(dbs, func(i, j int) bool { return dbs[i].Built.Before(dbs[j].Built) }) v.Available[version] = dbs @@ -106,7 +107,7 @@ func UploadToMinio(ctx context.Context, fb []byte, fName string) (string, string return "", "", err } - dbFile := path.Join(VulnerabilityDbStore, fName) + dbFile := path.Join(VulnerabilityDBStore, fName) info, err := mc.UploadFile(directory.WithDatabaseContext(ctx), dbFile, fb, true, minio.PutObjectOptions{}) if err != nil { return "", "", err @@ -178,14 +179,14 @@ func DownloadDatabase() { log.Info().Msg("download latest vulnerability database") - df_listing_url := utils.GetEnvOrDefault( + dfListingURL := utils.GetEnvOrDefault( "DEEPFENCE_THREAT_INTEL_URL", - DEEPFENCE_THREAT_INTEL_URL, + DeepfenceThreatIntelURL, ) client := http.Client{Timeout: 60 * time.Second} - resp, err := client.Get(df_listing_url) + resp, err := client.Get(dfListingURL) if err != nil { log.Error().Msgf(err.Error()) return diff --git a/deepfence_worker/cronjobs/cloud_compliance.go b/deepfence_worker/cronjobs/cloud_compliance.go index 22323c65b2..9154e1e005 100644 --- a/deepfence_worker/cronjobs/cloud_compliance.go +++ b/deepfence_worker/cronjobs/cloud_compliance.go @@ -248,13 +248,13 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error { scan_count_query = ` MATCH (n:` + string(neo4jNodeType) + `) WHERE n.pseudo=false and n.agent_running=true - MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4J_COMPLIANCE_SCAN) + `) + MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4JComplianceScan) + `) RETURN count(distinct n)` success_count_query = ` MATCH (n:` + string(neo4jNodeType) + `) WHERE n.pseudo=false and n.active=true and n.agent_running=true - MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4J_COMPLIANCE_SCAN) + `) -[:DETECTED]-> (c:Compliance) + MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4JComplianceScan) + `) -[:DETECTED]-> (c:Compliance) MATCH (m) -[:DETECTED] -> (c:Compliance) WHERE c.status IN $passStatus RETURN count(distinct c)` @@ -262,7 +262,7 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error { global_count_query = ` MATCH (n:` + string(neo4jNodeType) + `) WHERE n.pseudo=false and n.active=true and n.agent_running=true - MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4J_COMPLIANCE_SCAN) + `) -[:DETECTED]-> (c:Compliance) + MATCH (n) <-[:SCANNED]- (m:` + string(utils.NEO4JComplianceScan) + `) -[:DETECTED]-> (c:Compliance) MATCH (m) -[:DETECTED] -> (c:Compliance) RETURN count(distinct c)` @@ -281,14 +281,14 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error { scan_count_query = ` MATCH (o:` + string(neo4jNodeType) + `{cloud_provider:$cloud_provider+'_org'}) -[:IS_CHILD]-> (m:` + string(neo4jNodeType) + `) AND m.organization_id IS NOT NULL - MATCH (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) RETURN count(distinct m)` success_count_query = ` MATCH (o:` + string(neo4jNodeType) + `{cloud_provider:$cloud_provider+'_org'}) -[:IS_CHILD]-> (m:` + string(neo4jNodeType) + `) WHERE o.active=true AND m.organization_id IS NOT NULL - MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) WHERE c.status IN $passStatus RETURN count(distinct c)` @@ -296,7 +296,7 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error { MATCH (o:` + string(neo4jNodeType) + `{cloud_provider:$cloud_provider+'_org'}) -[:IS_CHILD]-> (m:` + string(neo4jNodeType) + `) WHERE o.active=true AND m.organization_id IS NOT NULL - MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) RETURN count(distinct c)` } else { @@ -312,20 +312,20 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error { scan_count_query = ` MATCH (m:` + string(neo4jNodeType) + `{cloud_provider: $cloud_provider}) - MATCH (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) RETURN count(distinct m)` success_count_query = ` MATCH (m:` + string(neo4jNodeType) + `{cloud_provider: $cloud_provider}) WHERE m.active=true - MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) WHERE c.status IN $passStatus RETURN count(distinct c)` global_count_query = ` MATCH (m:` + string(neo4jNodeType) + `{cloud_provider: $cloud_provider}) WHERE m.active=true - MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4J_CLOUD_COMPLIANCE_SCAN) + `)-[:SCANNED]->(m) + MATCH (c:CloudCompliance) <-[:DETECTED]- (n:` + string(utils.NEO4JCloudComplianceScan) + `)-[:SCANNED]->(m) RETURN count(distinct c)` } diff --git a/deepfence_worker/cronjobs/neo4j.go b/deepfence_worker/cronjobs/neo4j.go index a75251dc2e..6f6f7aa421 100644 --- a/deepfence_worker/cronjobs/neo4j.go +++ b/deepfence_worker/cronjobs/neo4j.go @@ -289,7 +289,7 @@ func CleanUpDB(ctx context.Context, task *asynq.Task) error { SET n.status = $new_status`, map[string]interface{}{ "time_ms": dbScanTimeout.Milliseconds(), - "new_status": utils.SCAN_STATUS_FAILED, + "new_status": utils.ScanStatusFailed, }, txConfig); err != nil { log.Error().Msgf("Error in Clean up DB task: %v", err) return err @@ -302,7 +302,7 @@ func CleanUpDB(ctx context.Context, task *asynq.Task) error { SET n.status = $new_status`, map[string]interface{}{ "time_ms": dbUpgradeTimeout.Milliseconds(), - "new_status": utils.SCAN_STATUS_FAILED, + "new_status": utils.ScanStatusFailed, }, txConfig); err != nil { log.Error().Msgf("Error in Clean up DB task: %v", err) return err @@ -636,8 +636,8 @@ func RetryScansDB(ctx context.Context, task *asynq.Task) error { SET n.retries = n.retries + 1, n.status=$new_status`, map[string]interface{}{ "time_ms": dbScanTimeout.Milliseconds(), - "old_status": utils.SCAN_STATUS_INPROGRESS, - "new_status": utils.SCAN_STATUS_STARTING, + "old_status": utils.ScanStatusInProgress, + "new_status": utils.ScanStatusStarting, }); err != nil { return err } @@ -651,8 +651,8 @@ func RetryScansDB(ctx context.Context, task *asynq.Task) error { SET a.retries = a.retries + 1, a.status=$new_status`, map[string]interface{}{ "time_ms": dbScanTimeout.Milliseconds(), - "old_status": utils.SCAN_STATUS_INPROGRESS, - "new_status": utils.SCAN_STATUS_STARTING, + "old_status": utils.ScanStatusInProgress, + "new_status": utils.ScanStatusStarting, }); err != nil { return err } @@ -688,8 +688,8 @@ func RetryUpgradeAgent(ctx context.Context, task *asynq.Task) error { SET n.retries = n.retries + 1, n.status=$new_status`, map[string]interface{}{ "time_ms": dbScanTimeout.Milliseconds(), - "old_status": utils.SCAN_STATUS_INPROGRESS, - "new_status": utils.SCAN_STATUS_STARTING, + "old_status": utils.ScanStatusInProgress, + "new_status": utils.ScanStatusStarting, }); err != nil { return err } diff --git a/deepfence_worker/cronjobs/notification.go b/deepfence_worker/cronjobs/notification.go index 6dfd74066f..82bc4baa45 100644 --- a/deepfence_worker/cronjobs/notification.go +++ b/deepfence_worker/cronjobs/notification.go @@ -23,7 +23,7 @@ import ( "github.com/hibiken/asynq" ) -var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NEO4J_VULNERABILITY_SCAN]: { +var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NEO4JVulnerabilityScan]: { "cve_severity": "Severity", "cve_id": "CVE Id", "cve_description": "Description", @@ -37,7 +37,7 @@ var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NE "cve_caused_by_package": "CVE Caused By Package", "node_id": "Node ID", "updated_at": "updated_at"}, - utils.ScanTypeDetectedNode[utils.NEO4J_SECRET_SCAN]: { + utils.ScanTypeDetectedNode[utils.NEO4JSecretScan]: { "node_id": "Node ID", "full_filename": "File Name", "matched_content": "Matched Content", @@ -48,7 +48,7 @@ var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NE "part": "Part", "signature_to_match": "Matched Signature", "updated_at": "updated_at"}, - utils.ScanTypeDetectedNode[utils.NEO4J_MALWARE_SCAN]: {"class": "Class", + utils.ScanTypeDetectedNode[utils.NEO4JMalwareScan]: {"class": "Class", "complete_filename": "File Name", "file_sev_score": "File Severity Score", "file_severity": "File Severity", @@ -60,7 +60,7 @@ var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NE "severity_score": "Severity Score", "summary": "Summary", "updated_at": "updated_at"}, - utils.ScanTypeDetectedNode[utils.NEO4J_COMPLIANCE_SCAN]: { + utils.ScanTypeDetectedNode[utils.NEO4JComplianceScan]: { "compliance_check_type": "Compliance Check Type", "resource": "Resource", "status": "Test Status", @@ -68,7 +68,7 @@ var fieldsMap = map[string]map[string]string{utils.ScanTypeDetectedNode[utils.NE "description": "Description", "test_number": "Test ID", "test_desc": "Info"}, - utils.ScanTypeDetectedNode[utils.NEO4J_CLOUD_COMPLIANCE_SCAN]: { + utils.ScanTypeDetectedNode[utils.NEO4JCloudComplianceScan]: { "title": "Title", "reason": "Reason", "resource": "Resource", @@ -187,16 +187,16 @@ func SendNotifications(ctx context.Context, task *asynq.Task) error { func processIntegrationRow(integrationRow postgresql_db.Integration, ctx context.Context, task *asynq.Task) error { switch integrationRow.Resource { - case utils.ScanTypeDetectedNode[utils.NEO4J_VULNERABILITY_SCAN]: + case utils.ScanTypeDetectedNode[utils.NEO4JVulnerabilityScan]: return processIntegration[model.Vulnerability](ctx, task, integrationRow) - case utils.ScanTypeDetectedNode[utils.NEO4J_SECRET_SCAN]: + case utils.ScanTypeDetectedNode[utils.NEO4JSecretScan]: return processIntegration[model.Secret](ctx, task, integrationRow) - case utils.ScanTypeDetectedNode[utils.NEO4J_MALWARE_SCAN]: + case utils.ScanTypeDetectedNode[utils.NEO4JMalwareScan]: return processIntegration[model.Malware](ctx, task, integrationRow) - case utils.ScanTypeDetectedNode[utils.NEO4J_COMPLIANCE_SCAN]: + case utils.ScanTypeDetectedNode[utils.NEO4JComplianceScan]: err1 := processIntegration[model.Compliance](ctx, task, integrationRow) // cloud compliance scans - integrationRow.Resource = utils.ScanTypeDetectedNode[utils.NEO4J_CLOUD_COMPLIANCE_SCAN] + integrationRow.Resource = utils.ScanTypeDetectedNode[utils.NEO4JCloudComplianceScan] err2 := processIntegration[model.CloudCompliance](ctx, task, integrationRow) return errors.Join(err1, err2) } @@ -307,7 +307,7 @@ func processIntegration[T any](ctx context.Context, task *asynq.Task, integratio }, ) filters.FieldsFilters.ContainsFilter = reporters.ContainsFilter{ - FieldsValues: map[string][]interface{}{"status": {utils.SCAN_STATUS_SUCCESS}}, + FieldsValues: map[string][]interface{}{"status": {utils.ScanStatusSuccess}}, } profileStart := time.Now() diff --git a/deepfence_worker/cronjobs/scheduled_tasks.go b/deepfence_worker/cronjobs/scheduled_tasks.go index fc02832ce5..aa1cfee47b 100644 --- a/deepfence_worker/cronjobs/scheduled_tasks.go +++ b/deepfence_worker/cronjobs/scheduled_tasks.go @@ -123,25 +123,25 @@ func runSystemScheduledTasks(ctx context.Context, messagePayload map[string]inte Filters: model.ScanFilter{}, IsPriority: isPriority} switch messagePayload["action"].(string) { - case utils.VULNERABILITY_SCAN: + case utils.VulnerabilityScan: actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartVulnerabilityScan, map[string]string{"scan_type": "all"}) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_VULNERABILITY_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JVulnerabilityScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.SECRET_SCAN: + case utils.SecretScan: actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartSecretScan, nil) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_SECRET_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JSecretScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.MALWARE_SCAN: + case utils.MalwareScan: actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartMalwareScan, nil) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_MALWARE_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JMalwareScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.COMPLIANCE_SCAN, utils.CLOUD_COMPLIANCE_SCAN: + case utils.ComplianceScan, utils.CloudComplianceScan: benchmarkTypes, ok := complianceBenchmarkTypes[nodeType] if !ok { log.Warn().Msgf("Unknown node type %s for compliance scan", nodeType) @@ -185,7 +185,7 @@ func runCustomScheduledTasks(ctx context.Context, messagePayload map[string]inte action := utils.Neo4jScanType(messagePayload["action"].(string)) switch action { - case utils.NEO4J_VULNERABILITY_SCAN: + case utils.NEO4JVulnerabilityScan: binArgs := make(map[string]string, 0) if payload.ScanConfigLanguages != nil && len(payload.ScanConfigLanguages) > 0 { languages := []string{} @@ -196,23 +196,23 @@ func runCustomScheduledTasks(ctx context.Context, messagePayload map[string]inte } actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartVulnerabilityScan, binArgs) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_VULNERABILITY_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JVulnerabilityScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.NEO4J_SECRET_SCAN: + case utils.NEO4JSecretScan: actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartSecretScan, nil) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_SECRET_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JSecretScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.NEO4J_MALWARE_SCAN: + case utils.NEO4JMalwareScan: actionBuilder := handler.StartScanActionBuilder(ctx, ctl.StartMalwareScan, nil) - _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4J_MALWARE_SCAN, scanTrigger, actionBuilder) + _, _, err := handler.StartMultiScan(ctx, false, utils.NEO4JMalwareScan, scanTrigger, actionBuilder) if err != nil { return err } - case utils.NEO4J_COMPLIANCE_SCAN, utils.NEO4J_CLOUD_COMPLIANCE_SCAN: + case utils.NEO4JComplianceScan, utils.NEO4JCloudComplianceScan: if payload.BenchmarkTypes == nil || len(payload.BenchmarkTypes) == 0 { log.Warn().Msgf("Invalid benchmarkType for compliance scan, job id: %d", scheduleJobId) return nil diff --git a/deepfence_worker/cronjobs/threat.go b/deepfence_worker/cronjobs/threat.go index 7f9a4922c9..58f0466722 100644 --- a/deepfence_worker/cronjobs/threat.go +++ b/deepfence_worker/cronjobs/threat.go @@ -117,7 +117,7 @@ func computeThreatGraph(session neo4j.Session) error { if _, err = session.Run(` MATCH (s:VulnerabilityScan) -[:SCANNED]-> (m) - WHERE s.status = "`+utils.SCAN_STATUS_SUCCESS+`" + WHERE s.status = "`+utils.ScanStatusSuccess+`" WITH distinct m, max(s.updated_at) as most_recent OPTIONAL MATCH (m) <-[:SCANNED]- (s:VulnerabilityScan{updated_at: most_recent})-[:DETECTED]->(c:Vulnerability) WITH s, m, count(distinct c.node_id) as vulnerabilities_count @@ -127,7 +127,7 @@ func computeThreatGraph(session neo4j.Session) error { if _, err = session.Run(` MATCH (s:SecretScan) -[:SCANNED]-> (m) - WHERE s.status = "`+utils.SCAN_STATUS_SUCCESS+`" + WHERE s.status = "`+utils.ScanStatusSuccess+`" WITH distinct m, max(s.updated_at) as most_recent MATCH (m) <-[:SCANNED]- (s:SecretScan{updated_at: most_recent})-[:DETECTED]->(c:Secret) WITH s, m, count(distinct c) as secrets_count @@ -137,7 +137,7 @@ func computeThreatGraph(session neo4j.Session) error { if _, err = session.Run(` MATCH (s:MalwareScan) -[:SCANNED]-> (m) - WHERE s.status = "`+utils.SCAN_STATUS_SUCCESS+`" + WHERE s.status = "`+utils.ScanStatusSuccess+`" WITH distinct m, max(s.updated_at) as most_recent MATCH (m) <-[:SCANNED]- (s:MalwareScan{updated_at: most_recent})-[:DETECTED]->(c:Malware) WITH s, m, count(distinct c) as malwares_count @@ -147,7 +147,7 @@ func computeThreatGraph(session neo4j.Session) error { if _, err = session.Run(` MATCH (s:ComplianceScan) -[:SCANNED]-> (m) - WHERE s.status = "`+utils.SCAN_STATUS_SUCCESS+`" + WHERE s.status = "`+utils.ScanStatusSuccess+`" WITH distinct m, max(s.updated_at) as most_recent MATCH (m) <-[:SCANNED]- (s:ComplianceScan{updated_at: most_recent})-[:DETECTED]->(c:Compliance) WITH s, m, count(distinct c) as compliances_count @@ -157,7 +157,7 @@ func computeThreatGraph(session neo4j.Session) error { if _, err = session.Run(` MATCH (s:CloudComplianceScan) -[:SCANNED]-> (p:CloudNode) - WHERE s.status = "`+utils.SCAN_STATUS_SUCCESS+`" + WHERE s.status = "`+utils.ScanStatusSuccess+`" WITH distinct p, max(s.updated_at) as most_recent MATCH (s:CloudComplianceScan{updated_at: most_recent})-[:DETECTED]->(c:CloudCompliance) -[:SCANNED]->(m:CloudResource) WITH s, m, count(distinct c) as cloud_compliances_count @@ -198,7 +198,8 @@ func computeThreatGraph(session neo4j.Session) error { n.sum_secrets = COALESCE(n.secrets_count, 0), n.sum_malware = COALESCE(n.malwares_count, 0), n.sum_compliance = COALESCE(n.compliances_count, 0), - n.sum_cloud_compliance = COALESCE(n.cloud_compliances_count, 0)`, map[string]interface{}{}, txConfig); err != nil { + n.sum_cloud_compliance = COALESCE(n.cloud_compliances_count, 0)`, + map[string]interface{}{}, txConfig); err != nil { return err } @@ -210,7 +211,8 @@ func computeThreatGraph(session neo4j.Session) error { n.sum_malware = COALESCE(n.sum_malware, 0) + COALESCE(m.sum_malware, m.malwares_count, 0) , n.sum_secrets = COALESCE(n.sum_secrets, 0) + COALESCE(m.sum_secrets, m.secrets_count, 0), n.sum_compliance = COALESCE(n.sum_compliance, 0) + COALESCE(m.sum_compliance, m.compliances_count, 0), - n.sum_cloud_compliance = COALESCE(n.sum_cloud_compliance, 0) + COALESCE(m.sum_cloud_compliance, m.cloud_compliances_count, 0)`, map[string]interface{}{}, txConfig); err != nil { + n.sum_cloud_compliance = COALESCE(n.sum_cloud_compliance, 0) + COALESCE(m.sum_cloud_compliance, m.cloud_compliances_count, 0)`, + map[string]interface{}{}, txConfig); err != nil { return err } diff --git a/deepfence_worker/cronscheduler/init_db.go b/deepfence_worker/cronscheduler/init_db.go index 88f26bab47..cfc1b7bc0b 100644 --- a/deepfence_worker/cronscheduler/init_db.go +++ b/deepfence_worker/cronscheduler/init_db.go @@ -17,7 +17,7 @@ func applyDatabaseMigrations(ctx context.Context) error { log.Info().Msg("apply database migrations") defer log.Info().Msg("complete database migrations") - conn, err := directory.NewSqlConnection(ctx) + conn, err := directory.NewSQLConnection(ctx) if err != nil { return err } diff --git a/deepfence_worker/cronscheduler/init_neo4j.go b/deepfence_worker/cronscheduler/init_neo4j.go index be7c648157..901e65950a 100644 --- a/deepfence_worker/cronscheduler/init_neo4j.go +++ b/deepfence_worker/cronscheduler/init_neo4j.go @@ -58,16 +58,16 @@ func initNeo4jDatabase(ctx context.Context) error { RunDisplayError(session, "CREATE CONSTRAINT ON (n:CloudComplianceExecutable) ASSERT n.node_id IS UNIQUE") RunDisplayError(session, "CREATE CONSTRAINT ON (n:CloudComplianceControl) ASSERT n.node_id IS UNIQUE") RunDisplayError(session, "CREATE CONSTRAINT ON (n:CloudComplianceBenchmark) ASSERT n.node_id IS UNIQUE") - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_SECRET_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_VULNERABILITY_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_COMPLIANCE_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_CLOUD_COMPLIANCE_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_MALWARE_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_SECRET_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_VULNERABILITY_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_COMPLIANCE_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_CLOUD_COMPLIANCE_SCAN)) - RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4J_MALWARE_SCAN)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JSecretScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JVulnerabilityScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JComplianceScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JCloudComplianceScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JMalwareScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JSecretScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JVulnerabilityScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JComplianceScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JCloudComplianceScan)) + RunDisplayError(session, fmt.Sprintf("CREATE CONSTRAINT ON (n:Bulk%s) ASSERT n.node_id IS UNIQUE", utils.NEO4JMalwareScan)) RunDisplayError(session, "MERGE (n:Node{node_id:'in-the-internet'}) SET n.node_name='The Internet (Inbound)', n.pseudo=true, n.cloud_provider='internet', n.cloud_region='internet', n.depth=0, n.active=true") RunDisplayError(session, "MERGE (n:Node{node_id:'out-the-internet'}) SET n.node_name='The Internet (Outbound)', n.pseudo=true, n.cloud_provider='internet', n.cloud_region='internet', n.depth=0, n.active=true") diff --git a/deepfence_worker/ingesters/cloud_resource.go b/deepfence_worker/ingesters/cloud_resource.go index 7929587f2a..bbb23b3848 100644 --- a/deepfence_worker/ingesters/cloud_resource.go +++ b/deepfence_worker/ingesters/cloud_resource.go @@ -112,11 +112,11 @@ func ResourceToMaps(ms []ingestersUtil.CloudResource) ([]map[string]interface{}, if v.ResourceID == AwsEc2ResourceId || v.ResourceID == GcpComputeResourceId || v.ResourceID == AzureComputeResourceId { var publicIP, privateIP []string - if v.PublicIpAddress != "" { - publicIP = []string{v.PublicIpAddress} + if v.PublicIPAddress != "" { + publicIP = []string{v.PublicIPAddress} } - if v.PrivateIpAddress != "" { - privateIP = []string{v.PrivateIpAddress} + if v.PrivateIPAddress != "" { + privateIP = []string{v.PrivateIPAddress} } var k8sClusterName string var tags map[string]interface{} diff --git a/deepfence_worker/ingesters/common.go b/deepfence_worker/ingesters/common.go index 7d6baa0f99..46aae4754f 100644 --- a/deepfence_worker/ingesters/common.go +++ b/deepfence_worker/ingesters/common.go @@ -50,7 +50,7 @@ func CommitFuncStatus[Status any](ts utils.Neo4jScanType) func(ns string, data [ WITH n, count(m) as m_count MATCH (n) -[:SCANNED]- (r) SET r.` + ingestersUtil.ScanStatusField[ts] + `=n.status, - r.` + ingestersUtil.LatestScanIdField[ts] + `=n.node_id, + r.` + ingestersUtil.LatestScanIDField[ts] + `=n.node_id, r.` + ingestersUtil.ScanCountField[ts] + `=m_count` recordMap := statusesToMaps(data) @@ -59,7 +59,7 @@ func CommitFuncStatus[Status any](ts utils.Neo4jScanType) func(ns string, data [ log.Debug().Msgf("query: %v", query) if _, err = tx.Run(query, map[string]interface{}{ "batch": in_progress, - "cancel_states": []string{utils.SCAN_STATUS_CANCELLING, utils.SCAN_STATUS_CANCEL_PENDING}}); err != nil { + "cancel_states": []string{utils.ScanStatusCancelling, utils.ScanStatusCancelPending}}); err != nil { log.Error().Msgf("Error while updating scan status: %+v", err) return err } @@ -85,7 +85,7 @@ func CommitFuncStatus[Status any](ts utils.Neo4jScanType) func(ns string, data [ return err } - if ts != utils.NEO4J_COMPLIANCE_SCAN { + if ts != utils.NEO4JComplianceScan { event := scans.UpdateScanEvent{ ScanType: ts, RecordMap: recordMap, @@ -95,7 +95,7 @@ func CommitFuncStatus[Status any](ts utils.Neo4jScanType) func(ns string, data [ return err } task := utils.UpdatePodScanStatusTask - if ts == utils.NEO4J_CLOUD_COMPLIANCE_SCAN { + if ts == utils.NEO4JCloudComplianceScan { task = utils.UpdateCloudResourceScanStatusTask } if err := worker.Enqueue(task, b, utils.DefaultTaskOpts()...); err != nil { @@ -103,7 +103,7 @@ func CommitFuncStatus[Status any](ts utils.Neo4jScanType) func(ns string, data [ } } - if (ts == utils.NEO4J_COMPLIANCE_SCAN || ts == utils.NEO4J_CLOUD_COMPLIANCE_SCAN) && anyCompleted(others) { + if (ts == utils.NEO4JComplianceScan || ts == utils.NEO4JCloudComplianceScan) && anyCompleted(others) { err := worker.Enqueue(utils.CachePostureProviders, []byte(strconv.FormatInt(utils.GetTimestamp(), 10)), utils.CritialTaskOpts()...) if err != nil { @@ -143,8 +143,8 @@ func statusesToMaps[T any](data []T) []map[string]interface{} { continue } if new_status != old_status { - if new_status == utils.SCAN_STATUS_SUCCESS || - new_status == utils.SCAN_STATUS_FAILED || new_status == utils.SCAN_STATUS_CANCELLED { + if new_status == utils.ScanStatusSuccess || + new_status == utils.ScanStatusFailed || new_status == utils.ScanStatusCancelled { statusBuff[scan_id] = new } } @@ -169,7 +169,7 @@ func splitInprogressStatus(data []map[string]interface{}) ([]map[string]interfac continue } - if status == utils.SCAN_STATUS_INPROGRESS { + if status == utils.ScanStatusInProgress { in_progress = append(in_progress, data[i]) } else { others = append(others, data[i]) @@ -199,7 +199,7 @@ func anyCompleted(data []map[string]interface{}) bool { continue } - if status == utils.SCAN_STATUS_SUCCESS { + if status == utils.ScanStatusSuccess { complete = true break } diff --git a/deepfence_worker/ingesters/compliance.go b/deepfence_worker/ingesters/compliance.go index 27fc3ae1b9..9175497c04 100644 --- a/deepfence_worker/ingesters/compliance.go +++ b/deepfence_worker/ingesters/compliance.go @@ -57,7 +57,7 @@ func CompliancesToMaps(ms []ingestersUtil.Compliance) []map[string]interface{} { res = append(res, map[string]interface{}{ "rule": utils.ToMap(rule), "data": utils.ToMap(data), - "scan_id": v.ScanId, + "scan_id": v.ScanID, }) } return res diff --git a/deepfence_worker/ingesters/malware.go b/deepfence_worker/ingesters/malware.go index 9a546e9efe..1395bd4278 100644 --- a/deepfence_worker/ingesters/malware.go +++ b/deepfence_worker/ingesters/malware.go @@ -81,7 +81,7 @@ func malwareToMaps(data []ingestersUtil.Malware, if _, ok := malware["scan_id"]; ok { scanId := malware["scan_id"].(string) var err error - entityId, err = getEntityIdFromScanID(scanId, string(utils.NEO4J_MALWARE_SCAN), tx) + entityId, err = getEntityIdFromScanID(scanId, string(utils.NEO4JMalwareScan), tx) if err != nil { log.Error().Msgf("Error in getting entityId: %v", err) return nil, err diff --git a/deepfence_worker/ingesters/secrets.go b/deepfence_worker/ingesters/secrets.go index 35ea2b4917..efb8e2f4dc 100644 --- a/deepfence_worker/ingesters/secrets.go +++ b/deepfence_worker/ingesters/secrets.go @@ -81,14 +81,14 @@ func secretsToMaps(data []ingestersUtil.Secret, if _, ok := secret["scan_id"]; ok { scanId := secret["scan_id"].(string) var err error - entityId, err = getEntityIdFromScanID(scanId, string(utils.NEO4J_SECRET_SCAN), tx) + entityId, err = getEntityIdFromScanID(scanId, string(utils.NEO4JSecretScan), tx) if err != nil { log.Error().Msgf("Error in getting entityId: %v", err) return nil, err } } - nodeId := utils.ScanIdReplacer.Replace(fmt.Sprintf("%v:%v", + nodeId := utils.ScanIDReplacer.Replace(fmt.Sprintf("%v:%v", i.Rule.ID, i.Match.FullFilename)) if len(entityId) > 0 { nodeId = nodeId + "_" + entityId diff --git a/deepfence_worker/ingesters/vulnerabilites.go b/deepfence_worker/ingesters/vulnerabilites.go index 77925a10d5..bdce1a978d 100644 --- a/deepfence_worker/ingesters/vulnerabilites.go +++ b/deepfence_worker/ingesters/vulnerabilites.go @@ -64,13 +64,13 @@ func CVEsToMaps(ms []ingestersUtil.Vulnerability, for _, v := range ms { data, rule := v.Split() - entityId, err := getEntityIdFromScanID(v.ScanId, string(utils.NEO4J_VULNERABILITY_SCAN), tx) + entityId, err := getEntityIdFromScanID(v.ScanID, string(utils.NEO4JVulnerabilityScan), tx) if err != nil { log.Error().Msgf("Error in getting entityId: %v", err) return nil, err } - nodeId := data.CveCausedByPackage + rule.CveId + nodeId := data.CveCausedByPackage + rule.CveID if len(entityId) > 0 { nodeId = nodeId + "_" + entityId } @@ -78,7 +78,7 @@ func CVEsToMaps(ms []ingestersUtil.Vulnerability, res = append(res, map[string]interface{}{ "rule": utils.ToMap(rule), "data": utils.ToMap(data), - "scan_id": v.ScanId, + "scan_id": v.ScanID, "node_id": nodeId, }) } diff --git a/deepfence_worker/processors/bulk_processor.go b/deepfence_worker/processors/bulk_processor.go index 5e9b903259..f6bd5bb6ba 100644 --- a/deepfence_worker/processors/bulk_processor.go +++ b/deepfence_worker/processors/bulk_processor.go @@ -31,7 +31,7 @@ func init() { breaker.Lock() log.Info().Msgf("Breaker opened") for { - err := utils.WaitServiceTcpConn(neo4j_host, neo4j_port, time.Second*30) + err := utils.WaitServiceTCPConn(neo4j_host, neo4j_port, time.Second*30) if err != nil { log.Error().Msgf("err: %v", err) continue diff --git a/deepfence_worker/processors/common.go b/deepfence_worker/processors/common.go index 2f9987bcea..38aa9b18d4 100644 --- a/deepfence_worker/processors/common.go +++ b/deepfence_worker/processors/common.go @@ -57,59 +57,59 @@ func telemetryWrapper(task string, cf commitFn) commitFn { func StartKafkaProcessors(ctx context.Context) { processors = map[string]*BulkProcessor{} - processors[utils.VULNERABILITY_SCAN] = NewBulkProcessor( - utils.VULNERABILITY_SCAN, - telemetryWrapper(utils.VULNERABILITY_SCAN, + processors[utils.VulnerabilityScan] = NewBulkProcessor( + utils.VulnerabilityScan, + telemetryWrapper(utils.VulnerabilityScan, desWrapper(ingesters.CommitFuncVulnerabilities)), ) - processors[utils.COMPLIANCE_SCAN] = NewBulkProcessor( - utils.COMPLIANCE_SCAN, - telemetryWrapper(utils.COMPLIANCE_SCAN, + processors[utils.ComplianceScan] = NewBulkProcessor( + utils.ComplianceScan, + telemetryWrapper(utils.ComplianceScan, desWrapper(ingesters.CommitFuncCompliance)), ) - processors[utils.CLOUD_COMPLIANCE_SCAN] = NewBulkProcessor( - utils.CLOUD_COMPLIANCE_SCAN, - telemetryWrapper(utils.CLOUD_COMPLIANCE_SCAN, + processors[utils.CloudComplianceScan] = NewBulkProcessor( + utils.CloudComplianceScan, + telemetryWrapper(utils.CloudComplianceScan, desWrapper(ingesters.CommitFuncCloudCompliance)), ) - processors[utils.SECRET_SCAN] = NewBulkProcessor( - utils.SECRET_SCAN, - telemetryWrapper(utils.SECRET_SCAN, + processors[utils.SecretScan] = NewBulkProcessor( + utils.SecretScan, + telemetryWrapper(utils.SecretScan, desWrapper(ingesters.CommitFuncSecrets)), ) - processors[utils.MALWARE_SCAN] = NewBulkProcessor( - utils.MALWARE_SCAN, - telemetryWrapper(utils.MALWARE_SCAN, + processors[utils.MalwareScan] = NewBulkProcessor( + utils.MalwareScan, + telemetryWrapper(utils.MalwareScan, desWrapper(ingesters.CommitFuncMalware)), ) - processors[utils.VULNERABILITY_SCAN_STATUS] = NewBulkProcessor( - utils.VULNERABILITY_SCAN_STATUS, - telemetryWrapper(utils.VULNERABILITY_SCAN_STATUS, - desWrapper(ingesters.CommitFuncStatus[ingestersUtil.VulnerabilityScanStatus](utils.NEO4J_VULNERABILITY_SCAN))), + processors[utils.VulnerabilityScanStatus] = NewBulkProcessor( + utils.VulnerabilityScanStatus, + telemetryWrapper(utils.VulnerabilityScanStatus, + desWrapper(ingesters.CommitFuncStatus[ingestersUtil.VulnerabilityScanStatus](utils.NEO4JVulnerabilityScan))), ) - processors[utils.COMPLIANCE_SCAN_STATUS] = NewBulkProcessor( - utils.COMPLIANCE_SCAN_STATUS, - telemetryWrapper(utils.COMPLIANCE_SCAN_STATUS, - desWrapper(ingesters.CommitFuncStatus[ingestersUtil.ComplianceScanStatus](utils.NEO4J_COMPLIANCE_SCAN))), + processors[utils.ComplianceScanStatus] = NewBulkProcessor( + utils.ComplianceScanStatus, + telemetryWrapper(utils.ComplianceScanStatus, + desWrapper(ingesters.CommitFuncStatus[ingestersUtil.ComplianceScanStatus](utils.NEO4JComplianceScan))), ) - processors[utils.SECRET_SCAN_STATUS] = NewBulkProcessor( - utils.SECRET_SCAN_STATUS, - telemetryWrapper(utils.SECRET_SCAN_STATUS, - desWrapper(ingesters.CommitFuncStatus[ingestersUtil.SecretScanStatus](utils.NEO4J_SECRET_SCAN))), + processors[utils.SecretScanStatus] = NewBulkProcessor( + utils.SecretScanStatus, + telemetryWrapper(utils.SecretScanStatus, + desWrapper(ingesters.CommitFuncStatus[ingestersUtil.SecretScanStatus](utils.NEO4JSecretScan))), ) - processors[utils.MALWARE_SCAN_STATUS] = NewBulkProcessor( - utils.MALWARE_SCAN_STATUS, - telemetryWrapper(utils.MALWARE_SCAN_STATUS, - desWrapper(ingesters.CommitFuncStatus[ingestersUtil.MalwareScanStatus](utils.NEO4J_MALWARE_SCAN))), + processors[utils.MalwareScanStatus] = NewBulkProcessor( + utils.MalwareScanStatus, + telemetryWrapper(utils.MalwareScanStatus, + desWrapper(ingesters.CommitFuncStatus[ingestersUtil.MalwareScanStatus](utils.NEO4JMalwareScan))), ) - processors[utils.CLOUD_COMPLIANCE_SCAN_STATUS] = NewBulkProcessor( - utils.CLOUD_COMPLIANCE_SCAN_STATUS, - telemetryWrapper(utils.CLOUD_COMPLIANCE_SCAN_STATUS, - desWrapper(ingesters.CommitFuncStatus[ingestersUtil.CloudComplianceScanStatus](utils.NEO4J_CLOUD_COMPLIANCE_SCAN))), + processors[utils.CloudComplianceScanStatus] = NewBulkProcessor( + utils.CloudComplianceScanStatus, + telemetryWrapper(utils.CloudComplianceScanStatus, + desWrapper(ingesters.CommitFuncStatus[ingestersUtil.CloudComplianceScanStatus](utils.NEO4JCloudComplianceScan))), ) - processors[utils.CLOUD_RESOURCE] = NewBulkProcessorWith( - utils.CLOUD_RESOURCE, - telemetryWrapper(utils.CLOUD_RESOURCE, + processors[utils.CloudResource] = NewBulkProcessorWith( + utils.CloudResource, + telemetryWrapper(utils.CloudResource, desWrapper(ingesters.CommitFuncCloudResource)), 1_000) @@ -138,7 +138,7 @@ func getNamespace(rh []kgo.RecordHeader) string { func processRecord(r *kgo.Record) { switch r.Topic { - case utils.AUDIT_LOGS: + case utils.AuditLogs: addAuditLog(r) default: processor, exists := processors[r.Topic] diff --git a/deepfence_worker/tasks/malwarescan/malwarescan.go b/deepfence_worker/tasks/malwarescan/malwarescan.go index bd7197f1c1..83efc97d76 100644 --- a/deepfence_worker/tasks/malwarescan/malwarescan.go +++ b/deepfence_worker/tasks/malwarescan/malwarescan.go @@ -4,7 +4,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io/ioutil" //nolint:staticcheck "os" "os/exec" "sync" @@ -64,7 +64,7 @@ func (s MalwareScan) StopMalwareScan(ctx context.Context, task *asynq.Task) erro return nil } - scanID := params.ScanId + scanID := params.ScanID obj, found := ScanMap.Load(scanID) if !found { @@ -99,7 +99,7 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err return err } - res, scanCtx := tasks.StartStatusReporter(params.ScanId, + res, scanCtx := tasks.StartStatusReporter(params.ScanID, func(status tasks.ScanStatus) error { sb, err := json.Marshal(status) if err != nil { @@ -108,30 +108,30 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err } s.ingestC <- &kgo.Record{ - Topic: utils.MALWARE_SCAN_STATUS, + Topic: utils.MalwareScanStatus, Value: sb, Headers: []kgo.RecordHeader{{Key: "namespace", Value: []byte(tenantID)}}, } return nil }, tasks.StatusValues{ - IN_PROGRESS: utils.SCAN_STATUS_INPROGRESS, - CANCELLED: utils.SCAN_STATUS_CANCELLED, - FAILED: utils.SCAN_STATUS_FAILED, - SUCCESS: utils.SCAN_STATUS_SUCCESS, + IN_PROGRESS: utils.ScanStatusInProgress, + CANCELLED: utils.ScanStatusCancelled, + FAILED: utils.ScanStatusFailed, + SUCCESS: utils.ScanStatusSuccess, }, time.Minute*10, ) - ScanMap.Store(params.ScanId, scanCtx) + ScanMap.Store(params.ScanID, scanCtx) defer func() { - log.Info().Msgf("Removing from scan map, scan_id: %s", params.ScanId) - ScanMap.Delete(params.ScanId) + log.Info().Msgf("Removing from scan map, scan_id: %s", params.ScanID) + ScanMap.Delete(params.ScanID) res <- err close(res) }() - if params.RegistryId == "" { + if params.RegistryID == "" { return fmt.Errorf("registry id is empty in params %+v: %w", params, err) } @@ -142,7 +142,7 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err } // scanResult, err := malwareScan.ExtractAndScanFromTar(dir, imagename) - malwareScanner := malwareScan.New(opts, yaraconfig, yrScanner, params.ScanId) + malwareScanner := malwareScan.New(opts, yaraconfig, yrScanner, params.ScanID) // send inprogress status err = scanCtx.Checkpoint("After initialization") @@ -151,7 +151,7 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err } // get registry credentials - authDir, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryId) + authDir, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryID) if err != nil { return err } @@ -175,7 +175,7 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err imageName = params.ImageName } } else { - imageName = params.ImageId + imageName = params.ImageID } dir, err := ioutil.TempDir("/tmp", "malwarescan-*") @@ -222,13 +222,13 @@ func (s MalwareScan) StartMalwareScan(ctx context.Context, task *asynq.Task) err for _, c := range output.MalwaresToMalwareInfos(scanResult.IOCs) { var r malwareScanResult r.MalwareScanParameters = params - r.MalwareInfo = *c - cb, err := json.Marshal(r) + r.MalwareInfo = *c //nolint:govet + cb, err := json.Marshal(r) //nolint:govet if err != nil { log.Error().Msg(err.Error()) } else { s.ingestC <- &kgo.Record{ - Topic: utils.MALWARE_SCAN, + Topic: utils.MalwareScan, Value: cb, Headers: []kgo.RecordHeader{{Key: "namespace", Value: []byte(tenantID)}}, } diff --git a/deepfence_worker/tasks/reports/data.go b/deepfence_worker/tasks/reports/data.go index 6182fc6e3a..f2f328454d 100644 --- a/deepfence_worker/tasks/reports/data.go +++ b/deepfence_worker/tasks/reports/data.go @@ -78,16 +78,16 @@ func searchScansFilter(params sdkUtils.ReportParams) rptSearch.SearchScanReq { filters.NodeFilter.Filters.ContainsFilter.FieldsValues["node_id"] = sdkUtils.StringArrayToInterfaceArray(params.Filters.AdvancedReportFilters.ImageName) } - if len(params.Filters.AdvancedReportFilters.AccountId) > 0 { - filters.NodeFilter.Filters.ContainsFilter.FieldsValues["account_id"] = sdkUtils.StringArrayToInterfaceArray(params.Filters.AdvancedReportFilters.AccountId) + if len(params.Filters.AdvancedReportFilters.AccountID) > 0 { + filters.NodeFilter.Filters.ContainsFilter.FieldsValues["account_id"] = sdkUtils.StringArrayToInterfaceArray(params.Filters.AdvancedReportFilters.AccountID) } - if len(params.Filters.ScanId) > 0 { + if len(params.Filters.ScanID) > 0 { filters.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ ContainsFilter: reporters.ContainsFilter{ FieldsValues: map[string][]interface{}{ - "node_id": {params.Filters.ScanId}, + "node_id": {params.Filters.ScanID}, }, }, }, @@ -131,7 +131,7 @@ func getVulnerabilityData(ctx context.Context, params sdkUtils.ReportParams) (*I start time.Time = time.Now() ) - if params.Duration > 0 && len(params.Filters.ScanId) == 0 { + if params.Duration > 0 && len(params.Filters.ScanID) == 0 { start = end.AddDate(0, 0, -params.Duration) searchFilter.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ @@ -140,7 +140,7 @@ func getVulnerabilityData(ctx context.Context, params sdkUtils.ReportParams) (*I } } - scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4J_VULNERABILITY_SCAN) + scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4JVulnerabilityScan) if err != nil { return nil, err } @@ -157,7 +157,7 @@ func getVulnerabilityData(ctx context.Context, params sdkUtils.ReportParams) (*I for _, s := range scans { result, common, err := rptScans.GetScanResults[model.Vulnerability]( - ctx, sdkUtils.NEO4J_VULNERABILITY_SCAN, s.ScanId, severityFilter, model.FetchWindow{}) + ctx, sdkUtils.NEO4JVulnerabilityScan, s.ScanId, severityFilter, model.FetchWindow{}) if err != nil { log.Error().Err(err).Msgf("failed to get results for %s", s.ScanId) continue @@ -238,7 +238,7 @@ func getSecretData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mod start time.Time = time.Now() ) - if params.Duration > 0 && len(params.Filters.ScanId) == 0 { + if params.Duration > 0 && len(params.Filters.ScanID) == 0 { start = end.AddDate(0, 0, -params.Duration) searchFilter.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ @@ -247,7 +247,7 @@ func getSecretData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mod } } - scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4J_SECRET_SCAN) + scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4JSecretScan) if err != nil { return nil, err } @@ -264,7 +264,7 @@ func getSecretData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mod for _, s := range scans { result, common, err := rptScans.GetScanResults[model.Secret]( - ctx, sdkUtils.NEO4J_SECRET_SCAN, s.ScanId, severityFilter, model.FetchWindow{}) + ctx, sdkUtils.NEO4JSecretScan, s.ScanId, severityFilter, model.FetchWindow{}) if err != nil { log.Error().Err(err).Msgf("failed to get results for %s", s.ScanId) continue @@ -300,7 +300,7 @@ func getMalwareData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mo start time.Time = time.Now() ) - if params.Duration > 0 && len(params.Filters.ScanId) == 0 { + if params.Duration > 0 && len(params.Filters.ScanID) == 0 { start = end.AddDate(0, 0, -params.Duration) searchFilter.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ @@ -308,7 +308,7 @@ func getMalwareData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mo }, } } - scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4J_MALWARE_SCAN) + scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4JMalwareScan) if err != nil { return nil, err } @@ -325,7 +325,7 @@ func getMalwareData(ctx context.Context, params sdkUtils.ReportParams) (*Info[mo for _, s := range scans { result, common, err := rptScans.GetScanResults[model.Malware]( - ctx, sdkUtils.NEO4J_MALWARE_SCAN, s.ScanId, severityFilter, model.FetchWindow{}) + ctx, sdkUtils.NEO4JMalwareScan, s.ScanId, severityFilter, model.FetchWindow{}) if err != nil { log.Error().Err(err).Msgf("failed to get results for %s", s.ScanId) continue @@ -361,7 +361,7 @@ func getComplianceData(ctx context.Context, params sdkUtils.ReportParams) (*Info start time.Time = time.Now() ) - if params.Duration > 0 && len(params.Filters.ScanId) == 0 { + if params.Duration > 0 && len(params.Filters.ScanID) == 0 { start = end.AddDate(0, 0, -params.Duration) searchFilter.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ @@ -369,7 +369,7 @@ func getComplianceData(ctx context.Context, params sdkUtils.ReportParams) (*Info }, } } - scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4J_COMPLIANCE_SCAN) + scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4JComplianceScan) if err != nil { return nil, err } @@ -386,7 +386,7 @@ func getComplianceData(ctx context.Context, params sdkUtils.ReportParams) (*Info for _, s := range scans { result, common, err := rptScans.GetScanResults[model.Compliance]( - ctx, sdkUtils.NEO4J_COMPLIANCE_SCAN, s.ScanId, severityFilter, model.FetchWindow{}) + ctx, sdkUtils.NEO4JComplianceScan, s.ScanId, severityFilter, model.FetchWindow{}) if err != nil { log.Error().Err(err).Msgf("failed to get results for %s", s.ScanId) continue @@ -422,7 +422,7 @@ func getCloudComplianceData(ctx context.Context, params sdkUtils.ReportParams) ( start time.Time = time.Now() ) - if params.Duration > 0 && len(params.Filters.ScanId) == 0 { + if params.Duration > 0 && len(params.Filters.ScanID) == 0 { start = end.AddDate(0, 0, -params.Duration) searchFilter.ScanFilter = rptSearch.SearchFilter{ Filters: reporters.FieldsFilters{ @@ -431,7 +431,7 @@ func getCloudComplianceData(ctx context.Context, params sdkUtils.ReportParams) ( } } - scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4J_CLOUD_COMPLIANCE_SCAN) + scans, err := rptSearch.SearchScansReport(ctx, searchFilter, sdkUtils.NEO4JCloudComplianceScan) if err != nil { return nil, err } @@ -448,7 +448,7 @@ func getCloudComplianceData(ctx context.Context, params sdkUtils.ReportParams) ( for _, s := range scans { result, common, err := rptScans.GetScanResults[model.CloudCompliance]( - ctx, sdkUtils.NEO4J_CLOUD_COMPLIANCE_SCAN, s.ScanId, severityFilter, model.FetchWindow{}) + ctx, sdkUtils.NEO4JCloudComplianceScan, s.ScanId, severityFilter, model.FetchWindow{}) if err != nil { log.Error().Err(err).Msgf("failed to get results for %s", s.ScanId) continue diff --git a/deepfence_worker/tasks/reports/reports.go b/deepfence_worker/tasks/reports/reports.go index 19588eecff..5aa5dfa1be 100644 --- a/deepfence_worker/tasks/reports/reports.go +++ b/deepfence_worker/tasks/reports/reports.go @@ -91,13 +91,13 @@ func GenerateReport(ctx context.Context, task *asynq.Task) error { } defer session.Close() - updateReportState(ctx, session, params.ReportID, "", "", sdkUtils.SCAN_STATUS_INPROGRESS) + updateReportState(ctx, session, params.ReportID, "", "", sdkUtils.ScanStatusInProgress) // generate reportName localReportPath, err := generateReport(ctx, params) if err != nil { log.Error().Err(err).Msgf("failed to generate report with params %+v", params) - updateReportState(ctx, session, params.ReportID, "", "", sdkUtils.SCAN_STATUS_FAILED) + updateReportState(ctx, session, params.ReportID, "", "", sdkUtils.ScanStatusFailed) return nil } log.Info().Msgf("report file path %s", localReportPath) @@ -131,7 +131,7 @@ func GenerateReport(ctx context.Context, task *asynq.Task) error { } log.Info().Msgf("exposed report URL: %s", url) - updateReportState(ctx, session, params.ReportID, url, res.Key, sdkUtils.SCAN_STATUS_SUCCESS) + updateReportState(ctx, session, params.ReportID, url, res.Key, sdkUtils.ScanStatusSuccess) return nil } diff --git a/deepfence_worker/tasks/sbom/generate_sbom.go b/deepfence_worker/tasks/sbom/generate_sbom.go index 300fe70390..3dfcb6f9b5 100644 --- a/deepfence_worker/tasks/sbom/generate_sbom.go +++ b/deepfence_worker/tasks/sbom/generate_sbom.go @@ -46,7 +46,7 @@ func StopVulnerabilityScan(ctx context.Context, task *asynq.Task) error { return nil } - scanID := params.ScanId + scanID := params.ScanID cancelFnObj, found := scanMap.Load(scanID) logMsg := "" if found { @@ -89,37 +89,37 @@ func (s SbomGenerator) GenerateSbom(ctx context.Context, task *asynq.Task) error return err } - res, scanCtx := tasks.StartStatusReporter(params.ScanId, + res, scanCtx := tasks.StartStatusReporter(params.ScanID, func(status tasks.ScanStatus) error { sb, err := json.Marshal(status) if err != nil { return err } s.ingestC <- &kgo.Record{ - Topic: utils.VULNERABILITY_SCAN_STATUS, + Topic: utils.VulnerabilityScanStatus, Value: sb, Headers: rh, } return nil }, tasks.StatusValues{ - IN_PROGRESS: utils.SCAN_STATUS_INPROGRESS, - CANCELLED: utils.SCAN_STATUS_CANCELLED, - FAILED: utils.SCAN_STATUS_FAILED, - SUCCESS: utils.SCAN_STATUS_SUCCESS, + IN_PROGRESS: utils.ScanStatusInProgress, + CANCELLED: utils.ScanStatusCancelled, + FAILED: utils.ScanStatusFailed, + SUCCESS: utils.ScanStatusSuccess, }, time.Minute*20, ) - log.Info().Msgf("Adding scan id to map:%s", params.ScanId) - scanMap.Store(params.ScanId, scanCtx) + log.Info().Msgf("Adding scan id to map:%s", params.ScanID) + scanMap.Store(params.ScanID, scanCtx) defer func() { - log.Info().Msgf("Removing scan id from map:%s", params.ScanId) - scanMap.Delete(params.ScanId) + log.Info().Msgf("Removing scan id from map:%s", params.ScanID) + scanMap.Delete(params.ScanID) res <- err close(res) }() - if params.RegistryId == "" { + if params.RegistryID == "" { log.Error().Msgf("registry id is empty in params %+v", params) return err } @@ -130,7 +130,7 @@ func (s SbomGenerator) GenerateSbom(ctx context.Context, task *asynq.Task) error } // get registry credentials - authFile, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryId) + authFile, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryID) if err != nil { return err } @@ -150,12 +150,12 @@ func (s SbomGenerator) GenerateSbom(ctx context.Context, task *asynq.Task) error SyftBinPath: syftBin, HostName: params.HostName, NodeType: "container_image", // this is required by package scanner - NodeID: params.NodeId, + NodeID: params.NodeID, KubernetesClusterName: params.KubernetesClusterName, - ScanID: params.ScanId, - ImageID: params.ImageId, + ScanID: params.ScanID, + ImageID: params.ImageID, ContainerName: params.ContainerName, - RegistryID: params.RegistryId, + RegistryID: params.RegistryID, RegistryCreds: psUtils.RegistryCreds{ AuthFilePath: authFile, SkipTLSVerify: creds.SkipTLSVerify, @@ -171,7 +171,7 @@ func (s SbomGenerator) GenerateSbom(ctx context.Context, task *asynq.Task) error cfg.Source = params.ImageName } } else { - cfg.Source = params.ImageId + cfg.Source = params.ImageID } log.Debug().Msgf("config: %+v", cfg) @@ -207,7 +207,7 @@ func (s SbomGenerator) GenerateSbom(ctx context.Context, task *asynq.Task) error return err } - sbomFile := path.Join("/sbom/", utils.ScanIdReplacer.Replace(params.ScanId)+".json.gz") + sbomFile := path.Join("/sbom/", utils.ScanIDReplacer.Replace(params.ScanID)+".json.gz") info, err := mc.UploadFile(ctx, sbomFile, gzpb64Sbom.Bytes(), true, minio.PutObjectOptions{ContentType: "application/gzip"}) if err != nil { diff --git a/deepfence_worker/tasks/sbom/scan_sbom.go b/deepfence_worker/tasks/sbom/scan_sbom.go index f4a4beee0d..3e7af8579b 100644 --- a/deepfence_worker/tasks/sbom/scan_sbom.go +++ b/deepfence_worker/tasks/sbom/scan_sbom.go @@ -117,32 +117,32 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { return nil } - res, scanCtx := tasks.StartStatusReporter(params.ScanId, + res, scanCtx := tasks.StartStatusReporter(params.ScanID, func(status tasks.ScanStatus) error { sb, err := json.Marshal(status) if err != nil { return err } s.ingestC <- &kgo.Record{ - Topic: utils.VULNERABILITY_SCAN_STATUS, + Topic: utils.VulnerabilityScanStatus, Value: sb, Headers: rh, } return nil }, tasks.StatusValues{ - IN_PROGRESS: utils.SCAN_STATUS_INPROGRESS, - CANCELLED: utils.SCAN_STATUS_CANCELLED, - FAILED: utils.SCAN_STATUS_FAILED, - SUCCESS: utils.SCAN_STATUS_SUCCESS, + IN_PROGRESS: utils.ScanStatusInProgress, + CANCELLED: utils.ScanStatusCancelled, + FAILED: utils.ScanStatusFailed, + SUCCESS: utils.ScanStatusSuccess, }, time.Minute*20, ) - log.Info().Msgf("Adding scan id to map:%s", params.ScanId) - scanMap.Store(params.ScanId, scanCtx) + log.Info().Msgf("Adding scan id to map:%s", params.ScanID) + scanMap.Store(params.ScanID, scanCtx) defer func() { - log.Info().Msgf("Removing scan id from map:%s", params.ScanId) - scanMap.Delete(params.ScanId) + log.Info().Msgf("Removing scan id from map:%s", params.ScanID) + scanMap.Delete(params.ScanID) res <- err close(res) }() @@ -155,7 +155,7 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { return err } - sbomFilePath := path.Join("/tmp", utils.ScanIdReplacer.Replace(params.ScanId)+".json") + sbomFilePath := path.Join("/tmp", utils.ScanIDReplacer.Replace(params.ScanID)+".json") f, err := os.Create(sbomFilePath) if err != nil { return err @@ -183,10 +183,10 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { cfg := psUtils.Config{ HostName: params.HostName, NodeType: params.NodeType, - NodeID: params.NodeId, + NodeID: params.NodeID, KubernetesClusterName: params.KubernetesClusterName, - ScanID: params.ScanId, - ImageID: params.ImageId, + ScanID: params.ScanID, + ImageID: params.ImageID, ContainerName: params.ContainerName, } @@ -198,7 +198,7 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { details := psOutput.CountBySeverity(&report) - log.Info().Msgf("scan-id=%s vulnerabilities=%d severities=%v", params.ScanId, len(report), details.Severity) + log.Info().Msgf("scan-id=%s vulnerabilities=%d severities=%v", params.ScanID, len(report), details.Severity) // write reports and status to kafka ingester will process from there for _, c := range report { @@ -207,7 +207,7 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { log.Error().Msg(err.Error()) } else { s.ingestC <- &kgo.Record{ - Topic: utils.VULNERABILITY_SCAN, + Topic: utils.VulnerabilityScan, Value: cb, Headers: rh, } @@ -227,7 +227,7 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { return err } - runtimeSbomPath := path.Join("/sbom/", "runtime-"+utils.ScanIdReplacer.Replace(params.ScanId)+".json") + runtimeSbomPath := path.Join("/sbom/", "runtime-"+utils.ScanIDReplacer.Replace(params.ScanID)+".json") uploadInfo, err := mc.UploadFile(context.Background(), runtimeSbomPath, runtimeSbomBytes, true, minio.PutObjectOptions{ContentType: "application/json"}) if err != nil { @@ -235,7 +235,7 @@ func (s SbomParser) ScanSBOM(ctx context.Context, task *asynq.Task) error { return err } - log.Info().Msgf("scan_id: %s, runtime sbom minio file info: %+v", params.ScanId, uploadInfo) + log.Info().Msgf("scan_id: %s, runtime sbom minio file info: %+v", params.ScanID, uploadInfo) return nil } diff --git a/deepfence_worker/tasks/scans/bulk_delete.go b/deepfence_worker/tasks/scans/bulk_delete.go index 669a256f62..bda5d60f65 100644 --- a/deepfence_worker/tasks/scans/bulk_delete.go +++ b/deepfence_worker/tasks/scans/bulk_delete.go @@ -36,7 +36,7 @@ func BulkDeleteScans(ctx context.Context, task *asynq.Task) error { } } - if len(scansList.ScansInfo) > 0 && (scanType == utils.NEO4J_COMPLIANCE_SCAN || scanType == utils.NEO4J_CLOUD_COMPLIANCE_SCAN) { + if len(scansList.ScansInfo) > 0 && (scanType == utils.NEO4JComplianceScan || scanType == utils.NEO4JCloudComplianceScan) { worker, err := directory.Worker(ctx) if err != nil { return err diff --git a/deepfence_worker/tasks/scans/status.go b/deepfence_worker/tasks/scans/status.go index cca678141b..4ba6caed70 100644 --- a/deepfence_worker/tasks/scans/status.go +++ b/deepfence_worker/tasks/scans/status.go @@ -88,7 +88,7 @@ func UpdateCloudResourceScanStatus(ctx context.Context, task *asynq.Task) error MATCH (cr:CloudResource{arn: arn}) SET cr.` + ingestersUtil.ScanCountField[event.ScanType] + `=count, cr.` + ingestersUtil.ScanStatusField[event.ScanType] + `=status, - cr.` + ingestersUtil.LatestScanIdField[event.ScanType] + `=scan_id` + cr.` + ingestersUtil.LatestScanIDField[event.ScanType] + `=scan_id` log.Debug().Msgf("query: %v", query) _, err = session.Run(query, diff --git a/deepfence_worker/tasks/secretscan/secretscan.go b/deepfence_worker/tasks/secretscan/secretscan.go index 6035c5a897..6998c3c1b8 100644 --- a/deepfence_worker/tasks/secretscan/secretscan.go +++ b/deepfence_worker/tasks/secretscan/secretscan.go @@ -3,7 +3,7 @@ package secretscan import ( "context" "encoding/json" - "io/ioutil" + "io/ioutil" //nolint:staticcheck "os" "os/exec" "sync" @@ -50,7 +50,7 @@ func (s SecretScan) StopSecretScan(ctx context.Context, task *asynq.Task) error return nil } - scanID := params.ScanId + scanID := params.ScanID obj, found := ScanMap.Load(scanID) if !found { @@ -88,7 +88,7 @@ func (s SecretScan) StartSecretScan(ctx context.Context, task *asynq.Task) error return nil } - if params.RegistryId == "" { + if params.RegistryID == "" { log.Error().Msgf("registry id is empty in params %+v", params) return nil } @@ -96,32 +96,32 @@ func (s SecretScan) StartSecretScan(ctx context.Context, task *asynq.Task) error //Set this "hardErr" variable to appropriate error if //an error has caused used to abort/return from this function var hardErr error - res, scanCtx := tasks.StartStatusReporter(params.ScanId, + res, scanCtx := tasks.StartStatusReporter(params.ScanID, func(status tasks.ScanStatus) error { sb, err := json.Marshal(status) if err != nil { return err } s.ingestC <- &kgo.Record{ - Topic: utils.SECRET_SCAN_STATUS, + Topic: utils.SecretScanStatus, Value: sb, Headers: []kgo.RecordHeader{{Key: "namespace", Value: []byte(tenantID)}}, } return nil }, tasks.StatusValues{ - IN_PROGRESS: utils.SCAN_STATUS_INPROGRESS, - CANCELLED: utils.SCAN_STATUS_CANCELLED, - FAILED: utils.SCAN_STATUS_FAILED, - SUCCESS: utils.SCAN_STATUS_SUCCESS, + IN_PROGRESS: utils.ScanStatusInProgress, + CANCELLED: utils.ScanStatusCancelled, + FAILED: utils.ScanStatusFailed, + SUCCESS: utils.ScanStatusSuccess, }, time.Minute*20, ) - ScanMap.Store(params.ScanId, scanCtx) + ScanMap.Store(params.ScanID, scanCtx) defer func() { - log.Info().Msgf("Removing from scan map, scan_id: %s", params.ScanId) - ScanMap.Delete(params.ScanId) + log.Info().Msgf("Removing from scan map, scan_id: %s", params.ScanID) + ScanMap.Delete(params.ScanID) res <- hardErr close(res) }() @@ -133,7 +133,7 @@ func (s SecretScan) StartSecretScan(ctx context.Context, task *asynq.Task) error } // get registry credentials - authDir, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryId) + authDir, creds, err := workerUtils.GetConfigFileFromRegistry(ctx, params.RegistryID) if err != nil { log.Error().Msg(err.Error()) hardErr = err @@ -159,7 +159,7 @@ func (s SecretScan) StartSecretScan(ctx context.Context, task *asynq.Task) error imageName = params.ImageName } } else { - imageName = params.ImageId + imageName = params.ImageID } dir, err := ioutil.TempDir("/tmp", "secretscan-*") @@ -210,13 +210,13 @@ func (s SecretScan) StartSecretScan(ctx context.Context, task *asynq.Task) error for _, c := range output.SecretsToSecretInfos(scanResult.Secrets) { var r secretScanResult r.SecretScanParameters = params - r.SecretInfo = *c - cb, err := json.Marshal(r) + r.SecretInfo = *c //nolint:govet + cb, err := json.Marshal(r) //nolint:govet if err != nil { log.Error().Msg(err.Error()) } else { s.ingestC <- &kgo.Record{ - Topic: utils.SECRET_SCAN, + Topic: utils.SecretScan, Value: cb, Headers: []kgo.RecordHeader{{Key: "namespace", Value: []byte(tenantID)}}, } diff --git a/deepfence_worker/worker.go b/deepfence_worker/worker.go index a67ace7d44..53adfb91e2 100644 --- a/deepfence_worker/worker.go +++ b/deepfence_worker/worker.go @@ -24,9 +24,9 @@ import ( var ( DefaultQueues = map[string]int{ - utils.Q_CRITICAL: 6, - utils.Q_DEFAULT: 3, - utils.Q_LOW: 1, + utils.QCritical: 6, + utils.QDefault: 3, + utils.QLow: 1, } )