diff --git a/attackchains/attackchainhandler.go b/attackchains/attackchainhandler.go deleted file mode 100644 index 97ad76a..0000000 --- a/attackchains/attackchainhandler.go +++ /dev/null @@ -1,180 +0,0 @@ -package attackchains - -import ( - "fmt" - - armotypes "github.com/armosec/armoapi-go/armotypes" - cscanlib "github.com/armosec/armoapi-go/containerscan" - "github.com/kubescape/opa-utils/reporthandling" - "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" -) - -const ( - securityFrameworkName = "security" -) - -type AttackChainsEngine struct { - attackTracks []v1alpha1.IAttackTrack // All attack tracks - allAttackTrackControls map[string]*reporthandling.Control // All controls that might potentially be relevant to any of the attack tracks -} - -func NewAttackChainHandler(attackTracks []v1alpha1.IAttackTrack, allAttackTrackControls map[string]*reporthandling.Control) (*AttackChainsEngine, error) { - - if len(attackTracks) == 0 { - return nil, fmt.Errorf("expected to find at least one attack track") - } - - for _, attackTrack := range attackTracks { - if !attackTrack.IsValid() { - return nil, fmt.Errorf("invalid attack track: %s", attackTrack.GetName()) - } - } - - handler := &AttackChainsEngine{ - attackTracks: attackTracks, - allAttackTrackControls: allAttackTrackControls, - } - - return handler, nil -} - -// detectSingleAttackTrack - detect attach chains out of a single attack track -func (h *AttackChainsEngine) detectSingleAttackChain(attackTrack v1alpha1.IAttackTrack, controlsLookup v1alpha1.AttackTrackControlsLookup) (v1alpha1.IAttackTrack, error) { - - if attackTrack == nil { - return nil, fmt.Errorf("attackTrack is nil") - } - - if controlsLookup == nil { - return nil, fmt.Errorf("controlsLookup is nil") - } - - if !controlsLookup.HasAssociatedControls(attackTrack.GetName()) { - return nil, nil - } - - // Load the failed controls into the attack track - allPathsHandler := v1alpha1.NewAttackTrackAllPathsHandler(attackTrack, &controlsLookup) - - // Calculate all the paths for the attack track - // nbeed to take the first item in the list. - paths := allPathsHandler.CalculatePathsRootToLeaf() - if len(paths) == 0 { - return nil, nil - } - return allPathsHandler.GenerateAttackTrackFromPaths(paths), nil - -} - -// getAttackTrackControlsLookup returns a lookup of all the controls that are relevant to the attack tracks -func (h *AttackChainsEngine) getAttackTrackControlsLookup(postureResourceSummary *armotypes.PostureResourceSummary, vuls []*cscanlib.CommonContainerScanSummaryResult) (v1alpha1.AttackTrackControlsLookup, error) { - - relevantControls, err := h.getRelevantControls(postureResourceSummary) - if err != nil { - return nil, err - } - - if len(relevantControls) == 0 { - return nil, nil - } - - attackTracks, err := h.GetAttackTrack() - if err != nil { - return nil, err - } - - vulRelevants := make([]*cscanlib.CommonContainerScanSummaryResult, 0, len(vuls)) - - for _, vul := range vuls { - if isVulnerableRelevantToAttackChain(vul) { - vulRelevants = append(vulRelevants, vul) - - // Convert the vulnarable image to a control structure - volAsControl := convertVulToControl(vul, []string{securityFrameworkName}, attackTracks) - if volAsControl != nil { - relevantControls[volAsControl.ControlID] = volAsControl - } - } - } - - relevantControlsIDs := make([]string, 0, len(relevantControls)) - - for _, control := range relevantControls { - relevantControlsIDs = append(relevantControlsIDs, control.GetControlId()) - } - - controlsLookup := v1alpha1.NewAttackTrackControlsLookup(attackTracks, relevantControlsIDs, relevantControls) - - return controlsLookup, nil - -} - -// DetectAllAttackChains - Detects all the attack chains that are relevant to the postureResourceSummary -func (h *AttackChainsEngine) DetectAllAttackChains(postureResourceSummary *armotypes.PostureResourceSummary, vul []*cscanlib.CommonContainerScanSummaryResult) ([]v1alpha1.IAttackTrack, error) { - - attackChains := []v1alpha1.IAttackTrack{} - - // If the postureResourceSummary is not relevant to any attack track, return nil - if !isSupportedKind(postureResourceSummary.Designators.Attributes["kind"]) { - return nil, nil - } - - // Get all the attack tracks, return error if failed - attackTracks, err := h.GetAttackTrack() - if err != nil { - return nil, err - } - - // Get controls lookup, return error if failed - controlsLookup, err := h.getAttackTrackControlsLookup(postureResourceSummary, vul) - if err != nil { - return nil, err - } - - if controlsLookup == nil { - return nil, nil - } - - // For each attack track, detect attack chains. - for _, attackTrack := range attackTracks { - calculatedAttackChain, err := h.detectSingleAttackChain(attackTrack, controlsLookup) - if err != nil { - return nil, err - } - - if calculatedAttackChain != nil { - attackChains = append(attackChains, calculatedAttackChain) - } - - } - - return attackChains, nil - -} - -// GetAttackTrack - Returns all the attack tracks -func (h *AttackChainsEngine) GetAttackTrack() ([]v1alpha1.IAttackTrack, error) { - if len(h.attackTracks) == 0 { - return nil, fmt.Errorf("attack tracks not found") - } - return h.attackTracks, nil -} - -// getRelevantControls - Returns all the controls that are relevant to the postureResourceSummary -// The relevant controls are the failed controls and the warning controls -func (h *AttackChainsEngine) getRelevantControls(postureResourceSummary *armotypes.PostureResourceSummary) (map[string]v1alpha1.IAttackTrackControl, error) { - - n_relevant := len(postureResourceSummary.FailedControl) + len(postureResourceSummary.WarningControls) - relevantControlsIDs := append(postureResourceSummary.FailedControl, postureResourceSummary.WarningControls...) - - relevantControls := make(map[string]v1alpha1.IAttackTrackControl, n_relevant) - - for _, controlID := range relevantControlsIDs { - control, ok := h.allAttackTrackControls[controlID] - if ok { - relevantControls[controlID] = control - } - } - - return relevantControls, nil -} diff --git a/attackchains/attackchainhandler_mocks.go b/attackchains/attackchainhandler_mocks.go deleted file mode 100644 index e23833f..0000000 --- a/attackchains/attackchainhandler_mocks.go +++ /dev/null @@ -1,253 +0,0 @@ -package attackchains - -import ( - _ "embed" - "encoding/json" - "strings" - - armotypes "github.com/armosec/armoapi-go/armotypes" - cscanlib "github.com/armosec/armoapi-go/containerscan" - "github.com/armosec/armoapi-go/identifiers" - "github.com/google/uuid" - - // csscan "github.com/armosec/cluster-container-scanner-api" - "github.com/kubescape/opa-utils/reporthandling" - "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" -) - -//go:embed testdata/attacktracks/workload_external_track.json -var attackTrackWorkloadExternalTrack string - -//go:embed testdata/attacktracks/service_destruction.json -var attackTrackServiceDestruction string - -func AllControlsMock() map[string]*reporthandling.Control { - controlsInfo := make(map[string]*reporthandling.Control) - controlsInfo["control1"] = ControlMock("control1", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"A"}) - controlsInfo["control2"] = ControlMock("control2", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"B"}) - controlsInfo["control3"] = ControlMock("control3", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"C"}) - controlsInfo["control4"] = ControlMock("control4", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"C"}) - controlsInfo["control5"] = ControlMock("control5", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"D"}) - controlsInfo["control6"] = ControlMock("control6", []string{"attackchain1", "attackchain2"}, 1, []string{securityFrameworkName}, []string{"E"}) - - return controlsInfo -} - -func ControlMock(id string, attackTrackNames []string, baseScore float32, tags []string, categories []string) *reporthandling.Control { - control := &reporthandling.Control{ - ControlID: id, - BaseScore: baseScore, - PortalBase: armotypes.PortalBase{ - Attributes: map[string]interface{}{ - "controlTypeTags": tags, - }, - }, - } - - attackTrackCategories := make([]reporthandling.AttackTrackCategories, 0) - - for _, attackTrackName := range attackTrackNames { - attackTrackCategories = append(attackTrackCategories, reporthandling.AttackTrackCategories{AttackTrack: attackTrackName, Categories: categories}) - } - - control.Attributes["attackTracks"] = attackTrackCategories - - return control -} - -// attributes for wl info (kind, cluster, namespace, name. SPIFF as identity? etc) -// v1-raw-resources-report (no need?) -// v3-containerscan-vul for images -// enrichResourceSummaryFromRegoStore - might extend the function on backend for attack-chain purpose. -func PostureResourcesSummaryMock(attributes map[string]string, failedControlIds []string, warningControlIds []string) *armotypes.PostureResourceSummary { - postureResourceSummary := armotypes.PostureResourceSummary{ - Designators: identifiers.PortalDesignator{Attributes: attributes}, - ResourceKind: attributes["kind"], - FailedControl: failedControlIds, - WarningControls: warningControlIds, - FailedControlCount: len(failedControlIds), - SkippedControlCount: len(warningControlIds), - ReportID: uuid.New().String(), - } - - postureResourceSummary.ResourceID = GenerateResourceIDMock(&postureResourceSummary) - - return &postureResourceSummary -} - -func CommonContainerScanSummaryResultMock(hasRelevancyData bool, relevantLabel cscanlib.RelevantLabel, attributes map[string]string) *cscanlib.CommonContainerScanSummaryResult { - vuls := []cscanlib.ShortVulnerabilityResult{ - {Name: "CVE-1"}, - {Name: "CVE-2"}, - {Name: "CVE-3"}, - } - - ImageHash := "ImageID_" + uuid.New().String() - - return &cscanlib.CommonContainerScanSummaryResult{ - ImageID: ImageHash, - HasRelevancyData: hasRelevancyData, - RelevantLabel: relevantLabel, - Designators: identifiers.PortalDesignator{ - Attributes: attributes, - }, - Vulnerabilities: vuls, - ContainerScanID: uuid.New().String(), - SeverityStats: cscanlib.SeverityStats{Severity: "Critical"}, - SeveritiesStats: []cscanlib.SeverityStats{ - {Severity: "Critical", TotalCount: 1, RelevantCount: 1}, - }, - } -} - -func AttackTrackMock(name string, data v1alpha1.AttackTrackStep) *v1alpha1.AttackTrack { - at := v1alpha1.AttackTrack{} - at.Metadata = make(map[string]interface{}) - at.Metadata["name"] = name - at.Spec.Version = "1.0" - at.Spec.Data = data - return &at -} - -// AttackTrackMock1 is a mock of attack track with 3 levels, without image vulnerability -func AttackTrackMock1() v1alpha1.IAttackTrack { - return AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - { - Name: "D", - }, - }, - }, - { - Name: "E", - }, - }, - }) -} - -// AttackTrackMock2 is a mock of attack track with 1 level, without image vulnerability -func AttackTrackMock2() v1alpha1.IAttackTrack { - - return AttackTrackMock("attackchain2", v1alpha1.AttackTrackStep{ - Name: "Z", - }) - -} - -// AttackTrackMock3 is a mock of attack track with 3 levels, without image vulnerability -func AttackTrackMock3() v1alpha1.IAttackTrack { - return AttackTrackMock("attackchain3", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - { - Name: "D", - }, - }, - }, - { - Name: "E", - }, - }, - }) -} - -func AttackTracksMocks() []v1alpha1.IAttackTrack { - mock1 := AttackTrackMock1() - mock2 := AttackTrackMock2() - mock3 := AttackTrackMock3() - return []v1alpha1.IAttackTrack{mock1, mock2, mock3} -} - -func GetControlsMocks() map[string]*reporthandling.Control { - controlsInfo := make(map[string]*reporthandling.Control) - controlsInfo["control1"] = ControlMock("control1", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Workload Exposure"}) - controlsInfo["control2"] = ControlMock("control2", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Data Access"}) - controlsInfo["control3"] = ControlMock("control3", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Secret Access"}) - controlsInfo["control4"] = ControlMock("control4", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Credential access"}) - controlsInfo["control5"] = ControlMock("control5", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Potential Node exposure"}) - controlsInfo["control6"] = ControlMock("control6", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Persistence"}) - controlsInfo["control7"] = ControlMock("control7", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Network"}) - controlsInfo["control8"] = ControlMock("control8", []string{"workload-external-track", "service-destruction"}, 1, []string{securityFrameworkName}, []string{"Service Destruction"}) - - return controlsInfo -} - -func GetAttackTrackMocks() ([]v1alpha1.AttackTrack, error) { - - attackTracksMocks := []string{attackTrackWorkloadExternalTrack, - attackTrackServiceDestruction} - - attackTracks := []v1alpha1.AttackTrack{} - - for i := range attackTracksMocks { - attackTrack := &v1alpha1.AttackTrack{} - err := json.Unmarshal([]byte(attackTracksMocks[i]), &attackTrack) - - if err != nil { - return nil, err - } - - attackTracks = append(attackTracks, *attackTrack) - } - - return attackTracks, nil -} - -func GetAttackTrackInputMocks() ([]*armotypes.PostureResourceSummary, []*cscanlib.CommonContainerScanSummaryResult) { - var postureResourceSummaries []*armotypes.PostureResourceSummary - var vuls []*cscanlib.CommonContainerScanSummaryResult - - failedControls := []string{"control1", "control7", "control8"} - warningControls := []string{"control2"} - - Attributes := []map[string]string{ - {"apiVersion": "apps/v1", - "cluster": "testmock1", - "kind": "Pod", - "name": "podtest1", - "namespace": "default"}, - {"apiVersion": "apps/v1", - "cluster": "testmock1", - "kind": "Deployment", - "name": "deploymenttest1", - "namespace": "default"}, - {"apiVersion": "apps/v1", - "cluster": "testmock2", - "kind": "Deployment", - "name": "deploymenttest2", - "namespace": "default"}} - - for _, attributes := range Attributes { - - postureResourcesSummary := PostureResourcesSummaryMock(attributes, failedControls, warningControls) - commonContainerScanSummaryResult := CommonContainerScanSummaryResultMock(true, "yes", attributes) - - postureResourceSummaries = append(postureResourceSummaries, postureResourcesSummary) - vuls = append(vuls, commonContainerScanSummaryResult) - } - - return postureResourceSummaries, vuls - -} - -// GenerateResourceIDMock generates attackChainID -// structure: apiVersion/namespace/kind/name -func GenerateResourceIDMock(postureResourceSummary *armotypes.PostureResourceSummary) string { - attributes := postureResourceSummary.Designators.Attributes - elements := []string{attributes["apiVersion"], attributes["namespace"], attributes["kind"], attributes["name"]} - return strings.Join(elements, "/") -} diff --git a/attackchains/attackchainhandler_test.go b/attackchains/attackchainhandler_test.go deleted file mode 100644 index c783dca..0000000 --- a/attackchains/attackchainhandler_test.go +++ /dev/null @@ -1,376 +0,0 @@ -package attackchains - -import ( - "testing" - - "github.com/armosec/armoapi-go/containerscan" - cscanlib "github.com/armosec/armoapi-go/containerscan" - "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" - "github.com/stretchr/testify/assert" -) - -var allControls = AllControlsMock() - -func TestDetectSingleAttackTrack(t *testing.T) { - - attackTrack1 := AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - { - Name: "D", - }, - }, - }, - { - Name: "E", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - }, - }, - }, - }, - }) - - Attributes := map[string]string{"cluster": "minikubesecurity1", - "kind": "Pod", - "name": "wowtest", - "namespace": "default"} - - tests := []struct { - name string - attackTrack v1alpha1.IAttackTrack - FailedControls []string - WarningControls []string - Vuls []*cscanlib.CommonContainerScanSummaryResult - Expected v1alpha1.IAttackTrack - }{ - { - name: "Attack chain exists with vulnarable image 'yes'", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelYes, Attributes), - }, - - Expected: AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - }, - }), - }, - { - name: "Attack chain exists with vulnarable image no data", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(false, containerscan.RelevantLabelYes, Attributes), - }, - - Expected: AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - }, - }), - }, - { - name: "Attack chain exists with 1 vulnarable image out of two", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelNo, Attributes), - CommonContainerScanSummaryResultMock(false, containerscan.RelevantLabelYes, Attributes), - }, - - Expected: AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - }, - }), - }, - { - name: "No Attack chain, no vulnarable image", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelNo, Attributes), - }, - - Expected: nil, - }, - { - name: "Attack Chain exists, no vulnarable image", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control6"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelNo, Attributes), - }, - - Expected: AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "E", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - }, - }, - }, - }, - }), - }, - { - name: "Attack chain exists with multiple paths, with vulnarable image 'yes'", - attackTrack: attackTrack1, - FailedControls: []string{"control1", "control2", "control6"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelYes, Attributes), - }, - - Expected: AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - { - Name: "E", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - }, - }, - }, - }, - }), - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - - attackChainHandler, err := NewAttackChainHandler([]v1alpha1.IAttackTrack{test.attackTrack}, allControls) - assert.NoError(t, err) - - postureResourcesSummary := PostureResourcesSummaryMock(Attributes, test.FailedControls, test.WarningControls) - - controlsLookup, err := attackChainHandler.getAttackTrackControlsLookup(postureResourcesSummary, test.Vuls) - assert.NoError(t, err) - attackChain, err := attackChainHandler.detectSingleAttackChain(test.attackTrack, controlsLookup) - assert.NoError(t, err) - if !(test.Expected == nil && attackChain == nil) { - if test.Expected == nil { - assert.Fail(t, "Expected is nil while actual is not nil") - } else if attackChain == nil { - assert.Fail(t, "Actual is nil while expected is not nil") - } else { - assert.True(t, attackChain.GetData().(*v1alpha1.AttackTrackStep).Equal(test.Expected.GetData().(*v1alpha1.AttackTrackStep), false)) - - } - } - - }) - - } - -} - -func TestDetectAllAttackChains(t *testing.T) { - - Attributes := map[string]string{"cluster": "minikubesecurity1", - "kind": "Pod", - "name": "wowtest", - "namespace": "default"} - - attackTrack1 := AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - { - Name: "D", - }, - }, - }, - { - Name: "E", - }, - }, - }) - - attackTrack2 := AttackTrackMock("attackchain2", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - { - Name: "D", - }, - }, - }, - { - Name: "E", - }, - }, - }) - - tests := []struct { - name string - attackTracks []v1alpha1.IAttackTrack - FailedControls []string - WarningControls []string - Vuls []*cscanlib.CommonContainerScanSummaryResult - ExpectedAttackTracks []v1alpha1.IAttackTrack - }{ - { - name: "Found one attack chain", - attackTracks: []v1alpha1.IAttackTrack{attackTrack1}, - FailedControls: []string{"control1", "control2"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelYes, Attributes), - }, - - ExpectedAttackTracks: []v1alpha1.IAttackTrack{AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - }, - })}, - }, - { - name: "Found two attack chain", - attackTracks: []v1alpha1.IAttackTrack{attackTrack1, attackTrack2}, - FailedControls: []string{"control1", "control2", "control6"}, - WarningControls: []string{"control3", "control4"}, - Vuls: []*cscanlib.CommonContainerScanSummaryResult{ - CommonContainerScanSummaryResultMock(true, containerscan.RelevantLabelYes, Attributes), - }, - - ExpectedAttackTracks: []v1alpha1.IAttackTrack{AttackTrackMock("attackchain1", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - ChecksVulnerabilities: true, - Name: "vulnerableImageStepName", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - { - Name: "E", - }, - }, - }), - AttackTrackMock("attackchain2", v1alpha1.AttackTrackStep{ - Name: "A", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "B", - SubSteps: []v1alpha1.AttackTrackStep{ - { - Name: "C", - }, - }, - }, - { - Name: "E", - }, - }, - })}, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - attackChainHandler, err := NewAttackChainHandler(test.attackTracks, allControls) - assert.NoError(t, err) - - Attributes := map[string]string{"cluster": "minikubesecurity1", - "kind": "Pod", - "name": "wowtest", - "namespace": "default"} - - postureResourcesSummary := PostureResourcesSummaryMock(Attributes, test.FailedControls, test.WarningControls) - - attackChains, err := attackChainHandler.DetectAllAttackChains(postureResourcesSummary, test.Vuls) - - assert.NoError(t, err) - assert.Equalf(t, len(test.ExpectedAttackTracks), len(attackChains), "Expected and actual attack chains are not equal") - - for i := range attackChains { - assert.Equal(t, attackChains[i].GetName(), test.ExpectedAttackTracks[i].GetName()) - assert.True(t, attackChains[i].GetData().(*v1alpha1.AttackTrackStep).Equal(test.ExpectedAttackTracks[i].GetData().(*v1alpha1.AttackTrackStep), false)) - } - - }) - - } - -} diff --git a/attackchains/attackchainutils.go b/attackchains/attackchainutils.go deleted file mode 100644 index 345da52..0000000 --- a/attackchains/attackchainutils.go +++ /dev/null @@ -1,202 +0,0 @@ -package attackchains - -import ( - "strings" - "time" - - armotypes "github.com/armosec/armoapi-go/armotypes" - cscanlib "github.com/armosec/armoapi-go/containerscan" - "github.com/armosec/armoapi-go/identifiers" - "github.com/armosec/utils-go/str" - "github.com/kubescape/opa-utils/reporthandling" - "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" -) - -func isSupportedKind(kind string) bool { - switch strings.ToLower(kind) { - case "deployment", - "pod", - "replicaset", - "node", - "daemonset", - "statefulset", - "job", - "cronjob": - return true - } - - return false -} - -// convertVulToControl - convert vulnerability to control object. This is done in order to unify the way we handle vulnarabilities and controls when generating the attack chains. -func convertVulToControl(vul *cscanlib.CommonContainerScanSummaryResult, tags []string, attackTracks []v1alpha1.IAttackTrack) *reporthandling.Control { - if vul == nil { - return nil - } - - attackTrackCategories := make([]reporthandling.AttackTrackCategories, 0, len(attackTracks)) - for _, attackTrack := range attackTracks { - stepNamesWithVulnerabilities := attackTrack.GetSubstepsWithVulnerabilities() - - if len(stepNamesWithVulnerabilities) == 0 { - continue - } - - attackTrackCategories = append(attackTrackCategories, reporthandling.AttackTrackCategories{ - AttackTrack: attackTrack.GetName(), - Categories: stepNamesWithVulnerabilities, - }) - - } - - return &reporthandling.Control{ - ControlID: vul.ImageID + vul.ContainerName, - PortalBase: armotypes.PortalBase{ - Attributes: map[string]interface{}{ - "controlTypeTags": tags, - "attackTracks": attackTrackCategories, - "vulnerabilities": vul.Vulnerabilities, - identifiers.AttributeContainerScanId: vul.ContainerScanID, // ImageScanID when coming from a converted VulnerabilityScanSummary from postgres - identifiers.AttributeContainerName: vul.ContainerName, - }, - }, - } -} - -// isVulnerableRelevantToAttackChain checks if the vulnerability is relevant to the attack chain -func isVulnerableRelevantToAttackChain(vul *cscanlib.CommonContainerScanSummaryResult) bool { - - if !vul.HasRelevancyData { - //validate severity - if vul.Severity == cscanlib.CriticalSeverity { - return true - } - for _, stat := range vul.SeveritiesStats { - - if stat.Severity == cscanlib.CriticalSeverity && stat.TotalCount > 0 { - return true - } - } - } else { - - if vul.RelevantLabel == cscanlib.RelevantLabelYes { - - for _, stat := range vul.SeveritiesStats { - - if stat.Severity == cscanlib.CriticalSeverity && stat.RelevantCount > 0 { - return true - } - } - } - } - - return false -} - -// validateWorkLoadMatch checks if the vulnerability and the posture resource summary are of the same workload -func validateWorkLoadMatch(postureResourceSummary *armotypes.PostureResourceSummary, vul *cscanlib.CommonContainerScanSummaryResult) bool { - prsAttributes := postureResourceSummary.Designators.Attributes - vulAttributes := vul.Designators.Attributes - // check that all these fields match: - // cluster, namespace, kind, name - // check is case insensitive - if strings.ToLower(prsAttributes["kind"]) == strings.ToLower(vulAttributes["kind"]) && - strings.ToLower(prsAttributes["name"]) == strings.ToLower(vulAttributes["name"]) && - strings.ToLower(prsAttributes["namespace"]) == strings.ToLower(vulAttributes["namespace"]) && - strings.ToLower(prsAttributes["cluster"]) == strings.ToLower(vulAttributes["cluster"]) { - return true - } - return false -} - -func ConvertAttackTracksToAttackChains(attacktracks []v1alpha1.IAttackTrack, attributes map[string]string, resourceID, reportID string) []*armotypes.AttackChain { - var attackChains []*armotypes.AttackChain - for _, attackTrack := range attacktracks { - attackChains = append(attackChains, ConvertAttackTrackToAttackChain(attackTrack, attributes, resourceID, reportID)) - } - return attackChains - -} - -func ConvertAttackTrackToAttackChain(attackTrack v1alpha1.IAttackTrack, attributes map[string]string, resourceID, reportID string) *armotypes.AttackChain { - var chainNodes = ConvertAttackTrackStepToAttackChainNode(attackTrack.GetData()) - customerGUID := attributes[identifiers.AttributeCustomerGUID] - return &armotypes.AttackChain{ - AttackChainNodes: *chainNodes, - AttackChainConfig: armotypes.AttackChainConfig{ - Description: attackTrack.GetDescription(), - PortalBase: armotypes.PortalBase{ - Name: attackTrack.GetName(), - }, - ClusterName: attributes[identifiers.AttributeCluster], - Resource: GenerateAttackChainResource(attributes, resourceID), - AttackChainID: GenerateAttackChainID(customerGUID, attackTrack.GetName(), attributes), - CustomerGUID: customerGUID, - UIStatus: &armotypes.AttackChainUIStatus{FirstSeen: time.Now().UTC().Format("2006-01-02T15:04:05.999Z")}, - LatestReportGUID: reportID, - }, - } -} - -func GenerateAttackChainResource(attributes map[string]string, resourceID string) identifiers.PortalDesignator { - attributes[identifiers.AttributeResourceID] = resourceID - return identifiers.PortalDesignator{DesignatorType: identifiers.DesignatorAttributes, Attributes: attributes} -} - -func ConvertAttackTrackStepToAttackChainNode(step v1alpha1.IAttackTrackStep) *armotypes.AttackChainNode { - var controlIDs []string - var imageVulnerabilities []armotypes.Vulnerabilities - - if step.GetName() == "" { - return nil - } - - if step.DoesCheckVulnerabilities() { - for _, vulControl := range step.GetControls() { - containerScanID := vulControl.(*reporthandling.Control).Attributes[identifiers.AttributeContainerScanId].(string) - vulnerabilities := vulControl.(*reporthandling.Control).Attributes["vulnerabilities"].([]cscanlib.ShortVulnerabilityResult) - - vulNames := []string{} - - if len(vulnerabilities) > 0 { - for _, vul := range vulnerabilities { - vulNames = append(vulNames, vul.Name) - } - } - - imageVulnerabilities = append(imageVulnerabilities, armotypes.Vulnerabilities{ - ContainerName: vulControl.(*reporthandling.Control).Attributes[identifiers.AttributeContainerName].(string), - ImageScanID: containerScanID, - Names: vulNames}) - - } - } else { - // If the step does not check vulnerabilities, it means it is a step that checks controls. - // for steps checks vulnerabilities, we don't add the controls as they were used only for the step detection. - for _, control := range step.GetControls() { - controlIDs = append(controlIDs, control.GetControlId()) - } - } - - var nextNodes []armotypes.AttackChainNode - for i := 0; i < step.Length(); i++ { - nextNode := ConvertAttackTrackStepToAttackChainNode(step.SubStepAt(i)) - - nextNodes = append(nextNodes, *nextNode) - } - return &armotypes.AttackChainNode{ - Name: step.GetName(), - Description: step.GetDescription(), - ControlIDs: controlIDs, - Vulnerabilities: imageVulnerabilities, - RelatedResources: []identifiers.PortalDesignator{}, // Enrich from PostureReportResultRaw new "RelatedResources" field. - NextNodes: nextNodes, - } -} - -// GenerateAttackChainID generates attackChainID -// structure: customerGUID/attackTrackName/cluster/apiVersion/namespace/kind/name -func GenerateAttackChainID(customerGUID string, attackTrackName string, attributes map[string]string) string { - elements := []string{attackTrackName, customerGUID, attributes["cluster"], attributes["namespace"], attributes["kind"], attributes["name"]} - return str.AsFNVHash(strings.Join(elements, "/")) -} diff --git a/attackchains/attackchainutils_test.go b/attackchains/attackchainutils_test.go deleted file mode 100644 index f6d57f1..0000000 --- a/attackchains/attackchainutils_test.go +++ /dev/null @@ -1,285 +0,0 @@ -package attackchains - -import ( - "testing" - - armotypes "github.com/armosec/armoapi-go/armotypes" - cscanlib "github.com/armosec/armoapi-go/containerscan" - "github.com/armosec/armoapi-go/identifiers" - "github.com/kubescape/opa-utils/reporthandling" - "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" - - "github.com/stretchr/testify/assert" -) - -func TestIsVulnarableRelevantToAttackChange(t *testing.T) { - tests := []struct { - name string - vul *cscanlib.CommonContainerScanSummaryResult - expected bool - wantErr bool - }{ - { - name: "relevant - has relevancy data and relevant label is yes", - vul: &cscanlib.CommonContainerScanSummaryResult{ - ImageID: "ss", - HasRelevancyData: true, - RelevantLabel: "yes", - SeveritiesStats: []cscanlib.SeverityStats{{Severity: "Critical", RelevantCount: 1}}, - }, - expected: true, - wantErr: false, - }, - { - name: "relevant - has relevancy data and relevant label is yes but not critical", - vul: &cscanlib.CommonContainerScanSummaryResult{ - ImageID: "ss", - HasRelevancyData: true, - RelevantLabel: "yes", - SeveritiesStats: []cscanlib.SeverityStats{{Severity: "High", RelevantCount: 1}}, - }, - expected: false, - wantErr: false, - }, - { - name: "not relevant - has relevancy data and relevant label is no", - vul: &cscanlib.CommonContainerScanSummaryResult{ - ImageID: "ss", - HasRelevancyData: true, - RelevantLabel: "no", - SeveritiesStats: []cscanlib.SeverityStats{{Severity: "High", RelevantCount: 1}}, - }, - expected: false, - wantErr: false, - }, - { - name: "relevant - has no relevancy data and relevant label is no", - vul: &cscanlib.CommonContainerScanSummaryResult{ - ImageID: "ss", - HasRelevancyData: false, - RelevantLabel: "no", - SeveritiesStats: []cscanlib.SeverityStats{{Severity: "Critical", RelevantCount: 0, TotalCount: 1}}, - }, - expected: true, - wantErr: false, - }, - { - name: "relevant - has no relevancy data and relevant count is 0", - vul: &cscanlib.CommonContainerScanSummaryResult{ - ImageID: "ss", - HasRelevancyData: true, - RelevantLabel: "yes", - SeveritiesStats: []cscanlib.SeverityStats{{Severity: "Critical", RelevantCount: 0}}, - }, - expected: false, - wantErr: false, - }, - } - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - actual := isVulnerableRelevantToAttackChain(test.vul) - - assert.Equal(t, test.expected, actual) - }) - } -} - -func TestIsSupportedKind(t *testing.T) { - assert.True(t, isSupportedKind("Deployment")) - assert.True(t, isSupportedKind("Pod")) - assert.True(t, isSupportedKind("Node")) - assert.True(t, isSupportedKind("DaemonSet")) - assert.True(t, isSupportedKind("StatefulSet")) - assert.True(t, isSupportedKind("Job")) - assert.True(t, isSupportedKind("CronJob")) - assert.False(t, isSupportedKind("")) - assert.False(t, isSupportedKind("ConfigMap")) - assert.False(t, isSupportedKind("ServiceAccount")) -} - -func TestValidateWorkLoadMatch(t *testing.T) { - tests := []struct { - name string - vul *cscanlib.CommonContainerScanSummaryResult - postureResourceSummary *armotypes.PostureResourceSummary - expected bool - }{ - { - name: "resource key matches", - vul: &cscanlib.CommonContainerScanSummaryResult{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{"kind": "Deployment", "name": "test", "namespace": "default", "cluster": "minikube"}, - }, - }, - postureResourceSummary: &armotypes.PostureResourceSummary{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{"kind": "Deployment", "name": "test", "namespace": "default", "cluster": "minikube"}, - }, - }, - expected: true, - }, - { - name: "resource key does not match", - vul: &cscanlib.CommonContainerScanSummaryResult{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{"kind": "Deployment", "name": "test1", "namespace": "default", "cluster": "minikube"}, - }, - }, - postureResourceSummary: &armotypes.PostureResourceSummary{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{"kind": "Deployment", "name": "test2", "namespace": "default", "cluster": "minikube"}, - }, - }, - expected: false, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - actual := validateWorkLoadMatch(test.postureResourceSummary, test.vul) - assert.Equal(t, test.expected, actual) - }) - } -} - -func TestConvertAttackTrackStepToAttackChainNode(t *testing.T) { - - control_1 := &reporthandling.Control{ControlID: "control_1", - PortalBase: armotypes.PortalBase{ - Attributes: map[string]interface{}{ - identifiers.AttributeContainerScanId: "ContainerScanID1", - identifiers.AttributeContainerName: "ContainerName1", - "vulnerabilities": []cscanlib.ShortVulnerabilityResult{{Name: "CVE1"}}, - }, - }} - - tests := []struct { - name string - step *v1alpha1.AttackTrackStep - expected *armotypes.AttackChainNode - }{ - { - name: "attack step is nil", - step: &v1alpha1.AttackTrackStep{}, - expected: nil, - }, - { - name: "attack step is empty", - step: &v1alpha1.AttackTrackStep{ - Name: "test", - ChecksVulnerabilities: true, - Controls: []v1alpha1.IAttackTrackControl{control_1}, - }, - - expected: &armotypes.AttackChainNode{ - Name: "test", - ControlIDs: nil, - }, - }, - { - name: "attack step is not nil, not vul", - step: &v1alpha1.AttackTrackStep{ - Name: "test", - Controls: []v1alpha1.IAttackTrackControl{control_1}, - }, - - expected: &armotypes.AttackChainNode{ - Name: "test", - ControlIDs: []string{"control_1"}, - }, - }, - { - name: "attack step is not nil, vul", - step: &v1alpha1.AttackTrackStep{ - Name: "test", - ChecksVulnerabilities: true, - Controls: []v1alpha1.IAttackTrackControl{control_1}, - }, - - expected: &armotypes.AttackChainNode{ - Name: "test", - Vulnerabilities: []armotypes.Vulnerabilities{ - { - ContainerName: "ContainerName1", - ImageScanID: "ContainerScanID1", - Names: []string{"CVE1"}, - }, - }, - }, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - actual := ConvertAttackTrackStepToAttackChainNode(test.step) - if !(test.expected == nil && actual == nil) { - assert.Equal(t, test.expected.Name, actual.Name, "expected and actual are not equal") - assert.Equal(t, test.expected.ControlIDs, actual.ControlIDs, "expected and actual are not equal") - if test.expected.Vulnerabilities != nil { - assert.Equal(t, test.expected.Vulnerabilities[0].ContainerName, actual.Vulnerabilities[0].ContainerName, "expected and actual are not equal") - } - } - }) - } -} - -func TestGenerateAttackChainID(t *testing.T) { - // Test cases - testCases := []struct { - name string - customerGUID string - attackTrackName string - cluster string - apiVersion string - namespace string - kind string - resourceName string - expectedAttackChainID string - }{ - { - name: "Test case 1", - customerGUID: "1234567890", - attackTrackName: "service-destruction", - cluster: "cluster1", - apiVersion: "v1", - namespace: "default", - kind: "Deployment", - resourceName: "my-deployment", - expectedAttackChainID: "3257300354", - }, - { - name: "Test case 1", - customerGUID: "1234567890", - attackTrackName: "workload-external-track", - cluster: "cluster2", - apiVersion: "v1", - namespace: "default", - kind: "Pod", - resourceName: "my-pod", - expectedAttackChainID: "1331301378", - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - // Create a mock postureResourceSummary for testing - mockResourceSummary := &armotypes.PostureResourceSummary{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{ - "cluster": tc.cluster, - "apiVersion": tc.apiVersion, - "namespace": tc.namespace, - "kind": tc.kind, - "name": tc.resourceName, - }, - }, - } - - // Call the function to get the actual attackChainID - actualAttackChainID := GenerateAttackChainID(tc.customerGUID, tc.attackTrackName, mockResourceSummary.Designators.Attributes) - - // Check if the actual value matches the expected value - assert.Equal(t, tc.expectedAttackChainID, actualAttackChainID) - }) - } -} diff --git a/attackchains/testdata/attacktracks/service_destruction.json b/attackchains/testdata/attacktracks/service_destruction.json deleted file mode 100644 index 745b811..0000000 --- a/attackchains/testdata/attacktracks/service_destruction.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "apiVersion": "regolibrary.kubescape/v1alpha1", - "kind": "AttackTrack", - "metadata": { - "name": "service-destruction" - }, - "spec": { - "version": "1.0", - "data": { - "name": "Workload Exposure", - "subSteps": [ - { - "name": "Service Destruction" - } - ] - } - } -} \ No newline at end of file diff --git a/attackchains/testdata/attacktracks/workload_external_track.json b/attackchains/testdata/attacktracks/workload_external_track.json deleted file mode 100644 index 999f080..0000000 --- a/attackchains/testdata/attacktracks/workload_external_track.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "apiVersion": "regolibrary.kubescape/v1alpha1", - "kind": "AttackTrack", - "metadata": { - "name": "workload-external-track" - }, - "spec": { - "version": "1.0", - "data": { - "name": "Workload Exposure", - "subSteps": [ - { - "checksVulnerabilities": true, - "name": "Vulnerable Image", - "subSteps": [ - { - "name": "Data Access" - }, - { - "name": "Secret Access" - }, - { - "name": "Credential access" - }, - { - "name": "Potential Node exposure" - }, - { - "name": "Persistence" - }, - { - "name": "Network" - } - ] - } - ] - } - } -} \ No newline at end of file diff --git a/attackchains/testdata/resourcesSummary.json b/attackchains/testdata/resourcesSummary.json deleted file mode 100644 index e116022..0000000 --- a/attackchains/testdata/resourcesSummary.json +++ /dev/null @@ -1,79 +0,0 @@ -{ - "designators": { - "designatorType": "", - "attributes": { - "apiVersion": "apps/v1", - "cluster": "eran-l8ccr-aks", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "Deployment", - "name": "nginx", - "namespace": "systest-ns-076p" - } - }, - "name": "wlid://cluster-eran-l8ccr-aks/namespace-systest-ns-076p/Deployment-nginx", - "resourceID": "apps/v1/systest-ns-076p/Deployment/nginx", - "failedControls": [ - "control1", - "control2" - ], - "warningControls": null, - "skippedControls": [ - ], - "statusToControls": { - "failed": [ - "control1", - "control2" - ], - "passed": [ - - ], - "skipped": [ - - ] - }, - "failedControlsCount": 2, - "skippedControlsCount": 0, - "warningControlsCount": 0, - "status": 3, - "statusText": "failed", - "resourceKind": "Deployment", - "frameworkName": "security", - "exceptionRecommendaion": "", - "relatedExceptions": [], - "exceptionApplied": [], - "containers": [ - { - "containerName": "nginx", - "image": "nginx@sha256:aa0afebbb3cfa473099a62c4b32e9b3fb73ed23f2a75a65ce1d4b4f55a5c2ef2" - } - ], - "recommendations": [], - "timestamp": "2023-06-15T07:53:43.885453942Z", - "reportGUID": "02b0bc7c-cdb3-4ee5-ab5d-d098f31ff4c1", - "armoBestScore": 0, - "controlsInfo": { - "failed": [ - { - "id": "control1", - "baseScore": 4, - "failedResources": 0 - }, - { - "id": "control2", - "baseScore": 2, - "failedResources": 0 - } - ], - "passed": [ - - ], - "skipped": [ - - ] - }, - "criticalSeverityControls": 0, - "highSeverityControls": 1, - "mediumSeverityControls": 8, - "lowSeverityControls": 4, - "clusterShortName": "eran-l8ccr-aks" -} \ No newline at end of file diff --git a/attackchains/testdata/test.json b/attackchains/testdata/test.json deleted file mode 100644 index c552825..0000000 --- a/attackchains/testdata/test.json +++ /dev/null @@ -1,3822 +0,0 @@ -{ - "total": { - "value": 41, - "relation": "eq" - }, - "response": [ - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "plantuml", - "packageVersion": "0.3.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-3432", - "description": "Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.", - "severity": "Critical", - "name": "CVE-2023-3432", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 500, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-3432", - "https://nvd.nist.gov/vuln/detail/CVE-2023-3432" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "plantuml", - "packageVersion": "0.3.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-1379", - "description": "URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.", - "severity": "Critical", - "name": "CVE-2022-1379", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 500, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-1379", - "https://nvd.nist.gov/vuln/detail/CVE-2022-1379" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-29921", - "description": "In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.", - "severity": "Critical", - "name": "CVE-2021-29921", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 500, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-29921", - "https://nvd.nist.gov/vuln/detail/CVE-2021-29921" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", - "description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", - "severity": "Critical", - "name": "CVE-2022-37454", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 500, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": true - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", - "https://nvd.nist.gov/vuln/detail/CVE-2022-37454" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2019-12900", - "description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", - "severity": "Critical", - "name": "CVE-2019-12900", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 500, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2019-12900", - "https://nvd.nist.gov/vuln/detail/CVE-2019-12900" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-36632", - "description": "** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.", - "severity": "High", - "name": "CVE-2023-36632", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-36632", - "https://nvd.nist.gov/vuln/detail/CVE-2023-36632" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-42919", - "description": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.", - "severity": "High", - "name": "CVE-2022-42919", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": true - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-42919", - "https://nvd.nist.gov/vuln/detail/CVE-2022-42919" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "yaml", - "packageVersion": "2.2.1", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-f9xv-q969-pqx4", - "description": "Uncaught Exception in yaml", - "severity": "High", - "name": "GHSA-f9xv-q969-pqx4", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "2.2.2" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-f9xv-q969-pqx4", - "https://github.com/advisories/GHSA-f9xv-q969-pqx4" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", - "description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", - "severity": "High", - "name": "CVE-2021-3737", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", - "https://nvd.nist.gov/vuln/detail/CVE-2021-3737" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-28861", - "description": "** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states \"Warning: http.server is not recommended for production. It only implements basic security checks.\"", - "severity": "High", - "name": "CVE-2021-28861", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-28861", - "https://nvd.nist.gov/vuln/detail/CVE-2021-28861" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "libssl1.1", - "packageVersion": "1.1.1n-0+deb11u4", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "High", - "name": "CVE-2023-0464", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "1.1.1n-0+deb11u5" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "https://security-tracker.debian.org/tracker/CVE-2023-0464" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "knex", - "packageVersion": "0.21.21", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-4jv9-3563-23j3", - "description": "Knex.js has a limited SQL injection vulnerability", - "severity": "High", - "name": "GHSA-4jv9-3563-23j3", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "2.4.0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-4jv9-3563-23j3", - "https://github.com/advisories/GHSA-4jv9-3563-23j3" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "fast-xml-parser", - "packageVersion": "4.1.2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-6w63-h3fj-q4vw", - "description": "fast-xml-parser vulnerable to Regex Injection via Doctype Entities", - "severity": "High", - "name": "GHSA-6w63-h3fj-q4vw", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "4.2.4" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-6w63-h3fj-q4vw", - "https://github.com/advisories/GHSA-6w63-h3fj-q4vw" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "protobufjs", - "packageVersion": "7.2.2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-h755-8qp9-cq85", - "description": "protobufjs Prototype Pollution vulnerability", - "severity": "High", - "name": "GHSA-h755-8qp9-cq85", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "7.2.4" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-h755-8qp9-cq85", - "https://github.com/advisories/GHSA-h755-8qp9-cq85" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "@backstage/plugin-scaffolder-backend", - "packageVersion": "1.14.0", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-wg6p-jmpc-xjmr", - "description": "Backstage Scaffolder plugin has insecure sandbox", - "severity": "High", - "name": "GHSA-wg6p-jmpc-xjmr", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "1.15.0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-wg6p-jmpc-xjmr", - "https://github.com/advisories/GHSA-wg6p-jmpc-xjmr" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", - "description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", - "severity": "High", - "name": "CVE-2022-45061", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", - "https://nvd.nist.gov/vuln/detail/CVE-2022-45061" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2015-20107", - "description": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9", - "severity": "High", - "name": "CVE-2015-20107", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2015-20107", - "https://nvd.nist.gov/vuln/detail/CVE-2015-20107" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329", - "description": "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.", - "severity": "High", - "name": "CVE-2023-24329", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-24329", - "https://nvd.nist.gov/vuln/detail/CVE-2023-24329" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", - "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", - "severity": "High", - "name": "CVE-2018-25032", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", - "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", - "description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", - "severity": "High", - "name": "CVE-2022-0391", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", - "https://nvd.nist.gov/vuln/detail/CVE-2022-0391" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "libssl1.1", - "packageVersion": "1.1.1n-0+deb11u4", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", - "severity": "High", - "name": "CVE-2023-2650", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "1.1.1n-0+deb11u5" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "https://security-tracker.debian.org/tracker/CVE-2023-2650" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2020-10735", - "description": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.", - "severity": "High", - "name": "CVE-2020-10735", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2020-10735", - "https://nvd.nist.gov/vuln/detail/CVE-2020-10735" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-26488", - "description": "In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.", - "severity": "High", - "name": "CVE-2022-26488", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-26488", - "https://nvd.nist.gov/vuln/detail/CVE-2022-26488" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "libssl1.1", - "packageVersion": "1.1.1n-0+deb11u4", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", - "severity": "Medium", - "name": "CVE-2023-0466", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "1.1.1n-0+deb11u5" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "https://security-tracker.debian.org/tracker/CVE-2023-0466" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "word-wrap", - "packageVersion": "1.2.3", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-j8xg-fqg3-53r7", - "description": "word-wrap vulnerable to Regular Expression Denial of Service", - "severity": "Medium", - "name": "GHSA-j8xg-fqg3-53r7", - "fixedIn": [ - { - "name": "not-fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-j8xg-fqg3-53r7", - "https://github.com/advisories/GHSA-j8xg-fqg3-53r7" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3426", - "description": "There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.", - "severity": "Medium", - "name": "CVE-2021-3426", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-3426", - "https://nvd.nist.gov/vuln/detail/CVE-2021-3426" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "plantuml", - "packageVersion": "0.3.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-1231", - "description": "XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).", - "severity": "Medium", - "name": "CVE-2022-1231", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": true - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-1231", - "https://nvd.nist.gov/vuln/detail/CVE-2022-1231" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", - "description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", - "severity": "Medium", - "name": "CVE-2021-3733", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", - "https://nvd.nist.gov/vuln/detail/CVE-2021-3733" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "nunjucks", - "packageVersion": "3.2.3", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-x77j-w7wf-fjmw", - "description": "Nunjucks autoescape bypass leads to cross site scripting", - "severity": "Medium", - "name": "GHSA-x77j-w7wf-fjmw", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "3.2.4" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-x77j-w7wf-fjmw", - "https://github.com/advisories/GHSA-x77j-w7wf-fjmw" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "libssl1.1", - "packageVersion": "1.1.1n-0+deb11u4", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "Medium", - "name": "CVE-2023-0465", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "1.1.1n-0+deb11u5" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "https://security-tracker.debian.org/tracker/CVE-2023-0465" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340", - "description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", - "severity": "Medium", - "name": "CVE-2013-0340", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2013-0340", - "https://nvd.nist.gov/vuln/detail/CVE-2013-0340" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "tough-cookie", - "packageVersion": "2.5.0", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-72xf-g2v4-qvf3", - "description": "tough-cookie Prototype Pollution vulnerability", - "severity": "Medium", - "name": "GHSA-72xf-g2v4-qvf3", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "4.1.3" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-72xf-g2v4-qvf3", - "https://github.com/advisories/GHSA-72xf-g2v4-qvf3" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "xml2js", - "packageVersion": "0.4.23", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-776f-qx25-q3cc", - "description": "xml2js is vulnerable to prototype pollution", - "severity": "Medium", - "name": "GHSA-776f-qx25-q3cc", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "0.5.0" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-776f-qx25-q3cc", - "https://github.com/advisories/GHSA-776f-qx25-q3cc" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "request", - "packageVersion": "2.88.2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-p8p7-x288-28g6", - "description": "Server-Side Request Forgery in Request", - "severity": "Medium", - "name": "GHSA-p8p7-x288-28g6", - "fixedIn": [ - { - "name": "not-fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-p8p7-x288-28g6", - "https://github.com/advisories/GHSA-p8p7-x288-28g6" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "semver", - "packageVersion": "7.3.8", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-c2qf-rxjj-qqgw", - "description": "semver vulnerable to Regular Expression Denial of Service", - "severity": "Medium", - "name": "GHSA-c2qf-rxjj-qqgw", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "7.5.2" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-c2qf-rxjj-qqgw", - "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "plantuml", - "packageVersion": "0.3.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-3431", - "description": "Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.", - "severity": "Medium", - "name": "CVE-2023-3431", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-3431", - "https://nvd.nist.gov/vuln/detail/CVE-2023-3431" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "tough-cookie", - "packageVersion": "4.1.2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-72xf-g2v4-qvf3", - "description": "tough-cookie Prototype Pollution vulnerability", - "severity": "Medium", - "name": "GHSA-72xf-g2v4-qvf3", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "4.1.3" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-72xf-g2v4-qvf3", - "https://github.com/advisories/GHSA-72xf-g2v4-qvf3" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", - "description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", - "severity": "Medium", - "name": "CVE-2021-4189", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", - "https://nvd.nist.gov/vuln/detail/CVE-2021-4189" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-27043", - "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", - "severity": "Medium", - "name": "CVE-2023-27043", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-27043", - "https://nvd.nist.gov/vuln/detail/CVE-2023-27043" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "python", - "packageVersion": "3.9.2", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2016-3189", - "description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.", - "severity": "Medium", - "name": "CVE-2016-3189", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2016-3189", - "https://nvd.nist.gov/vuln/detail/CVE-2016-3189" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "backstage", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "backstage-development-stable", - "namespace": "devhub", - "workloadHash": "10057954063785978633" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-devhub/deployment-backstage-development-stable", - "containersScanID": "devhub-replicaset-backstage-development-stable-7bf9cb66fb-5633-e89b", - "healthStatus": "", - "imageHash": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage@sha256:3576aa68efe447438848cf79ce05f4a2790e81c041f79781824941c544043226", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "packageName": "fast-xml-parser", - "packageVersion": "4.2.4", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-gpv5-7x3g-ghjv", - "description": "fast-xml-parser regex vulnerability patch could be improved from a safety perspective", - "severity": "Low", - "name": "GHSA-gpv5-7x3g-ghjv", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "035814641800.dkr.ecr.eu-west-1.amazonaws.com/devhub-backstage:v1.1.3", - "version": "4.2.5" - } - ], - "severityScore": 200, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "devhub", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "backstage-development-stable", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "backstage", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "10057954063785978633", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-gpv5-7x3g-ghjv", - "https://github.com/advisories/GHSA-gpv5-7x3g-ghjv" - ], - "timestamp": 1689070942, - "isLastScan": -1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - } - ], - "cursor": "" -} \ No newline at end of file diff --git a/attackchains/testdata/vulnerbility.json b/attackchains/testdata/vulnerbility.json deleted file mode 100644 index d22f332..0000000 --- a/attackchains/testdata/vulnerbility.json +++ /dev/null @@ -1,2055 +0,0 @@ -{ - "total": { - "value": 22, - "relation": "eq" - }, - "response": [ - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", - "severity": "High", - "name": "CVE-2023-2650", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1u-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", - "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", - "severity": "High", - "name": "CVE-2022-4450", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", - "description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", - "severity": "High", - "name": "CVE-2023-0215", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", - "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", - "severity": "High", - "name": "CVE-2023-0286", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "github.com/docker/distribution", - "packageVersion": "v2.8.1+incompatible", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-hqxw-f8mx-cpmw", - "description": "distribution catalog API endpoint can lead to OOM via malicious user input", - "severity": "High", - "name": "GHSA-hqxw-f8mx-cpmw", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "2.8.2-beta.1" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-hqxw-f8mx-cpmw", - "https://github.com/advisories/GHSA-hqxw-f8mx-cpmw" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "High", - "name": "CVE-2023-0464", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r1" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "github.com/cloudflare/circl", - "packageVersion": "v1.1.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-1732", - "description": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", - "severity": "High", - "name": "CVE-2023-1732", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-1732", - "https://nvd.nist.gov/vuln/detail/CVE-2023-1732" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", - "description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", - "severity": "High", - "name": "CVE-2023-0215", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "High", - "name": "CVE-2023-0464", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r1" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "busybox", - "packageVersion": "1.35.0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391", - "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.", - "severity": "High", - "name": "CVE-2022-28391", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "unknown" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": true - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-28391", - "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", - "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", - "severity": "High", - "name": "CVE-2022-4450", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", - "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", - "severity": "High", - "name": "CVE-2023-0286", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", - "severity": "High", - "name": "CVE-2023-2650", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1u-r0" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "github.com/sigstore/rekor", - "packageVersion": "v0.12.1-0.20220915152154-4bb6f441c1b2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-2h5h-59f5-c5x9", - "description": "Rekor's compressed archives can result in OOM conditions", - "severity": "High", - "name": "GHSA-2h5h-59f5-c5x9", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1" - } - ], - "severityScore": 400, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-2h5h-59f5-c5x9", - "https://github.com/advisories/GHSA-2h5h-59f5-c5x9" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "github.com/cloudflare/circl", - "packageVersion": "v1.1.0", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-2q89-485c-9j2x", - "description": "Improper random reading in CIRCL", - "severity": "Medium", - "name": "GHSA-2q89-485c-9j2x", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.3.3" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-2q89-485c-9j2x", - "https://github.com/advisories/GHSA-2q89-485c-9j2x" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", - "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", - "severity": "Medium", - "name": "CVE-2022-4304", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "github.com/sigstore/rekor", - "packageVersion": "v0.12.1-0.20220915152154-4bb6f441c1b2", - "link": "https://nvd.nist.gov/vuln/detail/GHSA-frqx-jfcm-6jjr", - "description": "malformed proposed intoto entries can cause a panic", - "severity": "Medium", - "name": "GHSA-frqx-jfcm-6jjr", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.2.0" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/GHSA-frqx-jfcm-6jjr", - "https://github.com/advisories/GHSA-frqx-jfcm-6jjr" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "Medium", - "name": "CVE-2023-0465", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r2" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", - "severity": "Medium", - "name": "CVE-2023-0465", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r2" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", - "severity": "Medium", - "name": "CVE-2023-0466", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "https://nvd.nist.gov/vuln/detail/CVE-2023-0466" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libssl1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", - "severity": "Medium", - "name": "CVE-2023-0466", - "fixedIn": [ - { - "name": "unknown", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "unknown" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "https://nvd.nist.gov/vuln/detail/CVE-2023-0466" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - }, - { - "designators": { - "designatorType": "Attributes", - "attributes": { - "cluster": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "containerName": "kubescape", - "customerGUID": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "kind": "deployment", - "name": "kubescape", - "namespace": "kubescape", - "workloadHash": "5500090417138297522" - } - }, - "layerHash": "generatedlayer", - "wlid": "wlid://cluster-arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX/namespace-kubescape/deployment-kubescape", - "containersScanID": "kubescape-replicaset-kubescape-7bdc4867bb-a444-e40f", - "healthStatus": "", - "imageHash": "quay.io/kubescape/kubescape@sha256:084592a879af7d43767bc4dffd95cb938b2c6cce25ca872f8147d7c077ea3c26", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "packageName": "libcrypto1.1", - "packageVersion": "1.1.1q-r0", - "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", - "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", - "severity": "Medium", - "name": "CVE-2022-4304", - "fixedIn": [ - { - "name": "fixed", - "imageTag": "quay.io/kubescape/kubescape:v2.3.7", - "version": "1.1.1t-r0" - } - ], - "severityScore": 300, - "neglected": 0, - "urgent": 0, - "categories": { - "isRce": false - }, - "layers": [ - { - "layerHash": "generatedlayer", - "parentLayerHash": "" - } - ], - "layersNested": null, - "context": [ - { - "attribute": "cluster", - "value": "arn-aws-eks-eu-west-1-035814641800-cluster-Dex1-SANDBOX", - "source": "designators.attributes" - }, - { - "attribute": "namespace", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "kind", - "value": "deployment", - "source": "designators.attributes" - }, - { - "attribute": "name", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "containerName", - "value": "kubescape", - "source": "designators.attributes" - }, - { - "attribute": "workloadHash", - "value": "5500090417138297522", - "source": "designators.attributes" - }, - { - "attribute": "customerGUID", - "value": "1e3a88bf-92ce-44f8-914e-cbe71830d566", - "source": "designators.attributes" - } - ], - "links": [ - "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" - ], - "timestamp": 1689071492, - "isLastScan": 1, - "isFixed": 1, - "relevantLabel": "", - "clusterShortName": "Dex1-SANDBOX", - "ignoreRulesSummary": null - } - ], - "cursor": "" -} \ No newline at end of file diff --git a/go.mod b/go.mod index 41ebc10..ba3dcfb 100644 --- a/go.mod +++ b/go.mod @@ -2,206 +2,13 @@ module github.com/armosec/utils-go go 1.19 -require ( - github.com/armosec/armoapi-go v0.0.265 - github.com/armosec/utils-k8s-go v0.0.21 - github.com/aws/aws-sdk-go v1.44.312 - github.com/google/uuid v1.3.1 - github.com/kubescape/k8s-interface v0.0.135-0.20230730135750-e6e709507847 - github.com/kubescape/opa-utils v0.0.268 - github.com/kubescape/postgres-connector v0.0.108 - github.com/kubescape/synchronizer v0.0.9 - github.com/stretchr/testify v1.8.4 - go.uber.org/zap v1.26.0 - k8s.io/apimachinery v0.28.2 -) +require github.com/stretchr/testify v1.8.4 require ( - cloud.google.com/go/compute v1.23.0 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/container v1.24.0 // indirect - github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect - github.com/99designs/keyring v1.2.2 // indirect - github.com/AthenZ/athenz v1.11.32 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect - github.com/DataDog/zstd v1.5.5 // indirect - github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74 // indirect - github.com/agnivade/levenshtein v1.1.1 // indirect - github.com/apache/pulsar-client-go v0.11.0 // indirect - github.com/ardielle/ardielle-go v1.5.2 // indirect - github.com/armosec/gojay v1.2.15 // indirect - github.com/aws/aws-sdk-go-v2 v1.19.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.30 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.29 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.6 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.36 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.30 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.37 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.18.0 // indirect - github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect - github.com/aws/aws-sdk-go-v2/service/iam v1.19.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.30 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.14 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.14 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.20.1 // indirect - github.com/aws/smithy-go v1.13.5 // indirect - github.com/beorn7/perks v1.0.1 // indirect - github.com/bits-and-blooms/bitset v1.8.0 // indirect - github.com/briandowns/spinner v1.23.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/coreos/go-oidc v2.2.1+incompatible // indirect - github.com/danieljoos/wincred v1.2.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/docker v24.0.5+incompatible // indirect - github.com/docker/go-connections v0.4.0 // indirect - github.com/docker/go-units v0.5.0 // indirect - github.com/dvsekhvalnov/jose2go v1.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/fatih/color v1.15.0 // indirect - github.com/francoispqt/gojay v1.2.13 // indirect - github.com/frankban/quicktest v1.14.5 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-ini/ini v1.67.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-sql-driver/mysql v1.7.1 // indirect - github.com/gobwas/glob v0.2.3 // indirect - github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/golang/snappy v0.0.4 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/google/s2a-go v0.1.7 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect - github.com/gorilla/mux v1.8.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect - github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect - github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect - github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect - github.com/jackc/pgx/v5 v5.4.1 // indirect - github.com/jinzhu/inflection v1.0.0 // indirect - github.com/jinzhu/now v1.1.5 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.0 // indirect - github.com/kubescape/go-logger v0.0.21 // indirect - github.com/kubescape/rbac-utils v0.0.20 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/lib/pq v1.10.9 // indirect - github.com/linkedin/goavro/v2 v2.12.0 // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/mtibben/percent v0.2.1 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/olvrng/ujson v1.1.0 // indirect - github.com/open-policy-agent/opa v0.55.0 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc4 // indirect - github.com/pelletier/go-toml/v2 v2.1.0 // indirect - github.com/pierrec/lz4 v2.6.1+incompatible // indirect - github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect - github.com/pkg/errors v0.9.1 // indirect + github.com/kr/pretty v0.3.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/pquerna/cachecontrol v0.2.0 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.11.0 // indirect - github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect - github.com/sagikazarmark/locafero v0.3.0 // indirect - github.com/sagikazarmark/slog-shim v0.1.0 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect - github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spaolacci/murmur3 v1.1.0 // indirect - github.com/spf13/afero v1.10.0 // indirect - github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.17.0 // indirect - github.com/stripe/stripe-go/v74 v74.28.0 // indirect - github.com/subosito/gotenv v1.6.0 // indirect - github.com/tchap/go-patricia/v2 v2.3.1 // indirect - github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 // indirect - github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 // indirect - github.com/uptrace/uptrace-go v1.18.0 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/yashtewari/glob-intersection v0.2.0 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect - go.opentelemetry.io/otel v1.19.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.18.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.18.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 // indirect - go.opentelemetry.io/otel/metric v1.19.0 // indirect - go.opentelemetry.io/otel/sdk v1.18.0 // indirect - go.opentelemetry.io/otel/sdk/metric v0.41.0 // indirect - go.opentelemetry.io/otel/trace v1.19.0 // indirect - go.opentelemetry.io/proto/otlp v1.0.0 // indirect - go.uber.org/atomic v1.11.0 // indirect - go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.13.0 // indirect - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.15.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.12.0 // indirect - golang.org/x/term v0.12.0 // indirect - golang.org/x/text v0.13.0 // indirect - golang.org/x/time v0.3.0 // indirect - google.golang.org/api v0.143.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect - google.golang.org/grpc v1.58.2 // indirect - google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/square/go-jose.v2 v2.6.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - gorm.io/datatypes v1.2.0 // indirect - gorm.io/driver/mysql v1.5.1 // indirect - gorm.io/driver/postgres v1.5.2 // indirect - gorm.io/gorm v1.25.2 // indirect - k8s.io/api v0.28.2 // indirect - k8s.io/client-go v0.28.2 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - sigs.k8s.io/controller-runtime v0.15.0 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index d77cb35..82b748f 100644 --- a/go.sum +++ b/go.sum @@ -1,1044 +1,23 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= -cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/container v1.24.0 h1:N51t/cgQJFqDD/W7Mb+IvmAPHrf8AbPx7Bb7aF4lROE= -cloud.google.com/go/container v1.24.0/go.mod h1:lTNExE2R7f+DLbAN+rJiKTisauFCaoDq6NURZ83eVH4= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= -dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= -dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= -git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 h1:/vQbFIOMbk2FiG/kXiLl8BRyzTWDw7gX/Hz7Dd5eDMs= -github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4/go.mod h1:hN7oaIRCjzsZ2dE+yG5k+rsdt3qcwykqK6HVGcKwsw4= -github.com/99designs/keyring v1.2.2 h1:pZd3neh/EmUzWONb35LxQfvuY7kiSXAq3HQd97+XBn0= -github.com/99designs/keyring v1.2.2/go.mod h1:wes/FrByc8j7lFOAGLGSNEg8f/PaI3cgTBqhFkHUrPk= -github.com/AthenZ/athenz v1.11.32 h1:zUYcbfWbS5DsWFMA7uHZvsDqVwc746DNjLlXF1bcvoQ= -github.com/AthenZ/athenz v1.11.32/go.mod h1:2kvAtO/9aOZb6lEjHsvT5ZEztmMb3Pzhrlw16pJVmkI= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 h1:8kDqDngH+DmVBiCtIjCFTGa7MBnsIOkF9IccInFEbjk= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 h1:qtRcg5Y7jNJ4jEzPq4GpWLfTspHdNe2ZK6LjwGcjgmU= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0/go.mod h1:lPneRe3TwsoDRKY4O6YDLXHhEWrD+TIRa8XrV/3/fqw= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 h1:6A4M8smF+y8nM/DYsLNQz9n7n2ZGaEVqfz8ZWQirQkI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1/go.mod h1:WqyxV5S0VtXD2+2d6oPqOvyhGubCvzLCKSAKgQ004Uk= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 h1:1u/K2BFv0MwkG6he8RYuUcbbeK22rkoZbg4lKa/msZU= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0/go.mod h1:U5gpsREQZE6SLk1t/cFfc1eMhYAlYpEzvaYXuDfefy8= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8= -github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY= -github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/zstd v1.5.5 h1:oWf5W7GtOLgp6bciQYDmhHHjdhYkALu6S/5Ni9ZgSvQ= -github.com/DataDog/zstd v1.5.5/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw= -github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= -github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74 h1:zZX7V5abnOB0VTEFnwYxwbuot0GCZUjQZQpjHKnG1Kk= -github.com/SergJa/jsonhash v0.0.0-20210531165746-fc45f346aa74/go.mod h1:GE9lvSMBrKhFDkoh660mCThn1v7/jfb1r0Z+DpUX4zQ= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/apache/pulsar-client-go v0.11.0 h1:fniyVbewAOcMSMLwxzhdrCFmFTorCW40jfnmQVcsrJw= -github.com/apache/pulsar-client-go v0.11.0/go.mod h1:FoijqJwgjroSKptIWp1vvK1CXs8dXnQiL8I+MHOri4A= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= -github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= -github.com/ardielle/ardielle-go v1.5.2 h1:TilHTpHIQJ27R1Tl/iITBzMwiUGSlVfiVhwDNGM3Zj4= -github.com/ardielle/ardielle-go v1.5.2/go.mod h1:I4hy1n795cUhaVt/ojz83SNVCYIGsAFAONtv2Dr7HUI= -github.com/armosec/armoapi-go v0.0.265 h1:xcDeXmZVkgCoyvTQpFuXFTlUUIylBn+6FhoyaVuItTk= -github.com/armosec/armoapi-go v0.0.265/go.mod h1:CJT5iH5VF30zjdQYXaQhsAm8IEHtM1T87HcFVXeLX54= -github.com/armosec/ca-test v0.0.12 h1:O6fYkQhfCYDEVKcy6pAHCvHNP17vtlKFxStRr3KRUz4= -github.com/armosec/gojay v1.2.15 h1:sSB2vnAvacUNkw9nzUYZKcPzhJOyk6/5LK2JCNdmoZY= -github.com/armosec/gojay v1.2.15/go.mod h1:vzVAaay2TWJAngOpxu8aqLbye9jMgoKleuAOK+xsOts= -github.com/armosec/utils-k8s-go v0.0.21 h1:/3k+TOssKgYMaYKJY4dhvHmPnrzmVAKW9PjNirRSGrY= -github.com/armosec/utils-k8s-go v0.0.21/go.mod h1:CXgkHFgY8xlKN+wiQ8TyjwNj0+VSgj6NolB3itZ2lY8= -github.com/aws/aws-sdk-go v1.44.312 h1:llrElfzeqG/YOLFFKjg1xNpZCFJ2xraIi3PqSuP+95k= -github.com/aws/aws-sdk-go v1.44.312/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.19.1 h1:STs0lbbpXu3byTPcnRLghs2DH0yk9qKDo27TyyJSKsM= -github.com/aws/aws-sdk-go-v2 v1.19.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2/config v1.18.30 h1:TTAXQIn31qYFUQjkW6siVrRTX1ux+sADZDOe3jsZcMg= -github.com/aws/aws-sdk-go-v2/config v1.18.30/go.mod h1:+YogjT7e/t9JVu/sOnZZgxTge1G+bPNk8zOaI0QIQvE= -github.com/aws/aws-sdk-go-v2/credentials v1.13.29 h1:KNgCpThGuZyCjq9EuuqoLDenKKMwO/x1Xx01ckDa7VI= -github.com/aws/aws-sdk-go-v2/credentials v1.13.29/go.mod h1:VMq1LcmSEa9qxBlOCYTjVuGJWEEzhGmgL552jQsmhss= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.6 h1:kortK122LvTU34CGX/F9oJpelXKkEA2j/MW48II+8+8= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.6/go.mod h1:k7IPHyHNIASI0m0RwOmCjWOTtgG+J0raqwuHH8WhWJE= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.36 h1:kbk81RlPoC6e4co7cQx2FAvH9TgbzxIqCqiosAFiB+w= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.36/go.mod h1:T8Jsn/uNL/AFOXrVYQ1YQaN1r9gN34JU1855/Lyjv+o= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.30 h1:lMl8S5SB8jNCB+Sty2Em4lnu3IJytceHQd7qbmfqKL0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.30/go.mod h1:v3GSCnFxbHzt9dlWBqvA1K1f9lmWuf4ztupZBCAIVs4= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.37 h1:BXiqvN7WuV/pMhz8CivhO8cG8icJcjnjHumif4ukQ0c= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.37/go.mod h1:d4GZ62cjnz/hjKFdAu11gAwK73bdhqaFv2O4J1gaqIs= -github.com/aws/aws-sdk-go-v2/service/ecr v1.18.0 h1:5RVanD+P+L2W9WU07/8J/A52vnQi7F3ClBdWQttgYlg= -github.com/aws/aws-sdk-go-v2/service/ecr v1.18.0/go.mod h1:9yGOFsa2OcdyePojE89xNGtdBusTyc8ocjpiuFtFc0g= -github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 h1:SA+98Rnehl2KXewvGXc2Lw2ns3Y4t9jdMHmEY5hcNws= -github.com/aws/aws-sdk-go-v2/service/eks v1.28.1/go.mod h1:cQRkgJKg6s9AIzFZ+i4pXdm+/3Fw4MuPNqCdMvSaqns= -github.com/aws/aws-sdk-go-v2/service/iam v1.19.0 h1:9vCynoqC+dgxZKrsjvAniyIopsv3RZFsZ6wkQ+yxtj8= -github.com/aws/aws-sdk-go-v2/service/iam v1.19.0/go.mod h1:OyAuvpFeSVNppcSsp1hFOVQcaTRc1LE24YIR7pMbbAA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.30 h1:UcVZxLVNY4yayCmiG94Ge3l2qbc5WEB/oa4RmjoQEi0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.30/go.mod h1:wPffyJiWWtHwvpFyn23WjAjVjMnlQOQrl02+vutBh3Y= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.14 h1:gUjz7trfz9qBm0AlkKTvJHBXELi1wvw+2LA9GfD2AsM= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.14/go.mod h1:9kfRdJgLCbnyeqZ/DpaSwcgj9ZDYLfRpe8Sze+NrYfQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.14 h1:8bEtxV5UT9ucdWGXfZ7CM3caQhSHGjWnTHt0OeF7m7s= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.14/go.mod h1:nd9BG2UnexN2sDx/mk2Jd6pf3d2E61AiA8m8Fdvdx8Y= -github.com/aws/aws-sdk-go-v2/service/sts v1.20.1 h1:U7h9CPoyMfVoN5jUglB0LglCMP10AK4vMBsbsCKM8Yw= -github.com/aws/aws-sdk-go-v2/service/sts v1.20.1/go.mod h1:BUHusg4cOA1TFGegj7x8/eoWrbdHzJfoMrXcbMQAG0k= -github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= -github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c= -github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= -github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= -github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= -github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= -github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk= -github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= -github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= -github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= -github.com/dimfeld/httptreemux v5.0.1+incompatible h1:Qj3gVcDNoOthBAqftuD596rm4wg/adLLz5xh5CmpiCA= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY= -github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= -github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= -github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dvsekhvalnov/jose2go v1.5.0 h1:3j8ya4Z4kMCwT5nXIKFSV84YS+HdqSSO0VsTQxaLAeM= -github.com/dvsekhvalnov/jose2go v1.5.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= -github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= -github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= -github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 h1:ZpnhV/YsD2/4cESfV5+Hoeu/iUR3ruzNvZ+yQfO03a0= -github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= -github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= -github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= -github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.1.1 h1:jxpi2eWoU84wbX9iIEyAeeoac3FLuifZpY9tcNUD9kw= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ= -github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk= -github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c h1:6rhixN/i8ZofjG1Y75iExal34USq5p+wiN1tpie8IrU= -github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c/go.mod h1:NMPJylDgVpX0MLRlPy15sqSwOFv/U1GZ2m21JhFfek0= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= -github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= -github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= -github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.4.1 h1:oKfB/FhuVtit1bBM3zNRRsZ925ZkMN3HXL+LgLUM9lE= -github.com/jackc/pgx/v5 v5.4.1/go.mod h1:q6iHT8uDNXWiFNOlRqJzBTaSH3+2xCXkokxHZC5qWFY= -github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= -github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= -github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= -github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ= -github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM= -github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kubescape/go-logger v0.0.21 h1:4ZRIEw3UGUH6BG/cH3yiqFipzQSfGAoCrxlsZuk37ys= -github.com/kubescape/go-logger v0.0.21/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g= -github.com/kubescape/k8s-interface v0.0.135-0.20230730135750-e6e709507847 h1:GGuS6pE6KGa5q7j9fkRN3p1eQw16/jLUMnPR8FT3O6M= -github.com/kubescape/k8s-interface v0.0.135-0.20230730135750-e6e709507847/go.mod h1:eBd6few7RYplnNNlHoe6d7jMmoE6Kx1emapJ91euBbY= -github.com/kubescape/opa-utils v0.0.268 h1:mIsAbpIW0aIk8xr0ECuf8q9gUntGQqJQIJACtn1hklk= -github.com/kubescape/opa-utils v0.0.268/go.mod h1:95JkuIOfClgLc+DyGb2mDvefRW0STkZe4L2z6AaZJlQ= -github.com/kubescape/postgres-connector v0.0.108 h1:kWLbLP2oVwMwTJ0XVZzQq1q3OwRMVJ/Yfrb6HrYUaIg= -github.com/kubescape/postgres-connector v0.0.108/go.mod h1:L/3oY216b7uenDZrLkNDrR4nzUE2crv6FfuonzW5fXY= -github.com/kubescape/rbac-utils v0.0.20 h1:1MMxsCsCZ3ntDi8f9ZYYcY+K7bv50bDW5ZvnGnhMhJw= -github.com/kubescape/rbac-utils v0.0.20/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ= -github.com/kubescape/synchronizer v0.0.9 h1:aMbhF6NB4tQU4RxYO3z8wgheazEtNrORBgccsY8Ieno= -github.com/kubescape/synchronizer v0.0.9/go.mod h1:bz2swhXw6H4ABpn74ooQmWm5CZYPQeB7wv6LzknjHno= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= -github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/linkedin/goavro/v2 v2.12.0 h1:rIQQSj8jdAUlKQh6DttK8wCRv4t4QO09g1C4aBWXslg= -github.com/linkedin/goavro/v2 v2.12.0/go.mod h1:KXx+erlq+RPlGSPmLF7xGo6SAbh8sCQ53x064+ioxhk= -github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/microsoft/go-mssqldb v0.17.0 h1:Fto83dMZPnYv1Zwx5vHHxpNraeEaUlQ/hhHLgZiaenE= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/mtibben/percent v0.2.1 h1:5gssi8Nqo8QU/r2pynCm+hBQHpkB/uNK7BJCFogWdzs= -github.com/mtibben/percent v0.2.1/go.mod h1:KG9uO+SZkUp+VkRHsCdYQV3XSZrrSpR3O9ibNBTZrns= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= -github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/olvrng/ujson v1.1.0 h1:8xVUzVlqwdMVWh5d1UHBtLQ1D50nxoPuPEq9Wozs8oA= -github.com/olvrng/ujson v1.1.0/go.mod h1:Mz4G3RODTUfbkKyvi0lgmPx/7vd3Saksk+1jgk8s9xo= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= -github.com/open-policy-agent/opa v0.55.0 h1:s7Vm4ph6zDqqP/KzvUSw9fsKVsm9lhbTZhYGxxTK7mo= -github.com/open-policy-agent/opa v0.55.0/go.mod h1:2Vh8fj/bXCqSwGMbBiHGrw+O8yrho6T/fdaHt5ROmaQ= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/pierrec/lz4 v2.6.1+incompatible h1:9UY3+iC23yxF0UfGaYrGplQ+79Rg+h/q9FV9ix19jjM= -github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/cachecontrol v0.2.0 h1:vBXSNuE5MYP9IJ5kjsdo8uq+w41jSPgvba2DEnkRx9k= -github.com/pquerna/cachecontrol v0.2.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= -github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.11.0 h1:5EAgkfkMl659uZPbe9AS2N68a7Cc1TJbPEuGzFuRbyk= -github.com/prometheus/procfs v0.11.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ= -github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U= -github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= -github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= -github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= -github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= -github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= -github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw= -github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI= -github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU= -github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag= -github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg= -github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw= -github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y= -github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= -github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q= -github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ= -github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I= -github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0= -github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ= -github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk= -github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= -github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= -github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= -github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= -github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= -github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= -github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI= -github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stripe/stripe-go/v74 v74.28.0 h1:ItzPPy+cjMKbR3Oihknt/8dv6PANp3hTThUGZjhF9lc= -github.com/stripe/stripe-go/v74 v74.28.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaBRvGAimAO+udbBw= -github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= -github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= -github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes= -github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= -github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 h1:CNznWHkrbA6o1q2H/BsH4tIHf4zbKNtndeoV+AH8z0U= -github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2/go.mod h1:7YSrHCmYPHIXjTWnKSU7EGT0TFEcm3WwSeQquwCGg38= -github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 h1:uyrW06oJi4iWvhjPLVfk4qrSP2Zm0AMozKKDmp6i4pE= -github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2/go.mod h1:PMAs2dNxP55lgt6xu0if+Jasm6s+Xpmqn6ev1NyDfnI= -github.com/uptrace/uptrace-go v1.18.0 h1:RY15qy19C0irbe2UCxQbjenk8WyUdvUV756R9ZpqCGI= -github.com/uptrace/uptrace-go v1.18.0/go.mod h1:BUW3sFgEyRmZIxts4cv6TGaJnWAW95uW78GIiSdChOQ= -github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= -github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 h1:pginetY7+onl4qN1vl0xW/V/v6OBZ0vVdH+esuJgvmM= -go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 h1:TXu20nL4yYfJlQeqG/D3Ia6b0p2HZmLfJto9hqJTQ/c= -go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0/go.mod h1:tQ5gBnfjndV1su3+DiLuu6rnd9hBBzg4rkRILnjSNFg= -go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 h1:k0k7hFNDd8K4iOMJXj7s8sHaC4mhTlAeppRmZXLgZ6k= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0/go.mod h1:hG4Fj/y8TR/tlEDREo8tWstl9fO9gcFkn4xrx0Io8xU= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 h1:HgbDTD8pioFdY3NRc/YCvsWjqQPtweGyXxa32LgnTOw= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0/go.mod h1:tmvt/yK5Es5d6lHYWerLSOna8lCEfrBVX/a9M0ggqss= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.18.0 h1:IAtl+7gua134xcV3NieDhJHjjOVeJhXAnYf/0hswjUY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.18.0/go.mod h1:w+pXobnBzh95MNIkeIuAKcHe/Uu/CX2PKIvBP6ipKRA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.18.0 h1:yE32ay7mJG2leczfREEhoW3VfSZIvHaB+gvVo1o8DQ8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.18.0/go.mod h1:G17FHPDLt74bCI7tJ4CMitEk4BXTYG4FW6XUpkPBXa4= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 h1:hSWWvDjXHVLq9DkmB+77fl8v7+t+yYiS+eNkiplDK54= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0/go.mod h1:zG7KQql1WjZCaUJd+L/ReSYx4bjbYJxg5ws9ws+mYes= -go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/sdk v1.18.0 h1:e3bAB0wB3MljH38sHzpV/qWrOTCFrdZF2ct9F8rBkcY= -go.opentelemetry.io/otel/sdk v1.18.0/go.mod h1:1RCygWV7plY2KmdskZEDDBs4tJeHG92MdHZIluiYs/M= -go.opentelemetry.io/otel/sdk/metric v0.41.0 h1:c3sAt9/pQ5fSIUfl0gPtClV3HhE18DCVzByD33R/zsk= -go.opentelemetry.io/otel/sdk/metric v0.41.0/go.mod h1:PmOmSt+iOklKtIg5O4Vz9H/ttcRFSNTgii+E1KGyn1w= -go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= -go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= -golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= -golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= -golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.143.0 h1:o8cekTkqhywkbZT6p1UHJPZ9+9uuCAJs/KYomxZB8fA= -google.golang.org/api v0.143.0/go.mod h1:FoX9DO9hT7DLNn97OuoZAGSDuNAXdJRuGK98rSUgurk= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= -google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb h1:XFBgcDwm7irdHTbz4Zk2h7Mh+eis4nfJEFQFYzJzuIA= -google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb h1:lK0oleSc7IQsUxO3U5TjL9DWlsxpEBemh+zpB7IqhWI= -google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I= -google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= -gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gorm.io/datatypes v1.2.0 h1:5YT+eokWdIxhJgWHdrb2zYUimyk0+TaFth+7a0ybzco= -gorm.io/datatypes v1.2.0/go.mod h1:o1dh0ZvjIjhH/bngTpypG6lVRJ5chTBxE09FH/71k04= -gorm.io/driver/mysql v1.5.1 h1:WUEH5VF9obL/lTtzjmML/5e6VfFR/788coz2uaVCAZw= -gorm.io/driver/mysql v1.5.1/go.mod h1:Jo3Xu7mMhCyj8dlrb3WoCaRd1FhsVh+yMXb1jUInf5o= -gorm.io/driver/postgres v1.5.2 h1:ytTDxxEv+MplXOfFe3Lzm7SjG09fcdb3Z/c056DTBx0= -gorm.io/driver/postgres v1.5.2/go.mod h1:fmpX0m2I1PKuR7mKZiEluwrP3hbs+ps7JIGMUBpCgl8= -gorm.io/driver/sqlite v1.4.3 h1:HBBcZSDnWi5BW3B3rwvVTc510KGkBkexlOg0QrmLUuU= -gorm.io/driver/sqlserver v1.4.1 h1:t4r4r6Jam5E6ejqP7N82qAJIJAht27EGT41HyPfXRw0= -gorm.io/gorm v1.25.1/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= -gorm.io/gorm v1.25.2 h1:gs1o6Vsa+oVKG/a9ElL3XgyGfghFfkKA2SInQaCyMho= -gorm.io/gorm v1.25.2/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.2 h1:9mpl5mOb6vXZvqbQmankOfPIGiudghwCoLl1EYfUZbw= -k8s.io/api v0.28.2/go.mod h1:RVnJBsjU8tcMq7C3iaRSGMeaKt2TWEUXcpIt/90fjEg= -k8s.io/apimachinery v0.28.2 h1:KCOJLrc6gu+wV1BYgwik4AF4vXOlVJPdiqn0yAWWwXQ= -k8s.io/apimachinery v0.28.2/go.mod h1:RdzF87y/ngqk9H4z3EL2Rppv5jj95vGS/HaFXrLDApU= -k8s.io/client-go v0.28.2 h1:DNoYI1vGq0slMBN/SWKMZMw0Rq+0EQW6/AK4v9+3VeY= -k8s.io/client-go v0.28.2/go.mod h1:sMkApowspLuc7omj1FOSUxSoqjr+d5Q0Yc0LOFnYFJY= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU= -sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= -sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= -sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/resourceprocessor/parser.go b/resourceprocessor/parser.go deleted file mode 100644 index 638882f..0000000 --- a/resourceprocessor/parser.go +++ /dev/null @@ -1,86 +0,0 @@ -package resourceprocessor - -import ( - "time" - - "github.com/armosec/utils-k8s-go/armometadata" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - AnnotationKeyStatus = "kubescape.io/status" - AnnotationValueIncomplete = "incomplete" - - MetadataKeyResourceVersion = "resourceVersion" -) - -type KubernetesObjectParser struct { - resourceVersion string - labels map[string]string - annotations map[string]string - creationStamp time.Time - ownerReferences metav1.OwnerReference -} - -func NewKubernetesResourceParser(input []byte) (*KubernetesObjectParser, error) { - err, annotations, labels, ownerReferences, creationStamp, resourceVersion := armometadata.ExtractMetadataFromJsonBytes(input) - - if err != nil { - return nil, err - } - - creationStampTime, err := time.Parse(time.RFC3339, creationStamp) - if err != nil { - return nil, err - } - - newOwnerReferences := metav1.OwnerReference{} - - if len(ownerReferences) > 0 { - if value, ok := ownerReferences["name"]; ok { - newOwnerReferences.Name = value - } - - if value, ok := ownerReferences["kind"]; ok { - newOwnerReferences.Kind = value - } - - } - - newKubernetesResourceParser := &KubernetesObjectParser{} - newKubernetesResourceParser.resourceVersion = resourceVersion - newKubernetesResourceParser.labels = labels - newKubernetesResourceParser.annotations = annotations - newKubernetesResourceParser.creationStamp = creationStampTime - newKubernetesResourceParser.ownerReferences = newOwnerReferences - - return newKubernetesResourceParser, nil -} - -func (k *KubernetesObjectParser) GetLabel(label string) string { - return k.labels[label] -} - -func (k *KubernetesObjectParser) GetAnnotation(annotation string) string { - return k.annotations[annotation] -} - -func (k *KubernetesObjectParser) GetCreationTimestamp() time.Time { - return k.creationStamp -} - -func (k *KubernetesObjectParser) GetResourceVersion() string { - return k.resourceVersion -} - -func (k *KubernetesObjectParser) GetOwnerReferencesKind() string { - return k.ownerReferences.Kind -} - -func (k *KubernetesObjectParser) GetOwnerReferencesName() string { - return k.ownerReferences.Name -} - -func (k *KubernetesObjectParser) GetStatus() string { - return k.annotations[AnnotationKeyStatus] -} diff --git a/resourceprocessor/parser_test.go b/resourceprocessor/parser_test.go deleted file mode 100644 index b4a3299..0000000 --- a/resourceprocessor/parser_test.go +++ /dev/null @@ -1,75 +0,0 @@ -package resourceprocessor - -import ( - "reflect" - "testing" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func TestNewKubernetesResourceParser(t *testing.T) { - // Test case with valid JSON input - t.Run("valid input", func(t *testing.T) { - validInput := []byte(`{ - "metadata": { - "annotations": {"kubescape.io/status": "active"}, - "labels": {"kubescape.io/workload-name": "example"}, - "ownerReferences": [{"name": "ownerName", "kind": "ownerKind"}], - "creationTimestamp": "2023-03-15T08:00:00Z", - "resourceVersion": "12345" - } - }`) - - expectedCreationTimestamp, _ := time.Parse(time.RFC3339, "2023-03-15T08:00:00Z") - expectedParser := &KubernetesObjectParser{ - resourceVersion: "12345", - labels: map[string]string{"kubescape.io/workload-name": "example"}, - annotations: map[string]string{"kubescape.io/status": "active"}, - creationStamp: expectedCreationTimestamp, - ownerReferences: metav1.OwnerReference{Name: "ownerName", Kind: "ownerKind"}, - } - - parser, err := NewKubernetesResourceParser(validInput) - if err != nil { - t.Fatalf("Expected no error, got %v", err) - } - if !reflect.DeepEqual(parser, expectedParser) { - t.Errorf("Expected parser %+v, got %+v", expectedParser, parser) - } - }) - - // Test case with invalid JSON input - t.Run("invalid json input", func(t *testing.T) { - invalidInput := []byte(`invalid json`) - - _, err := NewKubernetesResourceParser(invalidInput) - if err == nil { - t.Errorf("Expected error, got nil") - } - }) - - // Test case with invalid date format - t.Run("invalid date format", func(t *testing.T) { - invalidDateInput := []byte(`{ - "metadata": { - "creationTimestamp": "invalid-date-format" - } - }`) - - _, err := NewKubernetesResourceParser(invalidDateInput) - if err == nil { - t.Errorf("Expected error parsing date, got nil") - } - }) - - // Test case with empty JSON - t.Run("empty json", func(t *testing.T) { - emptyJSON := []byte(`{}`) - - _, err := NewKubernetesResourceParser(emptyJSON) - if err == nil { - t.Errorf("Expected error due to missing metadata, got nil") - } - }) -} diff --git a/resourceprocessor/resources_processor.go b/resourceprocessor/resources_processor.go deleted file mode 100644 index b8def73..0000000 --- a/resourceprocessor/resources_processor.go +++ /dev/null @@ -1,285 +0,0 @@ -package resourceprocessor - -import ( - "bytes" - "encoding/json" - "fmt" - - "github.com/armosec/armoapi-go/armotypes" - "github.com/armosec/armoapi-go/identifiers" - s3connector "github.com/armosec/utils-go/s3connector" - instanceidhandler "github.com/kubescape/k8s-interface/instanceidhandler/v1" - postgresconnectordal "github.com/kubescape/postgres-connector/dal" - syncUtils "github.com/kubescape/synchronizer/utils" - "go.uber.org/zap" -) - -const ( - kubernetesResourcesS3KeyPrefix = "kubernetesresources" -) - -type KubernetesResourceProcessor struct { - pgDal *postgresconnectordal.PostgresDAL - s3Storage s3connector.ObjectStorage -} - -func NewKubernetesResourceProcessor(s3Storage s3connector.ObjectStorage, pgDal *postgresconnectordal.PostgresDAL) *KubernetesResourceProcessor { - return &KubernetesResourceProcessor{ - pgDal: pgDal, - s3Storage: s3Storage, - } -} - -// Delete deletes the resource from S3 and Postgres -// if deleting from S3 fails, the resource will not be deleted from Postgres -func (k KubernetesResourceProcessor) Delete(customerGUID, cluster, kind, namespace, name string) error { - - // delete from postgres and get object ref - resourceObjectRef, err := k.deleteObjectFromPostgres(customerGUID, cluster, kind, namespace, name) - if err != nil { - return fmt.Errorf("deleteResource: failed to delete resource from postgres: %w", err) - } - - objPath := s3connector.S3ObjectPath{} - if err := json.Unmarshal([]byte(resourceObjectRef), &objPath); err != nil { - return fmt.Errorf("failed to unmarshal object ref: %w", err) - } - - // delete from s3 - // TODO : decide if we want to delete S3 objects on run-time or periodically against postgres reources current states - - // if err = k.s3Storage.DeleteObject(objPath); err != nil { - - // // failing to delete from s3 is not a critical error as postgres is the main source of truth for the resource - // zap.L().Warn("failed to delete resource from s3", zap.Error(err)) - // } - - return nil - -} - -// Patch patches the resource in S3 and Postgres -// if patching in S3 fails, the resource will not be patched in Postgres -func (k KubernetesResourceProcessor) Patch(customerGUID, cluster, kind, namespace, name string, payload []byte) error { - if payload == nil { - return fmt.Errorf("In Patch: Payload is nil") - } - - parser, err := NewKubernetesResourceParser(payload) - - if err != nil { - return fmt.Errorf("In Patch: failed to parse resource: %w", err) - } - - if parser.GetStatus() == AnnotationValueIncomplete { - zap.L().Warn("In Patch: resource status is incomplete, skipping processing") - return nil - } - - key := generateResourceStorageKey(customerGUID, cluster, kind, namespace, name) - - objPath := s3connector.S3ObjectPath{ - Key: key, - } - - objPath, err = k.s3Storage.StoreObject(objPath, bytes.NewReader(payload)) - if err != nil { - return fmt.Errorf("In Patch: failed to store resource in s3: %w", err) - } - - objRefBytes, err := json.Marshal(objPath) - if err != nil { - return fmt.Errorf("In Patch: failed to marshal object reference: %w", err) - } - - checksum, err := syncUtils.CanonicalHash(payload) - if err != nil { - return fmt.Errorf("In Patch: failed to calculate checksum: %w", err) - } - - resource := armotypes.KubernetesObject{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{ - identifiers.AttributeCluster: cluster, - identifiers.AttributeKind: kind, - identifiers.AttributeNamespace: namespace, - identifiers.AttributeName: name, - identifiers.AttributeCustomerGUID: customerGUID, - }, - }, - ResourceVersion: parser.GetResourceVersion(), - CreationTimestamp: parser.GetCreationTimestamp(), - OwnerReferenceName: parser.GetOwnerReferencesName(), - OwnerReferenceKind: parser.GetOwnerReferencesKind(), - RelatedName: parser.GetLabel(instanceidhandler.NameMetadataKey), - RelatedKind: parser.GetLabel(instanceidhandler.KindMetadataKey), - RelatedNamespace: parser.GetLabel(instanceidhandler.NamespaceMetadataKey), - RelatedAPIGroup: parser.GetLabel(instanceidhandler.ApiGroupMetadataKey), - RelatedAPIVersion: parser.GetLabel(instanceidhandler.ApiVersionMetadataKey), - Checksum: checksum, - ResourceObjectRef: string(objRefBytes), - } - - return k.patchObjectInPostgres(resource) - -} - -// Store stores the resource in S3 and Postgres -// if storing in S3 fails, the resource will not be stored in Postgres -func (k KubernetesResourceProcessor) Store(customerGUID, cluster, kind, namespace, name string, payload []byte) error { - if payload == nil { - return fmt.Errorf("In Store: Payload is nil") - } - - parser, err := NewKubernetesResourceParser(payload) - - if err != nil { - return fmt.Errorf("In Store: failed to extract metadata from json bytes: %w", err) - } - - if parser.GetStatus() == AnnotationValueIncomplete { - zap.L().Warn("In Store: resource status is incomplete, skipping processing") - return nil - } - - key := generateResourceStorageKey(customerGUID, cluster, kind, namespace, name) - objPath := s3connector.S3ObjectPath{ - Key: key, - } - objPath, err = k.s3Storage.StoreObject(objPath, bytes.NewReader(payload)) - if err != nil { - return fmt.Errorf("In Store: failed to store resource in s3: %w", err) - } - - objRefBytes, err := json.Marshal(objPath) - if err != nil { - return fmt.Errorf("In Store: failed to marshal object reference: %w", err) - } - - checksum, err := syncUtils.CanonicalHash(payload) - if err != nil { - return fmt.Errorf("In Store: failed to calculate checksum: %w", err) - } - - resource := armotypes.KubernetesObject{ - Designators: identifiers.PortalDesignator{ - Attributes: map[string]string{ - identifiers.AttributeCluster: cluster, - identifiers.AttributeKind: kind, - identifiers.AttributeNamespace: namespace, - identifiers.AttributeName: name, - identifiers.AttributeCustomerGUID: customerGUID, - }, - }, - ResourceVersion: parser.GetResourceVersion(), - CreationTimestamp: parser.GetCreationTimestamp(), - OwnerReferenceName: parser.GetOwnerReferencesName(), - OwnerReferenceKind: parser.GetOwnerReferencesKind(), - RelatedName: parser.GetLabel(instanceidhandler.NameMetadataKey), - RelatedKind: parser.GetLabel(instanceidhandler.KindMetadataKey), - RelatedNamespace: parser.GetLabel(instanceidhandler.NamespaceMetadataKey), - RelatedAPIGroup: parser.GetLabel(instanceidhandler.ApiGroupMetadataKey), - RelatedAPIVersion: parser.GetLabel(instanceidhandler.ApiVersionMetadataKey), - Checksum: checksum, - ResourceObjectRef: string(objRefBytes), - } - - return k.storeObjectInPostgres(resource) -} - -// Get gets the resource from S3 and Postgres -func (k KubernetesResourceProcessor) Get(customerGUID, cluster, kind, namespace, name string) (*armotypes.KubernetesObject, []byte, error) { - - resourceObject, found, err := k.GetObjectFromPostgres(customerGUID, cluster, kind, namespace, name) - if err != nil { - return nil, nil, fmt.Errorf("In Get: failed to get resource from postgres: %w", err) - } - - if !found || resourceObject == nil { - return nil, nil, nil - } - - objPath := s3connector.S3ObjectPath{} - if err := json.Unmarshal([]byte(resourceObject.ResourceObjectRef), &objPath); err != nil { - return nil, nil, fmt.Errorf("In Get: failed to unmarshal object reference: %w", err) - } - - objectBytes, err := k.GetObjectFromS3(objPath) - - if err != nil { - return nil, nil, fmt.Errorf("In Get: failed to get resource from s3: %w", err) - } - - return resourceObject, objectBytes, nil -} - -// GetObjectFromPostgres gets the resource from Postgres -func (k KubernetesResourceProcessor) GetObjectFromPostgres(customerGUID, cluster, kind, namespace, name string) (*armotypes.KubernetesObject, bool, error) { - resource, err := k.pgDal.RetrieveKubernetesObject(customerGUID, map[string]string{ - identifiers.AttributeCluster: cluster, - identifiers.AttributeKind: kind, - identifiers.AttributeNamespace: namespace, - identifiers.AttributeName: name, - }) - - if err != nil { - return nil, false, err - } - - if resource == nil { - return nil, false, nil - } - - return resource, true, nil -} - -// GetObjectFromS3 gets the resource from S3 -func (k KubernetesResourceProcessor) GetObjectFromS3(objPath s3connector.S3ObjectPath) ([]byte, error) { - - reader, err := k.s3Storage.GetObject(objPath) - if err != nil { - return nil, err - } - - buf := new(bytes.Buffer) - _, err = buf.ReadFrom(reader) - if err != nil { - return nil, err - } - - return buf.Bytes(), nil -} - -func (k KubernetesResourceProcessor) patchObjectInPostgres(resource armotypes.KubernetesObject) error { - err := k.pgDal.PatchKubernetesResource(resource.Designators.Attributes[identifiers.AttributeCustomerGUID], resource) - if err != nil { - return fmt.Errorf("patchObjectInPostgres: failed to patch resource in postgres: %w", err) - } - return nil -} - -func (k KubernetesResourceProcessor) storeObjectInPostgres(resource armotypes.KubernetesObject) error { - err := k.pgDal.StoreKubernetesResource(resource.Designators.Attributes[identifiers.AttributeCustomerGUID], resource) - if err != nil { - return fmt.Errorf("storeObjectInPostgres: failed to store resource in postgres: %w", err) - } - return nil -} - -func (k KubernetesResourceProcessor) deleteObjectFromPostgres(customerGUID, cluster, kind, namespace, name string) (string, error) { - resourceObjectRef, err := k.pgDal.DeleteKubernetesResource(customerGUID, map[string]string{ - identifiers.AttributeCluster: cluster, - identifiers.AttributeKind: kind, - identifiers.AttributeNamespace: namespace, - identifiers.AttributeName: name, - }) - - if err != nil { - return "", err - } - return resourceObjectRef, nil -} - -func generateResourceStorageKey(customerGUID, cluster, kind, namespace, name string) string { - return fmt.Sprintf("%s/%s/%s/%s/%s/%s", kubernetesResourcesS3KeyPrefix, customerGUID, cluster, kind, namespace, name) -} diff --git a/resourceprocessor/resources_processor_test.go b/resourceprocessor/resources_processor_test.go deleted file mode 100644 index 146fc21..0000000 --- a/resourceprocessor/resources_processor_test.go +++ /dev/null @@ -1,107 +0,0 @@ -package resourceprocessor - -import ( - "testing" - - s3connector "github.com/armosec/utils-go/s3connector" - postgresconnector "github.com/kubescape/postgres-connector/dal" - - "github.com/stretchr/testify/suite" -) - -func TestResourceProcessorTestSuite(t *testing.T) { - suite.Run(t, new(ResourceProcessorTestSuite)) -} - -type ResourceProcessorTestSuite struct { - postgresconnector.PostgresConnectorTestSuite - s3 s3connector.S3Mock - suite *suite.Suite -} - -func (suite *ResourceProcessorTestSuite) SetupSuite() { - suite.PostgresConnectorTestSuite.SetupSuite() - suite.s3 = s3connector.NewS3Mock() -} - -func (suite *ResourceProcessorTestSuite) TearDownTest() { - suite.PostgresConnectorTestSuite.TearDownSuite() - suite.s3.Reset() -} - -func (suite *ResourceProcessorTestSuite) TestResourceProcessor() { - - customerGUID := "test-customer-guid" - - processor := NewKubernetesResourceProcessor(&suite.s3, suite.GetPostgresDAL()) - kind := "test-kind" - cluster := "test-cluster" - name := "test-name" - namespace := "test-namespace" - - testData := []byte(`{ - "apiVersion": - "v1","kind": "test-kind", - "metadata": - { - "name": "test-name", - "namespace": "test-namespace", - "labels": - { - "test-label": "test-value" - }, - "creationTimestamp": "2023-11-16T10:15:05Z" - } - }`) - - // identity := map[string]string{"cluster": "test-cluster", "kind": kind, "name": "test-name", "namespace": "test-namespace", "customerGUID": customerGUID} - - err := processor.Store(customerGUID, cluster, kind, namespace, name, testData) - if err != nil { - suite.FailNow(err.Error()) - } - - res, objectBytes, err := processor.Get(customerGUID, cluster, kind, namespace, name) - suite.NoError(err) - suite.Assert().Equal(testData, objectBytes) - suite.Assert().NotNil(res) - - // Test Patch - patchedData := []byte(`{ - "apiVersion": - "v2","kind": "test-kind", - "metadata": - { - "name": "test-name", - "namespace": "test-namespace", - "labels": - { - "test-label": "test-value" - }, - "creationTimestamp": "2023-11-16T10:15:05Z" - } - }`) - - err = processor.Patch(customerGUID, cluster, kind, namespace, name, patchedData) - suite.NoError(err) - - res, objectBytes, err = processor.Get(customerGUID, cluster, kind, namespace, name) - suite.NoError(err) - suite.Assert().Equal(patchedData, objectBytes) - - // Test Delete - err = processor.Delete(customerGUID, cluster, kind, namespace, name) - suite.NoError(err) - - res, objectBytes, err = processor.Get(customerGUID, cluster, kind, namespace, name) - suite.Error(err) - suite.Assert().Nil(res) - - // Test GetObjectFromS3 not found - objPath := s3connector.S3ObjectPath{ - Bucket: "test-bucket", - Key: "I_dont_exist", - } - _, err = processor.GetObjectFromS3(objPath) - suite.Error(err) -} diff --git a/s3connector/s3.go b/s3connector/s3.go deleted file mode 100644 index ccbcb8f..0000000 --- a/s3connector/s3.go +++ /dev/null @@ -1,147 +0,0 @@ -package s3connector - -import ( - "fmt" - "io" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/s3" -) - -type S3Config struct { - Endpoint string `json:"endpoint"` - Region string `json:"region"` - Bucket string `json:"bucket"` - AccessKey string `json:"accessKey"` - SecretKey string `json:"secretKey"` - Prefix string `json:"prefix"` - StorageType string `json:"storageType"` -} - -type S3ObjectRange struct { - Start int64 `json:"start"` - End int64 `json:"end"` -} - -type S3ObjectPath struct { - Bucket string `json:"bucket"` - Key string `json:"key"` - Range *S3ObjectRange `json:"range,omitempty"` -} - -type ObjectStorage interface { - StoreObject(objPath S3ObjectPath, value io.ReadSeeker) (S3ObjectPath, error) - DeleteObject(S3ObjectPath) error - GetObject(objPath S3ObjectPath) (io.ReadCloser, error) - GetBucket() string -} - -type s3ObjectStorage struct { - ObjectStorage - session *session.Session - bucket string - storageClass string - prefix string -} - -func NewS3ObjectStorage(config S3Config) (ObjectStorage, error) { - - awsConf := &aws.Config{ - Region: aws.String(config.Region), - S3ForcePathStyle: aws.Bool(false), - } - - if config.Endpoint != "" { - awsConf.Endpoint = aws.String(config.Endpoint) - awsConf.S3ForcePathStyle = aws.Bool(true) - } - - if config.AccessKey != "" && config.SecretKey != "" { - awsConf.Credentials = credentials.NewStaticCredentials(config.AccessKey, config.SecretKey, "") - } - session, err := session.NewSession(awsConf) - if err != nil { - return nil, fmt.Errorf("failed to create new AWS session: %w", err) - } - - s3ObjectStorageInstance := &s3ObjectStorage{session: session, bucket: config.Bucket, storageClass: config.StorageType, prefix: config.Prefix} - - // Check if the bucket exists - if err = s3ObjectStorageInstance.BucketExists(config.Bucket); err != nil { - return nil, fmt.Errorf("failed to check if bucket exists: %w", err) - } - - return s3ObjectStorageInstance, nil -} - -func (s *s3ObjectStorage) GetBucket() string { - return s.bucket -} - -func (s *s3ObjectStorage) BucketExists(bucket string) error { - _, err := s3.New(s.session).HeadBucket(&s3.HeadBucketInput{Bucket: aws.String(bucket)}) - return err -} - -func (s *s3ObjectStorage) StoreObject(objPath S3ObjectPath, value io.ReadSeeker) (S3ObjectPath, error) { - - fullKey := s.prefix + objPath.Key - _, err := s3.New(s.session).PutObject(&s3.PutObjectInput{ - Bucket: aws.String(s.bucket), - Key: aws.String(fullKey), - StorageClass: aws.String(s.storageClass), - Body: value, - }) - if err != nil { - return S3ObjectPath{}, err - } - return S3ObjectPath{Key: fullKey}, nil -} - -func (s *s3ObjectStorage) DeleteObject(objPath S3ObjectPath) error { - _, err := s3.New(s.session).DeleteObject(&s3.DeleteObjectInput{ - Bucket: aws.String(objPath.Bucket), - Key: aws.String(objPath.Key), - }) - if err != nil { - return err - } - return nil -} - -func (s *s3ObjectStorage) GetObject(objPath S3ObjectPath) (io.ReadCloser, error) { - - var objRange *string - - if objPath.Range != nil { - if objPath.Range.Start < 0 || objPath.Range.End <= objPath.Range.Start { - return nil, fmt.Errorf("invalid range: start must be non-negative and end must be greater than start, ranges are: %v", objPath.Range) - } - objRange = aws.String(fmt.Sprintf("bytes=%d-%d", objPath.Range.Start, objPath.Range.End)) - } - - bucket := s.bucket - if objPath.Bucket != "" { - if err := s.BucketExists(objPath.Bucket); err != nil { - return nil, fmt.Errorf("failed to GetObject, %w", err) - } else { - bucket = objPath.Bucket - } - - } - getObj := &s3.GetObjectInput{ - Bucket: aws.String(bucket), - Key: aws.String(objPath.Key), - Range: objRange, - } - if objPath.Range != nil && objPath.Range.Start > 0 && objPath.Range.End > 0 { - getObj.Range = aws.String(fmt.Sprintf("bytes=%d-%d", objPath.Range.Start, objPath.Range.End)) - } - awsObj, err := s3.New(s.session).GetObject(getObj) - if err != nil { - return nil, fmt.Errorf("failed to GetObject, %w", err) - } - return awsObj.Body, nil -} diff --git a/s3connector/s3_localstack.go b/s3connector/s3_localstack.go deleted file mode 100644 index 697b089..0000000 --- a/s3connector/s3_localstack.go +++ /dev/null @@ -1,303 +0,0 @@ -package s3connector - -import ( - "bufio" - "bytes" - _ "embed" - "errors" - "fmt" - "net" - "net/http" - "os" - "os/exec" - "runtime" - "strconv" - "strings" - "syscall" - "time" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/s3" -) - -const ( - windows = "windows" -) - -//go:embed scripts/localstack.sh -var startLocalStackScript string - -//go:embed scripts/localstack_stop.sh -var localStackStopCommand string - -//go:embed scripts/localstack_print_logs.sh -var printLocalStackLogsCommand string - -type S3LocalStack struct { - endPointPort int - randomContainerName string - retStore ObjectStorage - ShutdownFunc func() -} - -func NewS3LocalStack(data map[string]string) (*S3LocalStack, error) { - endPointPort := 4566 - localstack := &S3LocalStack{ - endPointPort: endPointPort, - randomContainerName: fmt.Sprintf("s3-test-%d-%d", endPointPort, time.Now().UnixNano()), - } - - retStore, err := localstack.createS3LocalStack(data) - if err != nil { - return nil, err - } - localstack.retStore = *retStore - - localstack.ShutdownFunc = func() { - defer func() { - // print logs - formmatedLogsScript := fmt.Sprintf(printLocalStackLogsCommand, localstack.randomContainerName) - logsOutbytes, err := exec.Command("/bin/sh", "-c", formmatedLogsScript).CombinedOutput() - if err != nil { - panic("failed to print localStack logs " + err.Error() + string(logsOutbytes)) - } - - fmt.Printf("localstacklogs %s\n", string(logsOutbytes)) - - formmatedScript := fmt.Sprintf(localStackStopCommand, localstack.randomContainerName) - outbytes, err := exec.Command("/bin/sh", "-c", formmatedScript).CombinedOutput() - if err != nil { - panic("failed to stop localStack " + err.Error() + string(outbytes)) - } - - err = killPortProcess(localstack.endPointPort) - if err != nil { - panic("failed to kill localStack " + err.Error()) - } - }() - } - - return localstack, nil - -} - -func (s3local *S3LocalStack) GetLocalStack() ObjectStorage { - return s3local.retStore -} - -func (s3local *S3LocalStack) startLocalStack() error { - fmt.Printf("Starting localstack on port %d\n", s3local.endPointPort) - - newPort, err := findFreePort(s3local.endPointPort, s3local.endPointPort+100) - if err != nil { - return err - } - s3local.endPointPort = newPort - formattedScript := fmt.Sprintf(startLocalStackScript, newPort, s3local.randomContainerName) - out, err := exec.Command("/bin/sh", "-c", formattedScript).CombinedOutput() - if err != nil { - if exitErr, ok := err.(*exec.ExitError); ok { - return errors.New("failed to start localStack " + err.Error() + string(exitErr.Stderr) + string(out)) - } - return errors.New("failed to start localStack " + err.Error() + string(out)) - } - - fmt.Printf("Started localstack on port %d\n", s3local.endPointPort) - for i := 0; i < 30; i++ { - err := s3local.checklocalStackIsAlive() - if err == nil { - return nil - } - time.Sleep(2 * time.Second) - } - // print logs - formmatedLogsScript := fmt.Sprintf(printLocalStackLogsCommand, s3local.randomContainerName) - logsOutbytes, err := exec.Command("/bin/sh", "-c", formmatedLogsScript).CombinedOutput() - if err != nil { - return errors.New("failed to print localStack logs " + err.Error() + string(logsOutbytes)) - } - fmt.Printf("localstacklogs %s\n", string(logsOutbytes)) - formmatedScript := fmt.Sprintf(localStackStopCommand, s3local.randomContainerName) - outbytes, err := exec.Command("/bin/sh", "-c", formmatedScript).CombinedOutput() - if err != nil { - fmt.Println(string(outbytes), err.Error()) - } - _ = killPortProcess(s3local.endPointPort) - return errors.New("failed to start localStack") -} - -func (s3local *S3LocalStack) checklocalStackIsAlive() error { - // send HTTP request to localStack - resp, err := http.DefaultClient.Get(fmt.Sprintf("http://localhost:%d", s3local.endPointPort)) - if err != nil { - return err - - } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - buf := new(bytes.Buffer) - if _, err := buf.ReadFrom(resp.Body); err != nil { - return err - - } - bodyStr := buf.String() - return errors.New("localStack is not alive " + resp.Status + bodyStr) - - } - return nil -} - -func (s3local *S3LocalStack) createS3LocalStack(data map[string]string) (*ObjectStorage, error) { - //start container - s3local.startLocalStack() - - s3local.SeedLocalStack(data) - var err error - retStore, err := NewS3ObjectStorage(S3Config{ - Endpoint: fmt.Sprintf("http://localhost:%d", s3local.endPointPort), - Region: "us-east-1", - AccessKey: "test", - SecretKey: "test", - Prefix: "/", - Bucket: "test-bucket", - StorageType: "STANDARD", - }) - if err != nil { - return nil, errors.New("failed to create new S3ObjectStore " + err.Error()) - } - if retStore == nil { - return nil, errors.New("failed to create new S3ObjectStore retStore is nil") - } - // return object storage - return &retStore, nil -} - -func (s3local *S3LocalStack) SeedLocalStack(data map[string]string) error { - sess, err := session.NewSession(&aws.Config{ - Credentials: credentials.NewStaticCredentials("test", "test", ""), - Endpoint: aws.String(fmt.Sprintf("http://localhost:%d", s3local.endPointPort)), - Region: aws.String("us-east-1"), - S3ForcePathStyle: aws.Bool(true), // Set this to true for localstack - }) - if err != nil { - return errors.New("failed to create new AWS session " + err.Error()) - } - - // Create an S3 service client - svc := s3.New(sess) - bucketName := "test-bucket" - // Check if the bucket exists - _, err = svc.HeadBucket(&s3.HeadBucketInput{ - Bucket: aws.String(bucketName), - }) - - // If the bucket doesn't exist, create it - if err != nil { - if !strings.Contains(err.Error(), "status code: 404") { - return errors.New("failed to check if bucket exists " + err.Error()) - } - _, err = svc.CreateBucket(&s3.CreateBucketInput{ - Bucket: aws.String(bucketName), - }) - if err != nil { - return errors.New("failed to create bucket " + err.Error()) - } - - fmt.Printf("Bucket '%s' created successfully\n", bucketName) - } - - objectName := "posture/resources/9a24c2bc-5bdb-4152-ae9c-1dcb66dd7c5b/5ca3f7c9-f4cc-4d44-a571-5b4c95985c75/rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:expand-controller" - - content := `{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"creationTimestamp":"2023-08-07T11:53:12Z","labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:controller:expand-controller","resourceVersion":"157","uid":"fa23adfc-e8ee-49b7-b956-1df6674c9a1a"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:controller:expand-controller"},"subjects":[{"kind":"ServiceAccount","name":"expand-controller","namespace":"kube-system"}]}` - - for key, value := range data { - objectName = key - content = value - - // Upload the object - _, err = svc.PutObject(&s3.PutObjectInput{ - Bucket: aws.String(bucketName), - Key: aws.String(objectName), - Body: bytes.NewReader([]byte(content)), - }) - if err != nil { - return errors.New("failed to upload object " + err.Error()) - } - - } - - return nil - -} - -func findFreePort(rangeStart, rangeEnd int) (int, error) { - for port := rangeStart; port <= rangeEnd; port++ { - address := fmt.Sprintf("localhost:%d", port) - conn, err := net.DialTimeout("tcp", address, 1*time.Second) - if conn != nil { - conn.Close() - } - if err != nil { // port is available since we got no response - return port, nil - } - conn.Close() - } - return 0, errors.New("no free port found") -} - -func killPortProcess(targetPort int) error { - processes, err := getProcessesForPort(targetPort) - if err != nil { - return err - } - - for _, pid := range processes { - fmt.Printf("Killing process on port %d with PID %d\n", targetPort, pid) - - switch runtime.GOOS { - case windows: - killCmd := exec.Command("taskkill", "/F", "/PID", fmt.Sprint(pid)) - if err := killCmd.Run(); err != nil { - return err - } - default: - process, err := os.FindProcess(pid) - if err != nil { - return err - } - err = process.Signal(syscall.SIGTERM) - } - } - return nil -} - -func getProcessesForPort(targetPort int) ([]int, error) { - var cmd *exec.Cmd - processes := make([]int, 0) - switch runtime.GOOS { - case windows: - cmd = exec.Command("cmd", "/c", "netstat", "-ano", "|", "findstr", fmt.Sprintf(":%d", targetPort)) - default: - cmd = exec.Command("sh", "-c", fmt.Sprintf("lsof -iTCP:%d -n -P | awk '/.*LISTEN.*/ { print $2 }'", targetPort)) - } - output, err := cmd.Output() - if err != nil { - return nil, err - } - - scanner := bufio.NewScanner(strings.NewReader(string(output))) - for scanner.Scan() { - pidStr := scanner.Text() - pidStr = strings.TrimSpace(strings.Split(pidStr, " ")[0]) // Extracting PID from the output - - pid, err := strconv.Atoi(pidStr) - if err != nil { - continue // Not a valid number, skip - } - processes = append(processes, pid) - } - - return processes, scanner.Err() -} diff --git a/s3connector/s3_mock.go b/s3connector/s3_mock.go deleted file mode 100644 index 34d7543..0000000 --- a/s3connector/s3_mock.go +++ /dev/null @@ -1,80 +0,0 @@ -package s3connector - -import ( - "bytes" - "fmt" - "io" - "sync" -) - -type S3Mock struct { - ObjectStorage - storage map[string]string - updated []string - mux sync.Mutex -} - -func NewS3Mock() S3Mock { - return S3Mock{ - storage: make(map[string]string), - updated: []string{}, - } -} - -func (s3 *S3Mock) DeleteObject(objPath S3ObjectPath) error { - s3.mux.Lock() - defer s3.mux.Unlock() - delete(s3.storage, objPath.Key) - return nil -} - -func (s3 *S3Mock) GetBucket() string { - return "no-bucket" -} - -func (s3 *S3Mock) GetObject(objPath S3ObjectPath) (io.ReadCloser, error) { - s3.mux.Lock() - defer s3.mux.Unlock() - if obj, ok := s3.storage[objPath.Key]; ok { - return io.NopCloser(bytes.NewReader([]byte(obj))), nil - } - return nil, fmt.Errorf("not found") -} - -func (s3 *S3Mock) GetStorageLen() int { - s3.mux.Lock() - defer s3.mux.Unlock() - return len(s3.storage) -} - -func (s3 *S3Mock) GetUpdatedLen() int { - s3.mux.Lock() - defer s3.mux.Unlock() - return len(s3.updated) -} - -func (s3 *S3Mock) StoreObject(objPath S3ObjectPath, value io.ReadSeeker) (S3ObjectPath, error) { - - key := objPath.Key - s3.mux.Lock() - defer s3.mux.Unlock() - if _, ok := s3.storage[key]; ok { - s3.updated = append(s3.updated, key) - } - bytes, err := io.ReadAll(value) - if err != nil { - return S3ObjectPath{}, fmt.Errorf("failed to read bytes: %w", err) - } - if len(bytes) == 0 { - return S3ObjectPath{}, fmt.Errorf("empty bytes") - } - s3.storage[key] = string(bytes) - return S3ObjectPath{Key: key}, nil -} - -func (s3 *S3Mock) Reset() { - s3.mux.Lock() - defer s3.mux.Unlock() - s3.storage = make(map[string]string) - s3.updated = []string{} -} diff --git a/s3connector/s3_mock_test.go b/s3connector/s3_mock_test.go deleted file mode 100644 index 16a4cc7..0000000 --- a/s3connector/s3_mock_test.go +++ /dev/null @@ -1,114 +0,0 @@ -package s3connector - -import ( - "bytes" - "io" - "strings" - "testing" -) - -func TestNewS3Mock(t *testing.T) { - mock := NewS3Mock() - if len(mock.storage) != 0 || len(mock.updated) != 0 { - t.Errorf("New S3Mock should have empty storage and updated slices") - } -} - -func TestS3Mock_StoreObject(t *testing.T) { - mock := NewS3Mock() - key := "testKey" - objPath := S3ObjectPath{Key: key} - - value := strings.NewReader("testValue") - - // Store new object - _, err := mock.StoreObject(objPath, value) - if err != nil { - t.Errorf("Failed to store object: %s", err) - } - if mock.storage[key] != "testValue" { - t.Errorf("Object not stored correctly") - } - - // Store object with existing key - _, err = mock.StoreObject(objPath, strings.NewReader("testValue")) - if err != nil { - t.Errorf("Failed to store object with existing key: %s", err) - } - if len(mock.updated) != 1 || mock.updated[0] != key { - t.Errorf("Updated slice not updated correctly") - } - - // Test error on empty bytes - _, err = mock.StoreObject(objPath, bytes.NewReader(nil)) - if err == nil { - t.Errorf("Expected error on empty bytes, got none") - } -} - -func TestS3Mock_GetObject(t *testing.T) { - mock := NewS3Mock() - mock.storage["existingKey"] = "existingValue" - - // Test retrieving existing object - reader, err := mock.GetObject(S3ObjectPath{Key: "existingKey"}) - if err != nil { - t.Errorf("Failed to get object: %s", err) - } - bytes, _ := io.ReadAll(reader) - if string(bytes) != "existingValue" { - t.Errorf("GetObject returned incorrect value") - } - - // Test retrieving non-existing object - _, err = mock.GetObject(S3ObjectPath{Key: "nonExistingKey"}) - if err == nil { - t.Errorf("Expected error when getting non-existing object, got none") - } -} - -func TestS3Mock_DeleteObject(t *testing.T) { - mock := NewS3Mock() - mock.storage["keyToDelete"] = "value" - - objPath := S3ObjectPath{Key: "keyToDelete"} - // Test deleting existing object - err := mock.DeleteObject(objPath) - if err != nil { - t.Errorf("Failed to delete object: %s", err) - } - if _, exists := mock.storage["keyToDelete"]; exists { - t.Errorf("Object was not deleted") - } -} - -func TestS3Mock_GetStorageLen(t *testing.T) { - mock := NewS3Mock() - mock.storage["key1"] = "value1" - mock.storage["key2"] = "value2" - - if mock.GetStorageLen() != 2 { - t.Errorf("GetStorageLen returned incorrect length") - } -} - -func TestS3Mock_GetUpdatedLen(t *testing.T) { - mock := NewS3Mock() - mock.updated = append(mock.updated, "key1") - - if mock.GetUpdatedLen() != 1 { - t.Errorf("GetUpdatedLen returned incorrect length") - } -} - -func TestS3Mock_Reset(t *testing.T) { - mock := NewS3Mock() - mock.storage["key"] = "value" - mock.updated = append(mock.updated, "key") - - mock.Reset() - - if len(mock.storage) != 0 || len(mock.updated) != 0 { - t.Errorf("Reset did not clear storage and updated slices") - } -} diff --git a/s3connector/s3_test.go b/s3connector/s3_test.go deleted file mode 100644 index ffd96cd..0000000 --- a/s3connector/s3_test.go +++ /dev/null @@ -1,116 +0,0 @@ -package s3connector - -import ( - "bytes" - "io/ioutil" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/suite" -) - -type S3ObjectStorageSuite struct { - suite.Suite - EndPointPort int - randomContainerName string - S3Localstack *S3LocalStack - shutdownFunc func() -} - -func TestS3ObjectStorage(t *testing.T) { - suite.Run(t, new(S3ObjectStorageSuite)) -} - -func (suite *S3ObjectStorageSuite) SetupSuite() { - suite.T().Log("setup suite") - suite.EndPointPort = 4566 - - objectName := "posture/resources/9a24c2bc-5bdb-4152-ae9c-1dcb66dd7c5b/5ca3f7c9-f4cc-4d44-a571-5b4c95985c75/rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:expand-controller" - - content := `{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"creationTimestamp":"2023-08-07T11:53:12Z","labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:controller:expand-controller","resourceVersion":"157","uid":"fa23adfc-e8ee-49b7-b956-1df6674c9a1a"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:controller:expand-controller"},"subjects":[{"kind":"ServiceAccount","name":"expand-controller","namespace":"kube-system"}]}` - - data := map[string]string{ - objectName: content, - } - localstack, err := NewS3LocalStack(data) - - if err != nil { - suite.FailNow("failed to create new S3LocalStack", err.Error()) - } - - suite.S3Localstack = localstack -} - -func (suite *S3ObjectStorageSuite) TearDownSuite() { - suite.T().Log("tear down suite") - suite.S3Localstack.ShutdownFunc() -} - -func (suite *S3ObjectStorageSuite) TestGetObject() { - res, err := suite.S3Localstack.GetLocalStack().GetObject(S3ObjectPath{ - Key: "posture/resources/9a24c2bc-5bdb-4152-ae9c-1dcb66dd7c5b/5ca3f7c9-f4cc-4d44-a571-5b4c95985c75/rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:expand-controller", - }) - - suite.NoError(err) - suite.NotNil(res) -} - -func (suite *S3ObjectStorageSuite) TestStoreObject() { - objPath := S3ObjectPath{ - Key: "test", - } - res, err := suite.S3Localstack.GetLocalStack().StoreObject(objPath, bytes.NewReader([]byte("test"))) - suite.NoError(err) - suite.NotNil(res) -} - -func (suite *S3ObjectStorageSuite) TestDeleteObject() { - objPath := S3ObjectPath{ - Key: "test1", - Bucket: suite.S3Localstack.retStore.GetBucket(), - } - err := suite.S3Localstack.GetLocalStack().DeleteObject(objPath) - suite.NoError(err) - - res, err := suite.S3Localstack.GetLocalStack().GetObject(S3ObjectPath{ - Key: "test", - }) - suite.Error(err) - assert.Contains(suite.T(), err.Error(), "failed to GetObject, NoSuchKey: The specified key does not exist") - suite.Nil(res) -} - -func (suite *S3ObjectStorageSuite) TestGetByRange() { - // Setup - key := "range_test_object" - fullContent := "Hello, this is a range test content" - start := int64(7) // Starting byte position (inclusive) - end := int64(22) // Ending byte position (inclusive) - - // Store the test object - _, err := suite.S3Localstack.GetLocalStack().StoreObject(S3ObjectPath{Key: key}, bytes.NewReader([]byte(fullContent))) - suite.NoError(err) - - objPath := S3ObjectPath{ - Key: key, - Range: &S3ObjectRange{Start: start, End: end}, - } - // Perform the GetByRange operation - res, err := suite.S3Localstack.GetLocalStack().GetObject(objPath) - suite.NoError(err) - suite.NotNil(res) - - // Read and verify the content - rangeContent, err := ioutil.ReadAll(res) - suite.NoError(err) - expectedContent := fullContent[start : end+1] // +1 because the end index is inclusive - suite.Equal(expectedContent, string(rangeContent)) - - // Clean up - objPath = S3ObjectPath{ - Key: key, - Bucket: suite.S3Localstack.retStore.GetBucket(), - } - err = suite.S3Localstack.GetLocalStack().DeleteObject(objPath) - suite.NoError(err) -} diff --git a/s3connector/scripts/localstack.sh b/s3connector/scripts/localstack.sh deleted file mode 100644 index b66411a..0000000 --- a/s3connector/scripts/localstack.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -cr='docker' -PODMAN_EXISTS=$(which podman) -RET_VAL=$? - -if [ $RET_VAL -eq '0' ]; then - echo "podman exists." - cr='podman' -else - echo "podman does not exist. using docker" -fi - -app_port=${2:-4566} # Use this as default port if no argument is provided - -admin_port=${3:-4566} # Use this as default port if no argument is provided -echo "All arguments: $@" - -app_port=%d -container_name=%s - -echo "Starting localstack on port $app_port and admin port $admin_port" - -$cr run --name=$container_name -d -p $app_port:4566 -e SERVICES=s3 --memory=512mb docker.io/localstack/localstack@sha256:37b0ba556f4ecc4569e39095faf5e12cf46e96718fa12bc69380ac0f9cd83378 diff --git a/s3connector/scripts/localstack_print_logs.sh b/s3connector/scripts/localstack_print_logs.sh deleted file mode 100644 index b9b7038..0000000 --- a/s3connector/scripts/localstack_print_logs.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -cr='docker' -PODMAN_EXISTS=$(which podman) -RET_VAL=$? -if [ $RET_VAL -eq '0' ]; then - echo "podman exists." - cr='podman' -fi -$cr ps -a -$cr logs %s \ No newline at end of file diff --git a/s3connector/scripts/localstack_stop.sh b/s3connector/scripts/localstack_stop.sh deleted file mode 100644 index 467c20a..0000000 --- a/s3connector/scripts/localstack_stop.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -cr='docker' -PODMAN_EXISTS=$(which podman) -RET_VAL=$? - -if [ $RET_VAL -eq '0' ]; then - echo "podman exists." - cr='podman' -fi -container_name=%s -$cr rm -f $container_name || true