Skip to content

Enhancement: Adopt JSONPath for KubeSec Parser #12

New issue
New issue
Open
Open
Enhancement: Adopt JSONPath for KubeSec Parser#12
Assignees
shazibulislam
@hanyanghu

Description

@hanyanghu
hanyanghu
opened on Jun 6, 2023

To pinpoint locations of entities in a YAML file, JSONPath is the standard query language for JSON, but it can also be used for YAML. With JSONPath, many tools support fetching line numbers automatically, such as yq (https://mikefarah.gitbook.io/yq/operators/line).

Currently, KubeSec identifies entities using a custom expression language (e.g., "metadata.doc.yaml.6"). Adopt JSONPath in the KubeSec parser. Then, each static analysis alert can be identified by one (in most case) or many JSONPaths. Use yq to fetch line numbers using Python subprocess module.

Introduction material:
https://support.smartbear.com/alertsite/docs/monitors/api/endpoint/jsonpath.html

JSONPath playground:
https://jsonpath.com/

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions