{"resources":{"certificate":{"id":"certificate","name":"certificate","fields":{"authorityKeyID":{"name":"authorityKeyID","type":"\u0007","title":"Authority key identifier","provider":"go.mondoo.com/cnquery/v9/providers/network"},"crlDistributionPoints":{"name":"crlDistributionPoints","type":"\u0019\u0007","title":"CRL distribution points","provider":"go.mondoo.com/cnquery/v9/providers/network"},"expiresIn":{"name":"expiresIn","type":"\t","title":"Expiration duration","provider":"go.mondoo.com/cnquery/v9/providers/network"},"extendedKeyUsage":{"name":"extendedKeyUsage","type":"\u0019\u0007","title":"Extended key usage","provider":"go.mondoo.com/cnquery/v9/providers/network"},"extensions":{"name":"extensions","type":"\u0019\u001bpkix.extension","title":"Extensions","provider":"go.mondoo.com/cnquery/v9/providers/network"},"fingerprints":{"name":"fingerprints","type":"\u001a\u0007\u0007","title":"Certificate fingerprints","provider":"go.mondoo.com/cnquery/v9/providers/network"},"hasSCTs":{"name":"hasSCTs","type":"\u0004","title":"Whether Signed Certificate Timestamps (SCTs) are present (Certificate Transparency)","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"isCA":{"name":"isCA","type":"\u0004","title":"Whether the certificate is from a certificate authority","provider":"go.mondoo.com/cnquery/v9/providers/network"},"isExpired":{"name":"isExpired","type":"\u0004","title":"Whether the certificate has expired","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"isRevoked":{"name":"isRevoked","type":"\u0004","title":"Whether this certificate has been revoked","provider":"go.mondoo.com/cnquery/v9/providers/network"},"isVerified":{"name":"isVerified","type":"\u0004","title":"Whether the certificate is valid (based on its chain)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"issuer":{"name":"issuer","type":"\u001bpkix.name","title":"Distinguished name of the certificate issuer","provider":"go.mondoo.com/cnquery/v9/providers/network"},"issuingCertificateUrl":{"name":"issuingCertificateUrl","type":"\u0019\u0007","title":"Issuing certificate URL","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyUsage":{"name":"keyUsage","type":"\u0019\u0007","title":"Key usage","provider":"go.mondoo.com/cnquery/v9/providers/network"},"maxPathLen":{"name":"maxPathLen","type":"\u0005","title":"Maximum CA chain depth (null if unconstrained, 0 = no intermediates allowed)","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"notAfter":{"name":"notAfter","type":"\t","title":"Validity period not after","provider":"go.mondoo.com/cnquery/v9/providers/network"},"notBefore":{"name":"notBefore","type":"\t","title":"Validity period validity period","provider":"go.mondoo.com/cnquery/v9/providers/network"},"ocspServer":{"name":"ocspServer","type":"\u0019\u0007","title":"OCSP responder URLs for revocation checking","provider":"go.mondoo.com/cnquery/v9/providers/network"},"pem":{"name":"pem","type":"\u0007","is_mandatory":true,"title":"PEM content","provider":"go.mondoo.com/cnquery/v9/providers/network"},"policyIdentifier":{"name":"policyIdentifier","type":"\u0019\u0007","title":"Policy identifier","provider":"go.mondoo.com/cnquery/v9/providers/network"},"publicKeyAlgorithm":{"name":"publicKeyAlgorithm","type":"\u0007","title":"Public key algorithm (e.g., RSA, ECDSA, Ed25519)","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"publicKeyBits":{"name":"publicKeyBits","type":"\u0005","title":"Public key size in bits (e.g., 2048, 256, 384)","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"revokedAt":{"name":"revokedAt","type":"\t","title":"The time at which this certificate was revoked","provider":"go.mondoo.com/cnquery/v9/providers/network"},"sanExtension":{"name":"sanExtension","type":"\u001bpkix.sanExtension","title":"SAN extension value params","min_provider_version":"9.1.2","provider":"go.mondoo.com/cnquery/v9/providers/network"},"serial":{"name":"serial","type":"\u0007","title":"Serial number","provider":"go.mondoo.com/cnquery/v9/providers/network"},"signature":{"name":"signature","type":"\u0007","title":"Signature","provider":"go.mondoo.com/cnquery/v9/providers/network"},"signingAlgorithm":{"name":"signingAlgorithm","type":"\u0007","title":"Signature algorithm ID","provider":"go.mondoo.com/cnquery/v9/providers/network"},"subject":{"name":"subject","type":"\u001bpkix.name","title":"Distinguished name of the certificate subject","provider":"go.mondoo.com/cnquery/v9/providers/network"},"subjectKeyID":{"name":"subjectKeyID","type":"\u0007","title":"Subject unique identifier","provider":"go.mondoo.com/cnquery/v9/providers/network"},"version":{"name":"version","type":"\u0005","title":"Version number","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"X.509 certificate","desc":"Examine a single X.509 certificate parsed from PEM. Surfaces the raw PEM, every SHA-1 / SHA-256 fingerprint, the serial number, the subject and authority key identifiers, the parsed PKIX subject and issuer distinguished names, version, validity window (`notBefore`, `notAfter`, `expiresIn`), signature and signing algorithm, the `isCA` flag, key usages and extended key usages, the raw and SAN extensions, policy identifiers, CRL distribution points, OCSP server and issuing-certificate URLs, the revoked / verified / expired flags, public-key algorithm and bit length, the `hasSCTs` flag (Certificate Transparency) and the maximum CA chain path length.","min_provider_version":"9.0.0","defaults":"serial subject.commonName subject.dn","provider":"go.mondoo.com/cnquery/v9/providers/network"},"certificates":{"id":"certificates","name":"certificates","fields":{"list":{"name":"list","type":"\u0019\u001bcertificate","provider":"go.mondoo.com/cnquery/v9/providers/network"},"pem":{"name":"pem","type":"\u0007","is_mandatory":true,"title":"PEM content","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"list_type":"\u001bcertificate","title":"X.509 certificate bundle","desc":"Examine a list of certificates parsed from PEM content. Use it to iterate over a chain and apply per-certificate checks, or to extract the underlying `pem` source.","min_provider_version":"9.0.0","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dns":{"id":"dns","name":"dns","fields":{"dkim":{"name":"dkim","type":"\u0019\u001bdns.dkimRecord","refs":["\"params\""],"title":"DKIM TXT records","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dkimRecord":{"name":"dkimRecord","type":"\u001bdns.dkimRecord","title":"DKIM public-key DNS record (RFC 6376)","desc":"Examine a parsed DKIM TXT record: the raw DNS text, the selector domain, the version, the acceptable hash algorithms, the key type, the base64-encoded public-key data, the service-type restrictions, the DKIM flags, free-form notes, and a `valid()` predicate that validates the record and its public key.","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"fqdn":{"name":"fqdn","type":"\u0007","is_mandatory":true,"title":"Fully qualified domain name (FQDN)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"mx":{"name":"mx","type":"\u0019\u001bdns.mxRecord","refs":["\"params\""],"title":"Successful DNS MX records","provider":"go.mondoo.com/cnquery/v9/providers/network"},"mxRecord":{"name":"mxRecord","type":"\u001bdns.mxRecord","title":"DNS MX record","desc":"Examine a single MX record: the record name, the resolved target `domainName`, and the `preference` value used to choose between multiple MX records.","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"params":{"name":"params","type":"\n","refs":["\"fqdn\""],"title":"Params is a list of all parameters for DNS FQDN","provider":"go.mondoo.com/cnquery/v9/providers/network"},"record":{"name":"record","type":"\u001bdns.record","title":"DNS record","desc":"Examine a single resolved DNS record: name, type, class, TTL, and the rdata payload (IP addresses, hostnames, or other values depending on the record type).","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"records":{"name":"records","type":"\u0019\u001bdns.record","refs":["\"params\""],"title":"Successful DNS records","provider":"go.mondoo.com/cnquery/v9/providers/network"},"reverse":{"name":"reverse","type":"\u0019\u001bdns.record","refs":["\"params\""],"title":"Reverse DNS (PTR) records for the domain's resolved addresses","desc":"Resolves the domain's A and AAAA addresses, then looks up the PTR record for each — the forward-confirmed reverse DNS round trip. Use it to confirm an address resolves back to the expected hostname without hand-building `in-addr.arpa` names.","min_provider_version":"13.0.8","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"init":{"args":[{"name":"fqdn","type":"\u0007"}]},"title":"DNS resource","desc":"Examine the DNS records published for a fully-qualified domain name. Initialize with `dns(fqdn: \"example.com\")`. Surfaces every resolved record, the MX record list, and a parsed view of any DKIM public-key records discovered for the domain.","min_provider_version":"9.0.1","defaults":"fqdn","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dns.dkimRecord":{"id":"dns.dkimRecord","name":"dns.dkimRecord","fields":{"dnsTxt":{"name":"dnsTxt","type":"\u0007","is_mandatory":true,"title":"DNS text representation","provider":"go.mondoo.com/cnquery/v9/providers/network"},"domain":{"name":"domain","type":"\u0007","is_mandatory":true,"title":"DKIM selector domain","provider":"go.mondoo.com/cnquery/v9/providers/network"},"flags":{"name":"flags","type":"\u0019\u0007","is_mandatory":true,"title":"DKIM flags (e.g., y for testing, s to require exact selector match)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"hashAlgorithms":{"name":"hashAlgorithms","type":"\u0019\u0007","is_mandatory":true,"title":"Acceptable hash algorithms","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyType":{"name":"keyType","type":"\u0007","is_mandatory":true,"title":"Key type","provider":"go.mondoo.com/cnquery/v9/providers/network"},"notes":{"name":"notes","type":"\u0007","is_mandatory":true,"title":"Free-form notes about the DKIM record","provider":"go.mondoo.com/cnquery/v9/providers/network"},"publicKeyData":{"name":"publicKeyData","type":"\u0007","is_mandatory":true,"title":"Public key data base64-encoded","provider":"go.mondoo.com/cnquery/v9/providers/network"},"serviceTypes":{"name":"serviceTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Service types this DKIM key is restricted to (e.g., email, *)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"valid":{"name":"valid","type":"\u0004","title":"Whether the DKIM entry and public key is valid","provider":"go.mondoo.com/cnquery/v9/providers/network"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Version","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"DKIM public-key DNS record (RFC 6376)","desc":"Examine a parsed DKIM TXT record: the raw DNS text, the selector domain, the version, the acceptable hash algorithms, the key type, the base64-encoded public-key data, the service-type restrictions, the DKIM flags, free-form notes, and a `valid()` predicate that validates the record and its public key.","min_provider_version":"9.0.1","defaults":"dnsTxt","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dns.mxRecord":{"id":"dns.mxRecord","name":"dns.mxRecord","fields":{"domainName":{"name":"domainName","type":"\u0007","is_mandatory":true,"title":"Domain name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Record name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"preference":{"name":"preference","type":"\u0005","is_mandatory":true,"title":"Which mail server used if multiple MX records exist","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"DNS MX record","desc":"Examine a single MX record: the record name, the resolved target `domainName`, and the `preference` value used to choose between multiple MX records.","min_provider_version":"9.0.1","defaults":"domainName","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dns.record":{"id":"dns.record","name":"dns.record","fields":{"class":{"name":"class","type":"\u0007","is_mandatory":true,"title":"DNS class","provider":"go.mondoo.com/cnquery/v9/providers/network"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"DNS name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"rdata":{"name":"rdata","type":"\u0019\u0007","is_mandatory":true,"title":"DNS record response data (IP addresses, hostnames, or other values depending on record type)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"ttl":{"name":"ttl","type":"\u0005","is_mandatory":true,"title":"Time-to-live (TTL) in seconds","provider":"go.mondoo.com/cnquery/v9/providers/network"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"DNS type","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"DNS record","desc":"Examine a single resolved DNS record: name, type, class, TTL, and the rdata payload (IP addresses, hostnames, or other values depending on the record type).","min_provider_version":"9.0.1","defaults":"name type","provider":"go.mondoo.com/cnquery/v9/providers/network"},"domainName":{"id":"domainName","name":"domainName","fields":{"effectiveTLDPlusOne":{"name":"effectiveTLDPlusOne","type":"\u0007","is_mandatory":true,"title":"effectiveTLDPlusOne returns the effective top level domain plus one more label","provider":"go.mondoo.com/cnquery/v9/providers/network"},"fqdn":{"name":"fqdn","type":"\u0007","is_mandatory":true,"title":"Fully qualified domain name (FQDN)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"labels":{"name":"labels","type":"\u0019\u0007","is_mandatory":true,"title":"Domain labels","provider":"go.mondoo.com/cnquery/v9/providers/network"},"tld":{"name":"tld","type":"\u0007","is_mandatory":true,"title":"Top-level domain","provider":"go.mondoo.com/cnquery/v9/providers/network"},"tldIcannManaged":{"name":"tldIcannManaged","type":"\u0004","is_mandatory":true,"title":"Whether the TLD is ICANN managed","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"init":{"args":[{"name":"fqdn","type":"\u0007"}]},"title":"Domain name","desc":"Examine a parsed FQDN. Initialize with `domainName(fqdn: \"x.example.com\")`. Surfaces the FQDN itself, the effective TLD plus one (the registrable domain), the TLD, an `tldIcannManaged` flag indicating whether the TLD is in the ICANN-managed list, and the individual dot-separated labels.","min_provider_version":"9.0.1","defaults":"fqdn","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http":{"id":"http","name":"http","fields":{"get":{"name":"get","type":"\u001bhttp.get","title":"HTTP GET request","desc":"Examine the result of an HTTP GET against a URL. Initialize with `http.get(rawUrl: \"https://example.com\", followRedirects: true)`. Surfaces the parsed `url`, the `statusCode`, the HTTP `version`, the response `body`, and a typed `header` sub-resource exposing HSTS, CSP, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, Content-Type, and Set-Cookie semantics.","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"header":{"name":"header","type":"\u001bhttp.header","title":"HTTP header","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true}},"title":"HTTP endpoint","desc":"Empty namespace for HTTP probing. Use `http.get(url: \"https://...\")` to perform a GET against a URL and inspect the response status, headers (parsed into typed sub-resources for HSTS, CSP, cookies, etc.), and body.","min_provider_version":"9.0.5","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.get":{"id":"http.get","name":"http.get","fields":{"body":{"name":"body","type":"\u0007","title":"Body returned from this request","provider":"go.mondoo.com/cnquery/v9/providers/network"},"followRedirects":{"name":"followRedirects","type":"\u0004","is_mandatory":true,"title":"Follow redirects","provider":"go.mondoo.com/cnquery/v9/providers/network"},"header":{"name":"header","type":"\u001bhttp.header","title":"Header returned from this request","provider":"go.mondoo.com/cnquery/v9/providers/network"},"statusCode":{"name":"statusCode","type":"\u0005","title":"Status returned from this request","provider":"go.mondoo.com/cnquery/v9/providers/network"},"url":{"name":"url","type":"\u001burl","is_mandatory":true,"title":"URL for this request","provider":"go.mondoo.com/cnquery/v9/providers/network"},"version":{"name":"version","type":"\u0007","title":"Version of the HTTP request, (e.g., 1.1)","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"init":{"args":[{"name":"rawUrl","type":"\u0007"},{"name":"followRedirects","type":"\u0004"}]},"title":"HTTP GET request","desc":"Examine the result of an HTTP GET against a URL. Initialize with `http.get(rawUrl: \"https://example.com\", followRedirects: true)`. Surfaces the parsed `url`, the `statusCode`, the HTTP `version`, the response `body`, and a typed `header` sub-resource exposing HSTS, CSP, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, Content-Type, and Set-Cookie semantics.","min_provider_version":"9.0.5","defaults":"url statusCode","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.header":{"id":"http.header","name":"http.header","fields":{"contentType":{"name":"contentType","type":"\u001bhttp.header.contentType","title":"Content-Type header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"csp":{"name":"csp","type":"\u001a\u0007\u0007","title":"Content-Security-Policy header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"params":{"name":"params","type":"\u001a\u0007\u0019\u0007","is_mandatory":true,"title":"Raw list of parameters for this header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"referrerPolicy":{"name":"referrerPolicy","type":"\u0007","title":"Referrer-Policy header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"setCookie":{"name":"setCookie","type":"\u001bhttp.header.setCookie","title":"Set-Cookie header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"sts":{"name":"sts","type":"\u001bhttp.header.sts","title":"HTTP Strict-Transport-Security (HSTS) header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"xContentTypeOptions":{"name":"xContentTypeOptions","type":"\u0007","title":"X-Content-Type-Options header: nosniff","provider":"go.mondoo.com/cnquery/v9/providers/network"},"xFrameOptions":{"name":"xFrameOptions","type":"\u0007","title":"X-Frame-Options header: DENY, SAMEORIGIN, or ALLOW-FROM origin (obsolete)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"xXssProtection":{"name":"xXssProtection","type":"\u001bhttp.header.xssProtection","title":"X-XSS-Protection header","provider":"go.mondoo.com/cnquery/v9/providers/network"},"xssProtection":{"name":"xssProtection","type":"\u001bhttp.header.xssProtection","title":"HTTP header X-XSS-Protection","desc":"Now outdated (replaced by Content Security Policy) and may even cause security vulnerabilities. Examine `enabled`, `mode`, and `report` to see how a server is configuring the legacy XSS filter.","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true}},"title":"HTTP header","private":true,"min_provider_version":"9.0.5","defaults":"length=params.length","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.header.contentType":{"id":"http.header.contentType","name":"http.header.contentType","fields":{"params":{"name":"params","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Additional parameters for this content type","provider":"go.mondoo.com/cnquery/v9/providers/network"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"MIME type for the content","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"HTTP header Content-Type","private":true,"min_provider_version":"9.0.5","defaults":"type","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.header.setCookie":{"id":"http.header.setCookie","name":"http.header.setCookie","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the cookie to set","provider":"go.mondoo.com/cnquery/v9/providers/network"},"params":{"name":"params","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Additional parameters for setting this cookie","provider":"go.mondoo.com/cnquery/v9/providers/network"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"Value of the cookie to set","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"HTTP header Set-Cookie","private":true,"min_provider_version":"9.0.5","defaults":"name value","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.header.sts":{"id":"http.header.sts","name":"http.header.sts","fields":{"includeSubDomains":{"name":"includeSubDomains","type":"\u0004","is_mandatory":true,"title":"Whether caching applies to subdomains","provider":"go.mondoo.com/cnquery/v9/providers/network"},"maxAge":{"name":"maxAge","type":"\t","is_mandatory":true,"title":"How long to cache HTTPS-only policy in seconds","provider":"go.mondoo.com/cnquery/v9/providers/network"},"preload":{"name":"preload","type":"\u0004","is_mandatory":true,"title":"Non-standard directive for preloading STS","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"HTTP header Strict-Transport-Security","private":true,"min_provider_version":"9.0.5","defaults":"maxAge includeSubDomains preload","provider":"go.mondoo.com/cnquery/v9/providers/network"},"http.header.xssProtection":{"id":"http.header.xssProtection","name":"http.header.xssProtection","fields":{"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the header is enabled (Enabled when the header value is set to 1; disabled if set to 0)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"mode":{"name":"mode","type":"\u0007","is_mandatory":true,"title":"Mode for XSS filtering","provider":"go.mondoo.com/cnquery/v9/providers/network"},"report":{"name":"report","type":"\u0007","is_mandatory":true,"title":"Report endpoint for violations (Chromium only)","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"HTTP header X-XSS-Protection","desc":"Now outdated (replaced by Content Security Policy) and may even cause security vulnerabilities. Examine `enabled`, `mode`, and `report` to see how a server is configuring the legacy XSS filter.","private":true,"min_provider_version":"9.0.5","defaults":"enabled mode report","provider":"go.mondoo.com/cnquery/v9/providers/network"},"openpgp":{"id":"openpgp","fields":{"entities":{"name":"entities","type":"\u001bopenpgp.entities","title":"List of OpenPGP entities parsed from a string","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"entity":{"name":"entity","type":"\u001bopenpgp.entity","title":"OpenPGP entity","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"identity":{"name":"identity","type":"\u001bopenpgp.identity","title":"OpenPGP identity","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"publicKey":{"name":"publicKey","type":"\u001bopenpgp.publicKey","title":"OpenPGP public key","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"signature":{"name":"signature","type":"\u001bopenpgp.signature","title":"OpenPGP signature","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true}},"is_extension":true},"openpgp.entities":{"id":"openpgp.entities","name":"openpgp.entities","fields":{"content":{"name":"content","type":"\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/network"},"list":{"name":"list","type":"\u0019\u001bopenpgp.entity","refs":["\"content\""],"provider":"go.mondoo.com/cnquery/v9/providers/network"}},"list_type":"\u001bopenpgp.entity","title":"List of OpenPGP entities parsed from a string","private":true,"min_provider_version":"9.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"openpgp.entity":{"id":"openpgp.entity","name":"openpgp.entity","fields":{"identities":{"name":"identities","type":"\u0019\u001bopenpgp.identity","title":"Entity's identities","provider":"go.mondoo.com/cnquery/v9/providers/network"},"primaryPublicKey":{"name":"primaryPublicKey","type":"\u001bopenpgp.publicKey","is_mandatory":true,"title":"Primary public key, which must be a signing key","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"OpenPGP entity","private":true,"min_provider_version":"9.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"openpgp.identity":{"id":"openpgp.identity","name":"openpgp.identity","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Free-form comment from the OpenPGP user ID","provider":"go.mondoo.com/cnquery/v9/providers/network"},"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address from the OpenPGP user ID","provider":"go.mondoo.com/cnquery/v9/providers/network"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Primary key fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/network"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Full name in form of `Full Name (comment) \u003cemail@example.com\u003e`","provider":"go.mondoo.com/cnquery/v9/providers/network"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Real name from the OpenPGP user ID","provider":"go.mondoo.com/cnquery/v9/providers/network"},"signatures":{"name":"signatures","type":"\u0019\u001bopenpgp.signature","title":"Identity signatures","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"OpenPGP identity","private":true,"min_provider_version":"9.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"openpgp.publicKey":{"id":"openpgp.publicKey","name":"openpgp.publicKey","fields":{"bitLength":{"name":"bitLength","type":"\u0005","is_mandatory":true,"title":"Key bit length","provider":"go.mondoo.com/cnquery/v9/providers/network"},"creationTime":{"name":"creationTime","type":"\t","is_mandatory":true,"title":"Key creation time","provider":"go.mondoo.com/cnquery/v9/providers/network"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Key fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/network"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Key ID","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyAlgorithm":{"name":"keyAlgorithm","type":"\u0007","is_mandatory":true,"title":"Public key algorithm (e.g., RSA, ECDSA, Ed25519)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"version":{"name":"version","type":"\u0005","is_mandatory":true,"title":"Key version","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"OpenPGP public key","private":true,"min_provider_version":"9.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"openpgp.signature":{"id":"openpgp.signature","name":"openpgp.signature","fields":{"creationTime":{"name":"creationTime","type":"\t","is_mandatory":true,"title":"Creation time","provider":"go.mondoo.com/cnquery/v9/providers/network"},"expiresIn":{"name":"expiresIn","type":"\t","is_mandatory":true,"title":"Expiration duration","provider":"go.mondoo.com/cnquery/v9/providers/network"},"fingerprint":{"name":"fingerprint","type":"\u0007","is_mandatory":true,"title":"Primary key fingerprint","provider":"go.mondoo.com/cnquery/v9/providers/network"},"hash":{"name":"hash","type":"\u0007","is_mandatory":true,"title":"Signature hash","provider":"go.mondoo.com/cnquery/v9/providers/network"},"identityName":{"name":"identityName","type":"\u0007","is_mandatory":true,"title":"Identity name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyAlgorithm":{"name":"keyAlgorithm","type":"\u0007","is_mandatory":true,"title":"Public-key algorithm of the signing key (e.g., RSA, ECDSA, Ed25519)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyExpiresIn":{"name":"keyExpiresIn","type":"\t","is_mandatory":true,"title":"Key expiration duration","provider":"go.mondoo.com/cnquery/v9/providers/network"},"keyLifetimeSecs":{"name":"keyLifetimeSecs","type":"\u0005","is_mandatory":true,"title":"Key lifetime in seconds","provider":"go.mondoo.com/cnquery/v9/providers/network"},"lifetimeSecs":{"name":"lifetimeSecs","type":"\u0005","is_mandatory":true,"title":"Signature lifetime in seconds","provider":"go.mondoo.com/cnquery/v9/providers/network"},"signatureType":{"name":"signatureType","type":"\u0007","is_mandatory":true,"title":"Signature type","provider":"go.mondoo.com/cnquery/v9/providers/network"},"version":{"name":"version","type":"\u0005","is_mandatory":true,"title":"Signature version","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"OpenPGP signature","private":true,"min_provider_version":"9.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"pkix":{"id":"pkix","fields":{"extension":{"name":"extension","type":"\u001bpkix.extension","title":"X.509 PKIX extension","desc":"Examine a single extension carried by an X.509 certificate: its OID identifier (e.g., 2.5.29.37 for extKeyUsage), the `critical` flag, and the raw extension value.","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"name":{"name":"name","type":"\u001bpkix.name","title":"X.509 PKIX name","desc":"Examine a parsed RFC 5280 distinguished name (DN) — the structured form of a certificate's subject or issuer. Surfaces the canonical DN string, common name, country, organization and organizational unit, locality, province, street address, postal code, serial number, and any extra named attributes.","provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true},"sanExtension":{"name":"sanExtension","type":"\u001bpkix.sanExtension","title":"X.509 certificate PKIX Subject Alternative Name (SAN) extension","is_private":true,"provider":"go.mondoo.com/cnquery/v9/providers/network","is_implicit_resource":true}},"is_extension":true},"pkix.extension":{"id":"pkix.extension","name":"pkix.extension","fields":{"critical":{"name":"critical","type":"\u0004","is_mandatory":true,"title":"Whether the extension is critical","provider":"go.mondoo.com/cnquery/v9/providers/network"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Cache key derived from the extension identifier","min_provider_version":"9.1.3","provider":"go.mondoo.com/cnquery/v9/providers/network"},"identifier":{"name":"identifier","type":"\u0007","is_mandatory":true,"title":"Extension identifier (OID, e.g., 2.5.29.37 for extKeyUsage)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"Extension value","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"X.509 PKIX extension","desc":"Examine a single extension carried by an X.509 certificate: its OID identifier (e.g., 2.5.29.37 for extKeyUsage), the `critical` flag, and the raw extension value.","min_provider_version":"9.0.0","defaults":"id","provider":"go.mondoo.com/cnquery/v9/providers/network"},"pkix.name":{"id":"pkix.name","name":"pkix.name","fields":{"commonName":{"name":"commonName","type":"\u0007","is_mandatory":true,"title":"Common name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"country":{"name":"country","type":"\u0019\u0007","is_mandatory":true,"title":"Country","provider":"go.mondoo.com/cnquery/v9/providers/network"},"dn":{"name":"dn","type":"\u0007","is_mandatory":true,"title":"Distinguished name qualifier","provider":"go.mondoo.com/cnquery/v9/providers/network"},"extraNames":{"name":"extraNames","type":"\u001a\u0007\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/network"},"id":{"name":"id","type":"\u0007","is_mandatory":true,"title":"Cache key derived from the distinguished name","provider":"go.mondoo.com/cnquery/v9/providers/network"},"locality":{"name":"locality","type":"\u0019\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/network"},"names":{"name":"names","type":"\u001a\u0007\u0007","is_mandatory":true,"provider":"go.mondoo.com/cnquery/v9/providers/network"},"organization":{"name":"organization","type":"\u0019\u0007","is_mandatory":true,"title":"Organization","provider":"go.mondoo.com/cnquery/v9/providers/network"},"organizationalUnit":{"name":"organizationalUnit","type":"\u0019\u0007","is_mandatory":true,"title":"Organizational unit","provider":"go.mondoo.com/cnquery/v9/providers/network"},"postalCode":{"name":"postalCode","type":"\u0019\u0007","is_mandatory":true,"title":"Postal code","provider":"go.mondoo.com/cnquery/v9/providers/network"},"province":{"name":"province","type":"\u0019\u0007","is_mandatory":true,"title":"State or province","provider":"go.mondoo.com/cnquery/v9/providers/network"},"serialNumber":{"name":"serialNumber","type":"\u0007","is_mandatory":true,"title":"Serial number","provider":"go.mondoo.com/cnquery/v9/providers/network"},"streetAddress":{"name":"streetAddress","type":"\u0019\u0007","is_mandatory":true,"title":"Street address","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"X.509 PKIX name","desc":"Examine a parsed RFC 5280 distinguished name (DN) — the structured form of a certificate's subject or issuer. Surfaces the canonical DN string, common name, country, organization and organizational unit, locality, province, street address, postal code, serial number, and any extra named attributes.","min_provider_version":"9.0.0","defaults":"id dn commonName","provider":"go.mondoo.com/cnquery/v9/providers/network"},"pkix.sanExtension":{"id":"pkix.sanExtension","name":"pkix.sanExtension","fields":{"dnsNames":{"name":"dnsNames","type":"\u0019\u0007","is_mandatory":true,"title":"DNS names","provider":"go.mondoo.com/cnquery/v9/providers/network"},"emailAddresses":{"name":"emailAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"Email addresses","provider":"go.mondoo.com/cnquery/v9/providers/network"},"extension":{"name":"extension","type":"\u001bpkix.extension","is_mandatory":true,"title":"x509 certificate PKIX extension","provider":"go.mondoo.com/cnquery/v9/providers/network"},"ipAddresses":{"name":"ipAddresses","type":"\u0019\u0007","is_mandatory":true,"title":"IP addresses","provider":"go.mondoo.com/cnquery/v9/providers/network"},"uris":{"name":"uris","type":"\u0019\u0007","is_mandatory":true,"title":"URIs","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"X.509 certificate PKIX Subject Alternative Name (SAN) extension","private":true,"min_provider_version":"9.1.2","defaults":"dnsNames","provider":"go.mondoo.com/cnquery/v9/providers/network"},"socket":{"id":"socket","name":"socket","fields":{"address":{"name":"address","type":"\u0007","is_mandatory":true,"title":"Target address (hostname or IP)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port number","provider":"go.mondoo.com/cnquery/v9/providers/network"},"protocol":{"name":"protocol","type":"\u0007","is_mandatory":true,"title":"Transport protocol (e.g., tcp, udp)","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"title":"Network socket","desc":"Examine an addressable network endpoint by `protocol`, `port`, and `address`. Used as a building block for higher-level resources like `tls` that need to know \"what to talk to\".","min_provider_version":"9.0.0","defaults":"protocol port address","provider":"go.mondoo.com/cnquery/v9/providers/network"},"tls":{"id":"tls","name":"tls","fields":{"certificateMatchesDomain":{"name":"certificateMatchesDomain","type":"\u0004","title":"Whether the served leaf certificate covers the connection hostname","desc":"Matches the connection's domain name against the leaf certificate's Subject Alternative Name DNS entries using RFC 6125 wildcard rules, so `*.example.com` covers `api.example.com`. Unlike chain verification, this isolates hostname coverage — it is true when the certificate vouches for the host you connected to, independent of chain trust or expiry. Null when the connection has no domain name to match, such as when connecting directly to an IP address.","min_provider_version":"13.0.8","provider":"go.mondoo.com/cnquery/v9/providers/network"},"certificates":{"name":"certificates","type":"\u0019\u001bcertificate","refs":["\"socket\"","\"domainName\""],"title":"Certificates provided in this TLS/SSL connection","provider":"go.mondoo.com/cnquery/v9/providers/network"},"ciphers":{"name":"ciphers","type":"\u0019\u0007","refs":["\"params\""],"title":"Ciphers supported by this TLS/SSL connection","provider":"go.mondoo.com/cnquery/v9/providers/network"},"domainName":{"name":"domainName","type":"\u0007","is_mandatory":true,"title":"An optional domain name to test","provider":"go.mondoo.com/cnquery/v9/providers/network"},"extensions":{"name":"extensions","type":"\u0019\u0007","refs":["\"params\""],"title":"Extensions supported by this TLS/SSL connection","provider":"go.mondoo.com/cnquery/v9/providers/network"},"negotiatedCipher":{"name":"negotiatedCipher","type":"\u0007","refs":["\"socket\"","\"domainName\""],"title":"Cipher suite negotiated by a modern client (e.g., \"TLS_AES_128_GCM_SHA256\")","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"negotiatedGroup":{"name":"negotiatedGroup","type":"\u0007","refs":["\"socket\"","\"domainName\""],"title":"Key exchange group negotiated during the TLS handshake (e.g., X25519, X25519MLKEM768)","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"negotiatedVersion":{"name":"negotiatedVersion","type":"\u0007","refs":["\"socket\"","\"domainName\""],"title":"TLS version negotiated by a modern client (e.g., \"TLS 1.3\")","min_provider_version":"13.0.1","provider":"go.mondoo.com/cnquery/v9/providers/network"},"nonSniCertificates":{"name":"nonSniCertificates","type":"\u0019\u001bcertificate","refs":["\"socket\"","\"domainName\""],"title":"Certificates provided without server name indication (SNI)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"params":{"name":"params","type":"\n","refs":["\"socket\"","\"domainName\""],"title":"List of all parameters for this TLS/SSL connection","provider":"go.mondoo.com/cnquery/v9/providers/network"},"socket":{"name":"socket","type":"\u001bsocket","is_mandatory":true,"title":"Socket of this connection","provider":"go.mondoo.com/cnquery/v9/providers/network"},"versions":{"name":"versions","type":"\u0019\u0007","refs":["\"params\""],"title":"Version of TLS/SSL that is being used","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"init":{"args":[{"name":"target","type":"\u0007"}]},"title":"TLS/SSL connection inspection","desc":"Examine the TLS posture of a network endpoint. Initialize with `tls(target: \"host:port\")` (an optional `domainName` enables SNI testing). Surfaces every TLS / SSL version the endpoint accepts, the cipher suites and extensions advertised, the version / cipher / key-exchange group a modern client actually negotiates, and the served certificate chain — both the SNI-aware chain and the non-SNI fallback. The resource an audit uses to find weak protocol versions, weak ciphers, expired certs, and missing OCSP / SCT support.","min_provider_version":"9.0.0","defaults":"socket domainName","provider":"go.mondoo.com/cnquery/v9/providers/network"},"url":{"id":"url","name":"url","fields":{"host":{"name":"host","type":"\u0007","is_mandatory":true,"title":"Host, either registered name or IP (e.g., mondoo.com)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"password":{"name":"password","type":"\u0007","is_mandatory":true,"title":"Password, an additional optional component of the user info","provider":"go.mondoo.com/cnquery/v9/providers/network"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Path, consisting of segments separated by '/'","provider":"go.mondoo.com/cnquery/v9/providers/network"},"port":{"name":"port","type":"\u0005","is_mandatory":true,"title":"Port, optional decimal number (e.g., 80)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"query":{"name":"query","type":"\u001a\u0007\u0007","is_mandatory":true,"title":"Query, optional, attached to path via '?', parsed via '\u0026' and ';' delimiters","provider":"go.mondoo.com/cnquery/v9/providers/network"},"rawFragment":{"name":"rawFragment","type":"\u0007","is_mandatory":true,"title":"Fragment, optional raw string attached to path after '#'","provider":"go.mondoo.com/cnquery/v9/providers/network"},"rawQuery":{"name":"rawQuery","type":"\u0007","is_mandatory":true,"title":"Raw query, optional raw string attached to path after '?'","provider":"go.mondoo.com/cnquery/v9/providers/network"},"scheme":{"name":"scheme","type":"\u0007","is_mandatory":true,"title":"Scheme (e.g., http, https, ssh)","provider":"go.mondoo.com/cnquery/v9/providers/network"},"string":{"name":"string","type":"\u0007","title":"The full URL as a string","provider":"go.mondoo.com/cnquery/v9/providers/network"},"user":{"name":"user","type":"\u0007","is_mandatory":true,"title":"User component (can contain username or token but no password)","provider":"go.mondoo.com/cnquery/v9/providers/network"}},"init":{"args":[{"name":"raw","type":"\u0007"}]},"title":"Parsed URL","desc":"Examine a parsed URL, generally represented as `[scheme:][//[user[:password]@]host[:port]][/]path[?query][#fragment]`. Initialize with `url(raw: \"https://user:pass@host:443/p?q=1#f\")` and inspect any of the parsed components individually: scheme, user / password user-info pair, host, port, path, parsed query map, raw query string, and fragment.","min_provider_version":"9.0.5","defaults":"string","provider":"go.mondoo.com/cnquery/v9/providers/network"}}}