ORT-AUDIT-JSON(1) General Commands Manual ORT-AUDIT-JSON(1)

ort-audit-jsonaudit ort role access as JSON

ort-audit-json [-s] [-r role] [config...]

Accepts ort(5) config files, defaulting to standard input, and generates a JSON or JavaScript audit report on standard output. Its arguments are as follows:

Emit a full JavaScript document instead of just a JSON object.
Audit the named role.

By default, the all role is audited. The audit consists of all operations and reachable structures and fields along with documentation and other information germane to the audit target.

Output is formatted in JSON or as a JavaScript document. In the default JSON case, the output conforms to the following:

interface auditAccessFrom {
  function: string;
  exporting: boolean;
  path: string;

interface auditAccess {
  exportable: boolean;
  data: string[];
  accessfrom: auditAccessFrom[];
  insert: string|null;
  delete: string[];
  update: string[];
  count: string[];
  get: string[];
  iterate: string[];
  list: string[];

interface auditFunction{
  doc: string|null;
  type: 'insert'|'delete'|...;

interface auditFunctionSet {
  [name: string]: auditFunction;

interface auditField {
  export: boolean;
  doc: string|null;

interface auditFieldSet {
  [name: string]: auditField;

export interface audit {
  role: string;
  doc: string|null;
  access: auditAccess[];
  functions: auditFunctionSet;
  fields: auditFieldSet;

The root object is a "audit" object. If the -s flag is given, the "audit" object is wrapped as follows:

(function(root) {
 'use strict';
 var audit = { /* Contents of audit object. */ };

The audit.css, audit.html, and audit.js files, all installed into the share directory, provide an example implementation of a web-based front-end. By putting these into a single directory along with audit-out.js, consisting of the output of ort-audit-json with -s, a browser may be used to audit a role's access.

The ort-audit-json utility exits 0 on success, and >0 if an error occurs.


October 25, 2021 OpenBSD 6.7