使用TerraScan静态扫描KubernetsIaC文件

news2024/11/15 2:12:11

terrascan

https://github.com/tenable/terrascan
在这里插入图片描述

Terrascan 是基础架构即代码的静态代码分析器。Terrascan 允许:

  • 将基础架构作为代码无缝扫描,以查找错误配置。
  • 监控已配置的云基础架构,以查找引入终端安全评估漂移的配置更改,并启用恢复到安全终端
  • 检测安全漏洞和违规行为。
  • 在配置云原生基础架构之前降低风险。
  • 提供在本地运行或与 CI\CD 集成的灵活性。

terrascan的基本原理是,通过内置的策略,对目标进行扫描。使用前需要下载策略库,而策略库是经常更新的。类似于扫描病毒需要下载病毒库。它还有一个特点是支持涵盖了IaC和容器领域的的文件扫描:

  • Terraform (HCL2)
  • AWS CloudFormation Templates (CFT)
  • Azure Resource Manager (ARM)
  • Kubernetes (JSON/YAML), Helm v3, and Kustomize
  • Dockerfiles

可见IaC中常用的Cfn,Terraform,以及容器领域的K8S,Helm,Kustomize,Dockerfile都有支持,
一个产品搞定,不需要再部署其他的工具,简化了CICD的设计。

安装(Linux)

# 下载
aria2c https://github.com/tenable/terrascan/releases/download/v1.19.1/terrascan_1.19.1_Linux_x86_64.tar.gz

# 没有aria2c可以直接用wget
wget https://github.com/tenable/terrascan/releases/download/v1.19.1/terrascan_1.19.1_Linux_x86_64.tar.gz

# 解压
tar -xzvf terrascan.tar.gz

#安装
install terrascan /usr/local/bin && rm terrascan

命令帮助

Usage:
  terrascan [command]

Available Commands:
  init        Initializes Terrascan and clones policies from the Terrascan GitHub repository.
  scan        Detect compliance and security violations across Infrastructure as Code.
  server      Run Terrascan as an API server
  version     Terrascan version

Flags:
  -c, --config-path string      config file path
  -l, --log-level string        log level (debug, info, warn, error, panic, fatal) (default "info")
      --log-output-dir string   directory path to write the log and output files
  -x, --log-type string         log output type (console, json) (default "console")
  -o, --output string           output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human")
      --temp-dir string         temporary directory path to download remote repository,module and templates

init:下载策略库,即从策略库仓库 git clone到本地$HOME/.terrascan目录
scan:具体的scan命令,命令行方式使用
server:作为服务器,提供API供外部调用使用,方便和第三方系统整合

扫描参数

  • 指定路径(默认为当前路径) -d
  • 指定文件 -f
  • 指定远程存储路径 -r
    • git, s3, gcs, http, terraform-registry
    • -u 指定具体的url
  • 指定目标类型 -i

arm, cft, docker, helm, k8s, kustomize, terraform, tfplan

  -i, --iac-type string           iac type (arm, cft, docker, helm, k8s, kustomize, terraform, tfplan)
      --iac-version string        iac version (arm: v1, cft: v1, docker: v1, helm: v3, k8s: v1, kustomize: v2, v3, v4, terraform: v12, v13, v14, v15, tfplan: v1)
  • 指定输出格式
    • yaml, json, human(默认),xml

工作原理

初次执行时,先从github上下载对应的策略库,并根据策略库的要求检查目标文件。
也可以主动指定init命令更新策略库

命令行执行

  1. 测试用例文件
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: default
spec:
  replicas: 2
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        resources: {}
        volumeMounts:
        - mountPath: /data
          name: mytest
      restartPolicy: Always
      volumes:
      - name: mytest
        persistentVolumeClaim:
          claimName: my-test-pvc
  1. 执行命令行
terrascan scan -i k8s -f nginx.yaml 
terrascan scan -i k8s -f nginx.yaml -o json
terrascan scan -i k8s -f nginx.yaml -o yaml
  1. 检查结果
k8s@k8s-devp-master:~/yaml$ terrascan scan -i k8s -f nginx.yaml

Violation Details -

        Description    :        Memory Limits Not Set in config file.
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Apply Security Context to Your Pods and Containers
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        No readiness probe will affect automatic recovery in case of unexpected errors
        File           :        nginx.yaml
        Line           :        1
        Severity       :        LOW
        -----------------------------------------------------------------------

        Description    :        CPU Limits Not Set in config file.
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Container images with readOnlyRootFileSystem set as false mounts the container root file system with write permissions
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Memory Request Not Set in config file.
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        No liveness probe will ensure there is no recovery in case of unexpected errors
        File           :        nginx.yaml
        Line           :        1
        Severity       :        LOW
        -----------------------------------------------------------------------

        Description    :        Image without digest affects the integrity principle of image security
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        CPU Request Not Set in config file.
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Minimize Admission of Root Containers
        File           :        nginx.yaml
        Line           :        1
        Severity       :        HIGH
        -----------------------------------------------------------------------

        Description    :        Default Namespace Should Not be Used
        File           :        nginx.yaml
        Line           :        1
        Severity       :        HIGH
        -----------------------------------------------------------------------

        Description    :        Containers Should Not Run with AllowPrivilegeEscalation
        File           :        nginx.yaml
        Line           :        1
        Severity       :        HIGH
        -----------------------------------------------------------------------

        Description    :        Default seccomp profile not enabled will make the container to make non-essential system calls
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        AppArmor profile not set to default or custom profile will make the container vulnerable to kernel level threats
        File           :        nginx.yaml
        Line           :        1
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        No tag or container image with :Latest tag makes difficult to rollback and track
        File           :        nginx.yaml
        Line           :        1
        Severity       :        LOW
        -----------------------------------------------------------------------


Scan Summary -

        File/Folder         :   /home/k8s/yaml/nginx.yaml
        IaC Type            :   k8s
        Scanned At          :   2024-04-19 08:37:56.943717392 +0000 UTC
        Policies Validated  :   42
        Violated Policies   :   15
        Low                 :   3
        Medium              :   9
        High                :   3

作为服务启动

  1. 启动
k8s@k8s-devp-master:~/yaml$ terrascan server -p 10888
2024-04-19T09:02:06.409Z        info    http-server/start.go:63 registering routes...
2024-04-19T09:02:06.409Z        info    http-server/start.go:75 Route GET - /health
2024-04-19T09:02:06.409Z        info    http-server/start.go:75 Route GET - /v1/providers
2024-04-19T09:02:06.409Z        info    http-server/start.go:75 Route POST - /v1/{iac}/{iacVersion}/{cloud}/local/file/scan
2024-04-19T09:02:06.409Z        info    http-server/start.go:75 Route POST - /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan
2024-04-19T09:02:06.409Z        info    http-server/start.go:75 Route POST - /v1/k8s/webhooks/{apiKey}/scan/validate
2024-04-19T09:02:06.409Z        info    http-server/start.go:109        http server listening at port 10888
  1. 执行

Server模式下,如何使用几乎没有任何说明,只能参考其源码猜测:
https://github.com/tenable/terrascan/blob/master/pkg/http-server/routes.go
https://github.com/tenable/terrascan/blob/master/pkg/http-server/file-scan_test.go

// Routes returns a slice of routes of API endpoints to be registered with
// http server
func (g *APIServer) Routes() []*Route {
    h := NewAPIHandler()
    routes := []*Route{
        {verb: "GET", path: "/health", fn: h.Health},
        {verb: "GET", path: versionedPath("/providers"), fn: h.iacProviders},
        {verb: "POST", path: versionedPath("/{iac}/{iacVersion}/{cloud}/local/file/scan"), fn: h.scanFile},
        {verb: "POST", path: versionedPath("/{iac}/{iacVersion}/{cloud}/remote/dir/scan"), fn: h.scanRemoteRepo},

        // k8s webhook Routes
        {verb: "POST", path: versionedPath("/k8s/webhooks/{apiKey}/scan/validate"), fn: h.validateK8SWebhook},
    }

    return routes
}
// http request of the type "/v1/{iacType}/{iacVersion}/{cloudType}/file/scan"
			url := fmt.Sprintf("/v1/%s/%s/%s/local/file/scan", tt.iacType, tt.iacVersion, tt.cloudType)

可以看到,它支持如下功能:

  • /providers:功能支持列表
  • /{iac}/{iacVersion}/{cloud}/local/file/scan:本地文件扫描
  • /{iac}/{iacVersion}/{cloud}/remote/dir/scan:远程目录扫描
  • /k8s/webhooks/{apiKey}/scan/validate:和Kubernetes整合用的webhook

功能列表获取

k8s@k8s-devp-master:~/yaml$ curl -X GET  -L http://localhost:10888/v1/providers
[
  {
    "type": "arm",
    "versions": [
      "v1"
    ],
    "defaultVersion": "v1"
  },
  {
    "type": "cft",
    "versions": [
      "v1"
    ],
    "defaultVersion": "v1"
  },
  {
    "type": "docker",
    "versions": [
      "v1"
    ],
    "defaultVersion": "v1"
  },
  {
    "type": "helm",
    "versions": [
      "v3"
    ],
    "defaultVersion": "v3"
  },
  {
    "type": "k8s",
    "versions": [
      "v1"
    ],
    "defaultVersion": "v1"
  },
  {
    "type": "kustomize",
    "versions": [
      "v2",
      "v3",
      "v4"
    ],
    "defaultVersion": "v4"
  },
  {
    "type": "terraform",
    "versions": [
      "v12",
      "v13",
      "v14",
      "v15"
    ],
    "defaultVersion": "v15"
  },
  {
    "type": "tfplan",
    "versions": [
      "v1"
    ],
    "defaultVersion": "v1"
  }

根据以上结果可以拼接访问URL:

  • kubernetes扫描:http://localhost:10888/v1/k8s/v1/k8s/local/file/scan
  • Dockerfile扫描:http://localhost:10888/v1/docker/v1/docker/local/file/scan

另外文件扫描接口只支持multipart/form-data类型的文件上传,不能作为POST的数据直接上传。
命令行参考以下:
可以看到执行结果和命令行一样,json格式。file等信息是内部中间结果信息,可忽略。

 curl -X POST  -L http://localhost:10888/v1/k8s/v1/k8s/local/file/scan -F 'file=@./nginx.yaml'
 
 {
  "results": {
    "violations": [
      {
        "rule_name": "privilegeEscalationCheck",
        "description": "Containers Should Not Run with AllowPrivilegeEscalation",
        "rule_id": "AC_K8S_0085",
        "severity": "HIGH",
        "category": "Compliance Validation",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "secCompProfile",
        "description": "Default seccomp profile not enabled will make the container to make non-essential system calls",
        "rule_id": "AC_K8S_0080",
        "severity": "MEDIUM",
        "category": "Identity and Access Management",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "appArmorProfile",
        "description": "AppArmor profile not set to default or custom profile will make the container vulnerable to kernel level threats",
        "rule_id": "AC_K8S_0073",
        "severity": "MEDIUM",
        "category": "Identity and Access Management",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "imageWithoutDigest",
        "description": "Image without digest affects the integrity principle of image security",
        "rule_id": "AC_K8S_0069",
        "severity": "MEDIUM",
        "category": "Infrastructure Security",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "securityContextUsed",
        "description": "Apply Security Context to Your Pods and Containers",
        "rule_id": "AC_K8S_0064",
        "severity": "MEDIUM",
        "category": "Infrastructure Security",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "MemorylimitsCheck",
        "description": "Memory Limits Not Set in config file.",
        "rule_id": "AC_K8S_0100",
        "severity": "MEDIUM",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "runAsNonRootCheck",
        "description": "Minimize Admission of Root Containers",
        "rule_id": "AC_K8S_0087",
        "severity": "HIGH",
        "category": "Identity and Access Management",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "MemoryRequestsCheck",
        "description": "Memory Request Not Set in config file.",
        "rule_id": "AC_K8S_0099",
        "severity": "MEDIUM",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "nolivenessProbe",
        "description": "No liveness probe will ensure there is no recovery in case of unexpected errors",
        "rule_id": "AC_K8S_0070",
        "severity": "LOW",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "noReadinessProbe",
        "description": "No readiness probe will affect automatic recovery in case of unexpected errors",
        "rule_id": "AC_K8S_0072",
        "severity": "LOW",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "readOnlyFileSystem",
        "description": "Container images with readOnlyRootFileSystem set as false mounts the container root file system with write permissions",
        "rule_id": "AC_K8S_0078",
        "severity": "MEDIUM",
        "category": "Identity and Access Management",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "imageWithLatestTag",
        "description": "No tag or container image with :Latest tag makes difficult to rollback and track",
        "rule_id": "AC_K8S_0068",
        "severity": "LOW",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "otherNamespace",
        "description": "Default Namespace Should Not be Used",
        "rule_id": "AC_K8S_0086",
        "severity": "HIGH",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "CpulimitsCheck",
        "description": "CPU Limits Not Set in config file.",
        "rule_id": "AC_K8S_0098",
        "severity": "MEDIUM",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      },
      {
        "rule_name": "CpuRequestsCheck",
        "description": "CPU Request Not Set in config file.",
        "rule_id": "AC_K8S_0097",
        "severity": "MEDIUM",
        "category": "Security Best Practices",
        "resource_name": "nginx",
        "resource_type": "kubernetes_deployment",
        "file": "terrascan-3209226987.yaml",
        "line": 1
      }
    ],
    "skipped_violations": null,
    "scan_summary": {
      "file/folder": "/tmp/terrascan-3209226987.yaml",
      "iac_type": "k8s",
      "scanned_at": "2024-04-19 09:13:38.989530627 +0000 UTC",
      "policies_validated": 42,
      "violated_policies": 15,
      "low": 3,
      "medium": 9,
      "high": 3
    }
  }


本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1678903.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

IP-GUARD如何制作授权软件

1、进入控制台 -> 找到文档安全管理 -> 点击授权软件管理 -> 导出授权软件(名称自定义) 2、打开这个蓝宝石工具,并将导出的文件进行打开 选择你要操作的软件进行编辑,然后一直下一步 3、选择要操作的软件进行编辑

【全开源】JAVA语聊大厅+陪玩系统语音聊天APP系统源码

打造全新社交娱乐体验 在数字化社交的浪潮中,人们渴望找到一种既能畅聊又能共享娱乐的新方式。为了满足这一需求,我们推出了“语聊大厅陪玩系统源码”,这是一款集合了语音聊天与陪玩功能的综合性社交娱乐解决方案。 核心功能 语音聊天大厅…

图文成片剪辑软件,分享3个专业的工具!

在数字化时代,图文成片剪辑软件成为了我们创作与表达的重要工具。无论是想要制作一段引人入胜的短视频,还是打造一幅精美的图文海报,这些软件都能助你一臂之力。那么,图文成片剪辑软件的方法有哪些?又有哪些值得一试的…

DBeaver配置离线驱动

因为部署的服务器为无网环境,所以在服务器上使用DBeaver需要配置离线驱动 我们在有网的环境下,安装DBeaver。把驱动下载下来,然后再拷贝到没网的设备上 一、下载驱动 1.在有网的设备上,打开DBeaver 2.找到窗口,选择…

[论文阅读]FINE-TUNE THE PRETRAINED ATST MODEL FOR SOUND EVENT DETECTION

摘要 本研究提出了一种微调预训练模型ATST(音频师生转换模型)的方法,用于声音事件检测(SED)。通过引入ATST-Frame模型,该方法在DCASE挑战任务4数据集上取得了新的SOTA结果,有效解决了预训练模型…

STM32学习-1 新建工程

教学资料来自【STM32入门教程-2023版 细致讲解 中文字幕】 https://www.bilibili.com/video/BV1th411z7sn/?p5&share_sourcecopy_web&vd_sourcec6cfedd1c739ca8502f041514e158616 在keil中,每个代码最后一行必须是空的,不然运行会报错 配置库函…

2024自学网络安全的三个必经阶段(含路线图)_网络安全自学路线

一、为什么选择网络安全? 这几年随着我国《国家网络空间安全战略》《网络安全法》《网络安全等级保护2.0》等一系列政策/法规/标准的持续落地,网络安全行业地位、薪资随之水涨船高。 未来3-5年,是安全行业的黄金发展期,提前踏入…

C++类与对象基础探秘系列(三)

目录 再谈构造函数 构造函数体赋值 初始化列表 explicit关键字 static成员 概念 特性 友元 友元函数 友元类 内部类 概念 特性 匿名对象 再次理解类和对象 再谈构造函数 构造函数体赋值 在创建对象时,编译器会通过调用构造函数,给对象中的各个成员…

【数据分析面试】44.分析零售客户群体(Python 集合Set的用法)

题目 假设你是一家在线零售商的数据库管理员,需要分析两类客户的数据。一个集合 purchased_customers 包含在最近一次促销活动中购买了商品的客户ID,另一个集合 newsletter_subscribers 包含订阅了新闻通讯的客户ID。编写一个函数 analyze_customers&am…

2024一站式解决 python打包代码,发布到pypi

2024一站式解决 python打包代码,发布到pypi 文章目录 2024一站式解决 python打包代码,发布到pypi一、前言二、pypi账户注册与配置2.1 账户注册2.2 双因素认证2.3 API token生成 三、代码打包3.1 准备代码3.2 编写setup.py文件3.3 LICENSE3.3.1 常见的开源…

生信人写程序1. Perl语言模板及配置

生物信息领域常用语言 个人认为:是否能熟悉使用Shell(项目流程搭建)R(数据统计与可视化)Perl/Python/Java…(胶水语言,数据格式转换,软件间衔接)三门语言是一位合格生物信息工程师的标准。 生物信息常用语言非常广泛,我常用的有…

IT行业的现状和未来发展趋势:技术创新、市场需求、人才培养、政策法规和社会影响

🎩 欢迎来到技术探索的奇幻世界👨‍💻 📜 个人主页:一伦明悦-CSDN博客 ✍🏻 作者简介: C软件开发、Python机器学习爱好者 🗣️ 互动与支持:💬评论 &…

SOLIDWORKS 2024云服务新功能

一、简单的分享一下,在线观看,轻松标记 在达索系统SOLIDWORKS 2024云服务中,您只需在达索系统SOLIDWORKS中点击按钮,就可以将当前的设计分享给其他人,无论是客户、供应商还是团队内部成员。共享的用户只要打开浏览器里…

volatile能保证原子性吗?为什么?

一、问题解析 volatile通常被比喻成”轻量级的synchronized“,也是Java并发编程中比较重要的一个关键字。和synchronized不同,volatile是一个变量修饰符,只能用来修饰变量。无法修饰方法及代码块等。 volatile的用法比较简单,只需…

intel三年来首次大更新竟然倒吸牙膏,线程数砍掉25%!

每年科技圈最热闹的几个话题,无非是几大科技公司发布新的产品,那这其中必然有核心巨头 intel 的身影。 据外媒 Benchlife 披露,英特尔计划在其 Arrow Lake-S 架构 Core Ultra 200 台式机 CPU 系列中推出共计 21 款 CPU。 这是 intel 首次在桌…

【嵌入式大赛应用赛道】机械手臂

电机 进步电机:它的转动是以确定的步数进行的,只要计算好脉冲数量和频率,就可以准确预测和控制电机的转动角度、速度以及停止的位置 伺服电机:将输入的电信号(如电压或电流指令)转换成轴上的精确旋转运动…

突发!超60篇被标记!Elsevier旗下顶刊,“On Hold”长达10个月!再次沦陷“新”风波!

【欧亚科睿学术】 近日,中科院老牌TOP期刊Chemosphere对超过60篇论文发布了关注声明,原因是正在调查可能存在的编辑利益冲突、作者身份异常以及同行评审和引用操纵问题。 图片来源:期刊官网 2024年4月11日,该期刊在线发布的一份…

WT99C262-SG LoRa开发板使用教程

WT99C262-SG模块是全新一代的Wi-FiBLELoRa无线扩频模块,基于启明云端WTLRC262-SG系列模组设计开发的新一代LoRa扩频芯片方案设计的无线串口模块。具有多种传输方式,LoRa扩频技术,且模组大部分管脚均已引出至两侧排针,开发人员可根…

msvcp140_codecvt_ids.dll找不到要如何处理?简单的修复方法分享

在使用Windows操作系统时,用户可能会遇到“无法找到msvcp140_codecvt_ids.dll”这一错误信息。该提示通常发生在启动某些应用程序时,提示失去了关键的动态链接库文件(DLL)依赖。此DLL文件属于Microsoft Visual C Redistributable软…