detector

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CharacterSubstitution 

type CharacterSubstitution struct {
	Original    rune
	Substitutes []rune
	Type        string // "visual", "phonetic", "keyboard"
	Weight      float64
}

CharacterSubstitution represents common character substitution patterns

type CheckPackageResult 

type CheckPackageResult struct {
	Package         string                 `json:"package"`
	Registry        string                 `json:"registry"`
	ThreatLevel     string                 `json:"threat_level"`
	Confidence      float64                `json:"confidence"`
	Threats         []types.Threat         `json:"threats"`
	Warnings        []types.Warning        `json:"warnings"`
	SimilarPackages []string               `json:"similar_packages,omitempty"`
	Details         map[string]interface{} `json:"details,omitempty"`
}

CheckPackageResult represents the result of a single package check

type CommunityFlag 

type CommunityFlag struct {
	Type        string    `json:"type"`
	Description string    `json:"description"`
	Reporter    string    `json:"reporter"`
	ReportedAt  time.Time `json:"reported_at"`
	Verified    bool      `json:"verified"`
}

CommunityFlag represents community-reported issues

type DependencyChange 

type DependencyChange struct {
	Type       string `json:"type"` // "added", "removed", "updated"
	Dependency string `json:"dependency"`
	OldVersion string `json:"old_version,omitempty"`
	NewVersion string `json:"new_version,omitempty"`
	Suspicious bool   `json:"suspicious"`
}

type DependencyConfusionDetector 

type DependencyConfusionDetector struct {
	// contains filtered or unexported fields
}

DependencyConfusionDetector detects packages that exploit dependency confusion vulnerabilities

func NewDependencyConfusionDetector 

func NewDependencyConfusionDetector(config *config.Config, mlAnalyzer *ml.MLAnalyzer, logger Logger) *DependencyConfusionDetector

NewDependencyConfusionDetector creates a new dependency confusion detector

func (*DependencyConfusionDetector) Analyze 

func (d *DependencyConfusionDetector) Analyze(ctx context.Context, pkg *types.Package) (*DependencyConfusionResult, error)

Analyze performs dependency confusion analysis on a package

type DependencyConfusionResult 

type DependencyConfusionResult struct {
	IsConfusionRisk     bool                   `json:"is_confusion_risk"`
	ConfusionScore      float64                `json:"confusion_score"`
	NamespaceCollisions []NamespaceCollision   `json:"namespace_collisions"`
	ScopeAnalysis       ScopeAnalysis          `json:"scope_analysis"`
	Recommendations     []string               `json:"recommendations"`
	Details             map[string]interface{} `json:"details"`
}

DependencyConfusionResult represents the result of dependency confusion analysis

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine is the main detection engine that orchestrates various detection algorithms

func New 

func New(cfg *config.Config) *Engine

New creates a new detection engine

func (*Engine) Analyze 

func (e *Engine) Analyze(ctx context.Context, deps []types.Dependency, options *Options) ([]types.Threat, []types.Warning, error)

Analyze performs threat analysis on the given dependencies

func (*Engine) AnalyzeDependency 

func (e *Engine) AnalyzeDependency(dep types.Dependency, allPackageNames []string, options *Options) ([]types.Threat, []types.Warning)

AnalyzeDependency analyzes a single dependency for threats

func (*Engine) CheckPackage 

func (e *Engine) CheckPackage(ctx context.Context, packageName, registry string) (*CheckPackageResult, error)

CheckPackage performs threat analysis on a single package

func (*Engine) Version 

func (e *Engine) Version() string

Version returns the detector engine version

type EnhancedDetectionConfig 

type EnhancedDetectionConfig struct {
	KeyboardProximityWeight  float64
	VisualSimilarityWeight   float64
	PhoneticSimilarityWeight float64
	MinSimilarityThreshold   float64
	MaxEditDistance          int
	EnableKeyboardAnalysis   bool
	EnableVisualAnalysis     bool
	EnablePhoneticAnalysis   bool
}

EnhancedDetectionConfig contains configuration for enhanced detection

type EnhancedTyposquattingDetector 

type EnhancedTyposquattingDetector struct {
	// contains filtered or unexported fields
}

EnhancedTyposquattingDetector implements advanced typosquatting detection

func NewEnhancedTyposquattingDetector 

func NewEnhancedTyposquattingDetector() *EnhancedTyposquattingDetector

NewEnhancedTyposquattingDetector creates a new enhanced detector

func (*EnhancedTyposquattingDetector) DetectEnhanced 

func (etd *EnhancedTyposquattingDetector) DetectEnhanced(target types.Dependency, allPackages []string, threshold float64) []types.Threat

DetectEnhanced performs enhanced typosquatting detection

type HomoglyphDetector 

type HomoglyphDetector struct {
	// contains filtered or unexported fields
}

HomoglyphDetector detects homoglyph-based typosquatting attacks

func NewHomoglyphDetector 

func NewHomoglyphDetector() *HomoglyphDetector

NewHomoglyphDetector creates a new homoglyph detector

func (*HomoglyphDetector) Detect 

func (hd *HomoglyphDetector) Detect(target types.Dependency, allPackages []string) []types.Threat

Detect finds potential homoglyph-based typosquatting

type IntegrityAnalysis 

type IntegrityAnalysis struct {
	ChecksumVerification  bool     `json:"checksum_verification"`
	SignatureVerification bool     `json:"signature_verification"`
	SourceConsistency     bool     `json:"source_consistency"`
	IntegrityScore        float64  `json:"integrity_score"`
	IntegrityIssues       []string `json:"integrity_issues"`
}

IntegrityAnalysis represents package integrity verification

type KeyboardLayout 

type KeyboardLayout struct {
	Name   string
	Layout map[rune][]rune // character -> adjacent characters
	Rows   []string        // keyboard rows for row-based analysis
}

KeyboardLayout represents different keyboard layouts for proximity analysis

type LexicalDetector 

type LexicalDetector struct {
	// contains filtered or unexported fields
}

LexicalDetector implements lexical similarity detection

func NewLexicalDetector 

func NewLexicalDetector(cfg *config.Config) *LexicalDetector

NewLexicalDetector creates a new lexical detector

func (*LexicalDetector) Detect 

func (ld *LexicalDetector) Detect(target types.Dependency, allPackages []string, threshold float64) []types.Threat

Detect performs lexical similarity detection

type Logger 

type Logger interface {
	Debug(msg string, args map[string]interface{})
	Info(msg string, args map[string]interface{})
	Warn(msg string, args map[string]interface{})
	Error(msg string, args map[string]interface{})
}

Logger interface for dependency confusion detector

type Maintainer 

type Maintainer struct {
	Username        string    `json:"username"`
	Email           string    `json:"email"`
	JoinDate        time.Time `json:"join_date"`
	PackageCount    int       `json:"package_count"`
	ActivityLevel   string    `json:"activity_level"`
	ReputationScore float64   `json:"reputation_score"`
	Verified        bool      `json:"verified"`
	Suspicious      bool      `json:"suspicious"`
}

Supporting types

type MaintainerAnalysis 

type MaintainerAnalysis struct {
	CurrentMaintainers   []Maintainer       `json:"current_maintainers"`
	RecentChanges        []MaintainerChange `json:"recent_changes"`
	ReputationScore      float64            `json:"reputation_score"`
	SuspiciousActivities []string           `json:"suspicious_activities"`
	VerificationStatus   string             `json:"verification_status"`
}

MaintainerAnalysis represents maintainer reputation and change analysis

type MaintainerChange 

type MaintainerChange struct {
	Type        string     `json:"type"` // "added", "removed", "permissions_changed"
	Maintainer  Maintainer `json:"maintainer"`
	Timestamp   time.Time  `json:"timestamp"`
	Description string     `json:"description"`
}

type MalwareReport 

type MalwareReport struct {
	Source      string    `json:"source"`
	Type        string    `json:"type"`
	Description string    `json:"description"`
	Confidence  float64   `json:"confidence"`
	ReportedAt  time.Time `json:"reported_at"`
}

MalwareReport represents a malware detection report

type NamespaceCollision 

type NamespaceCollision struct {
	PackageName     string  `json:"package_name"`
	CollisionType   string  `json:"collision_type"` // "exact", "similar", "typo"
	SimilarityScore float64 `json:"similarity_score"`
	Registry        string  `json:"registry"`
	IsInternal      bool    `json:"is_internal"`
}

NamespaceCollision represents a potential namespace collision

type Options 

type Options struct {
	DeepAnalysis        bool
	SimilarityThreshold float64
}

Options contains options for the detection engine

type ReputationData 

type ReputationData struct {
	PackageName     string                 `json:"package_name"`
	Registry        string                 `json:"registry"`
	ReputationScore float64                `json:"reputation_score"`
	TrustLevel      string                 `json:"trust_level"`
	DownloadCount   int64                  `json:"download_count"`
	MaintainerCount int                    `json:"maintainer_count"`
	LastUpdated     time.Time              `json:"last_updated"`
	CreatedAt       time.Time              `json:"created_at"`
	Vulnerabilities []VulnerabilityInfo    `json:"vulnerabilities"`
	MalwareReports  []MalwareReport        `json:"malware_reports"`
	CommunityFlags  []CommunityFlag        `json:"community_flags"`
	Metadata        map[string]interface{} `json:"metadata"`
	CachedAt        time.Time              `json:"cached_at"`
}

ReputationData holds reputation information for a package

type ReputationEngine 

type ReputationEngine struct {
	// contains filtered or unexported fields
}

ReputationEngine analyzes package reputation using multiple data sources

func NewReputationEngine 

func NewReputationEngine(cfg *config.Config) *ReputationEngine

NewReputationEngine creates a new reputation engine

func (*ReputationEngine) Analyze 

func (re *ReputationEngine) Analyze(dep types.Dependency) []types.Threat

Analyze analyzes the reputation of a package (alias for AnalyzeReputation)

func (*ReputationEngine) AnalyzeReputation 

func (re *ReputationEngine) AnalyzeReputation(dep types.Dependency) []types.Threat

AnalyzeReputation analyzes the reputation of a package

func (*ReputationEngine) ClearCache 

func (re *ReputationEngine) ClearCache()

ClearCache clears the reputation cache

func (*ReputationEngine) GetCacheStats 

func (re *ReputationEngine) GetCacheStats() map[string]interface{}

GetCacheStats returns cache statistics

type ScopeAnalysis 

type ScopeAnalysis struct {
	IsPublicRegistry  bool     `json:"is_public_registry"`
	IsPrivateRegistry bool     `json:"is_private_registry"`
	RegistryType      string   `json:"registry_type"`
	ScopeIndicators   []string `json:"scope_indicators"`
	ConfidenceLevel   float64  `json:"confidence_level"`
}

ScopeAnalysis represents the analysis of package scope (public vs private)

type SupplyChainAnomaly 

type SupplyChainAnomaly struct {
	Type        string                 `json:"type"`
	Severity    string                 `json:"severity"`
	Description string                 `json:"description"`
	Evidence    map[string]interface{} `json:"evidence"`
	Timestamp   time.Time              `json:"timestamp"`
}

type SupplyChainDetector 

type SupplyChainDetector struct {
	// contains filtered or unexported fields
}

SupplyChainDetector detects compromised packages and malicious maintainer takeovers

func NewSupplyChainDetector 

func NewSupplyChainDetector(config *config.Config, mlAnalyzer *ml.MLAnalyzer, logger Logger) *SupplyChainDetector

NewSupplyChainDetector creates a new supply chain detector

func (*SupplyChainDetector) Analyze 

func (s *SupplyChainDetector) Analyze(ctx context.Context, pkg *types.Package) (*SupplyChainResult, error)

Analyze performs supply chain analysis on a package

type SupplyChainResult 

type SupplyChainResult struct {
	IsCompromised      bool                   `json:"is_compromised"`
	RiskScore          float64                `json:"risk_score"`
	MaintainerAnalysis MaintainerAnalysis     `json:"maintainer_analysis"`
	VersionAnalysis    VersionAnalysis        `json:"version_analysis"`
	IntegrityAnalysis  IntegrityAnalysis      `json:"integrity_analysis"`
	Anomalies          []SupplyChainAnomaly   `json:"anomalies"`
	Recommendations    []string               `json:"recommendations"`
	Details            map[string]interface{} `json:"details"`
}

SupplyChainResult represents the result of supply chain analysis

type TyposquattingAnalysis 

type TyposquattingAnalysis struct {
	KeyboardErrors     int
	VisualSimilarity   float64
	PhoneticSimilarity float64
	EditDistance       int
	Transpositions     int
	Insertions         int
	Deletions          int
	Substitutions      int
	PrimaryType        string
}

TyposquattingAnalysis contains detailed analysis of typosquatting type

type VersionAnalysis 

type VersionAnalysis struct {
	VersionHistory    []VersionInfo      `json:"version_history"`
	UnusualPatterns   []string           `json:"unusual_patterns"`
	ReleaseFrequency  float64            `json:"release_frequency"`
	VersionJumps      []VersionJump      `json:"version_jumps"`
	DependencyChanges []DependencyChange `json:"dependency_changes"`
}

VersionAnalysis represents version pattern and history analysis

type VersionInfo 

type VersionInfo struct {
	Version     string    `json:"version"`
	ReleaseDate time.Time `json:"release_date"`
	Maintainer  string    `json:"maintainer"`
	Changes     []string  `json:"changes"`
	Size        int64     `json:"size"`
}

type VersionJump 

type VersionJump struct {
	FromVersion string  `json:"from_version"`
	ToVersion   string  `json:"to_version"`
	JumpSize    float64 `json:"jump_size"`
	Suspicious  bool    `json:"suspicious"`
}

type VulnerabilityInfo 

type VulnerabilityInfo struct {
	CVE         string    `json:"cve"`
	Severity    string    `json:"severity"`
	Description string    `json:"description"`
	PublishedAt time.Time `json:"published_at"`
	FixedIn     string    `json:"fixed_in"`
}

VulnerabilityInfo represents a known vulnerability

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.