Documentation
¶
Index ¶
- type AnalysisResult
- type Config
- type DependencyAnalysis
- type EnvironmentAccess
- type FileOperation
- type Finding
- type InstallScriptAnalysis
- type LicenseIssue
- type ManifestAnalysis
- type NetworkCall
- type PermissionChange
- type ScriptPattern
- type StaticAnalyzer
- type SuspiciousCommand
- type SuspiciousField
- type VersionAnomaly
- type YaraMatch
- type YaraRule
- type YaraRuleMatch
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnalysisResult ¶
type AnalysisResult struct {
PackageName string `json:"package_name"`
Registry string `json:"registry"`
AnalysisTimestamp time.Time `json:"analysis_timestamp"`
// Install script analysis
InstallScripts []InstallScriptAnalysis `json:"install_scripts"`
// Manifest analysis
Manifests []ManifestAnalysis `json:"manifests"`
// YARA rule matches
YaraMatches []YaraMatch `json:"yara_matches"`
// Overall assessment
RiskScore float64 `json:"risk_score"`
ThreatLevel string `json:"threat_level"`
Findings []Finding `json:"findings"`
Warnings []string `json:"warnings"`
Recommendations []string `json:"recommendations"`
// Metadata
ProcessingTime time.Duration `json:"processing_time"`
FilesAnalyzed int `json:"files_analyzed"`
TotalFileSize int64 `json:"total_file_size"`
}
AnalysisResult represents static analysis results
type Config ¶
type Config struct {
Enabled bool `yaml:"enabled"`
AnalyzeInstallScripts bool `yaml:"analyze_install_scripts"`
AnalyzeManifests bool `yaml:"analyze_manifests"`
YaraRulesEnabled bool `yaml:"yara_rules_enabled"`
YaraRulesPath string `yaml:"yara_rules_path"`
SuspiciousCommands []string `yaml:"suspicious_commands"`
DangerousPermissions []string `yaml:"dangerous_permissions"`
MaxFileSize int64 `yaml:"max_file_size"`
Timeout string `yaml:"timeout"`
Verbose bool `yaml:"verbose"`
}
Config contains static analyzer configuration
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns default static analyzer configuration
type DependencyAnalysis ¶
type DependencyAnalysis struct {
Name string `json:"name"`
Version string `json:"version"`
Type string `json:"type"`
Source string `json:"source"`
SuspiciousFlags []string `json:"suspicious_flags"`
RiskScore float64 `json:"risk_score"`
}
DependencyAnalysis represents analysis of dependencies
type EnvironmentAccess ¶
type EnvironmentAccess struct {
Variable string `json:"variable"`
Operation string `json:"operation"`
LineNumber int `json:"line_number"`
Context string `json:"context"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
Confidence float64 `json:"confidence"`
}
EnvironmentAccess represents environment variable access
type FileOperation ¶
type FileOperation struct {
Operation string `json:"operation"`
Path string `json:"path"`
LineNumber int `json:"line_number"`
Context string `json:"context"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
Confidence float64 `json:"confidence"`
}
FileOperation represents file system operations
type Finding ¶
type Finding struct {
ID string `json:"id"`
Type string `json:"type"`
Severity string `json:"severity"`
Title string `json:"title"`
Description string `json:"description"`
File string `json:"file"`
Line int `json:"line,omitempty"`
Evidence string `json:"evidence"`
Remediation string `json:"remediation"`
Confidence float64 `json:"confidence"`
Metadata map[string]string `json:"metadata"`
}
Finding represents a security finding
type InstallScriptAnalysis ¶
type InstallScriptAnalysis struct {
FilePath string `json:"file_path"`
ScriptType string `json:"script_type"`
FileSize int64 `json:"file_size"`
SuspiciousCommands []SuspiciousCommand `json:"suspicious_commands"`
NetworkCalls []NetworkCall `json:"network_calls"`
FileOperations []FileOperation `json:"file_operations"`
PermissionChanges []PermissionChange `json:"permission_changes"`
EnvironmentAccess []EnvironmentAccess `json:"environment_access"`
RiskScore float64 `json:"risk_score"`
Recommendation string `json:"recommendation"`
}
InstallScriptAnalysis represents analysis of installation scripts
type LicenseIssue ¶
type LicenseIssue struct {
Type string `json:"type"`
Description string `json:"description"`
RiskLevel string `json:"risk_level"`
Confidence float64 `json:"confidence"`
}
LicenseIssue represents license-related issues
type ManifestAnalysis ¶
type ManifestAnalysis struct {
FilePath string `json:"file_path"`
ManifestType string `json:"manifest_type"`
FileSize int64 `json:"file_size"`
Dependencies []DependencyAnalysis `json:"dependencies"`
Scripts map[string]string `json:"scripts"`
SuspiciousFields []SuspiciousField `json:"suspicious_fields"`
MissingFields []string `json:"missing_fields"`
VersionAnomalies []VersionAnomaly `json:"version_anomalies"`
LicenseIssues []LicenseIssue `json:"license_issues"`
RiskScore float64 `json:"risk_score"`
Recommendation string `json:"recommendation"`
}
ManifestAnalysis represents analysis of package manifests
type NetworkCall ¶
type NetworkCall struct {
URL string `json:"url"`
Method string `json:"method"`
LineNumber int `json:"line_number"`
Context string `json:"context"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
Confidence float64 `json:"confidence"`
}
NetworkCall represents network-related operations
type PermissionChange ¶
type PermissionChange struct {
Path string `json:"path"`
Permissions string `json:"permissions"`
LineNumber int `json:"line_number"`
Context string `json:"context"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
Confidence float64 `json:"confidence"`
}
PermissionChange represents permission modifications
type ScriptPattern ¶
type ScriptPattern struct {
Name string `yaml:"name"`
Pattern string `yaml:"pattern"`
Description string `yaml:"description"`
RiskLevel string `yaml:"risk_level"`
Confidence float64 `yaml:"confidence"`
Enabled bool `yaml:"enabled"`
}
ScriptPattern represents patterns for script analysis
type StaticAnalyzer ¶
type StaticAnalyzer struct {
// contains filtered or unexported fields
}
StaticAnalyzer performs static analysis on packages
func NewStaticAnalyzer ¶
func NewStaticAnalyzer(config *Config) (*StaticAnalyzer, error)
NewStaticAnalyzer creates a new static analyzer
func (*StaticAnalyzer) AnalyzePackage ¶
func (sa *StaticAnalyzer) AnalyzePackage(ctx context.Context, packagePath string) (*AnalysisResult, error)
AnalyzePackage performs static analysis on a package
type SuspiciousCommand ¶
type SuspiciousCommand struct {
Command string `json:"command"`
LineNumber int `json:"line_number"`
Context string `json:"context"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
Confidence float64 `json:"confidence"`
}
SuspiciousCommand represents a suspicious command found in scripts
type SuspiciousField ¶
type SuspiciousField struct {
Field string `json:"field"`
Value string `json:"value"`
Reason string `json:"reason"`
RiskLevel string `json:"risk_level"`
Confidence float64 `json:"confidence"`
}
SuspiciousField represents suspicious manifest fields
type VersionAnomaly ¶
type VersionAnomaly struct {
Type string `json:"type"`
Description string `json:"description"`
RiskLevel string `json:"risk_level"`
Confidence float64 `json:"confidence"`
}
VersionAnomaly represents version-related anomalies
type YaraMatch ¶
type YaraMatch struct {
RuleName string `json:"rule_name"`
FileName string `json:"file_name"`
Matches []YaraRuleMatch `json:"matches"`
Metadata map[string]string `json:"metadata"`
RiskLevel string `json:"risk_level"`
Description string `json:"description"`
}
YaraMatch represents YARA rule matches
type YaraRule ¶
type YaraRule struct {
Name string `yaml:"name"`
Description string `yaml:"description"`
Severity string `yaml:"severity"`
Patterns []string `yaml:"patterns"`
Condition string `yaml:"condition"`
Metadata map[string]string `yaml:"metadata"`
Enabled bool `yaml:"enabled"`
}
YaraRule represents a YARA-like detection rule
Source Files
Click to show internal directories.
Click to hide internal directories.