security

package

v1.3.0 Latest Latest Go to latest Published: Mar 23, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/EvilBit-Labs/opnDossier

Links

Open Source Insights

Documentation ¶

Overview ¶

Package security provides security impact scoring for configuration changes.

Index ¶

type ChangeInput
type Pattern
- func DefaultPatterns() []Pattern
type RiskItem
type RiskSummary
- func (r *RiskSummary) HasRisks() bool
type Scorer
- func NewScorer() *Scorer
- func NewScorerWithPatterns(patterns []Pattern) *Scorer
- func (s *Scorer) Score(change ChangeInput) string
- func (s *Scorer) ScoreAll(changes []ChangeInput) RiskSummary

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ChangeInput ¶

type ChangeInput struct {
	Type           string // "added", "removed", "modified", "reordered"
	Section        string // "firewall", "system", "nat", etc.
	Path           string // Configuration path
	Description    string
	SecurityImpact string // Existing impact from analyzer (preserved if non-empty)
}

ChangeInput is the minimal change information needed for security scoring. This avoids an import cycle with the parent diff package.

type Pattern ¶

type Pattern struct {
	Name        string
	Description string
	Section     string         // Section to match (empty = any)
	PathRegex   *regexp.Regexp // Path regex to match (nil = any)
	ChangeType  string         // Change type to match (empty = any)
	Impact      string         // Impact level: "high", "medium", "low"
}

Pattern defines a security impact matching rule.

func DefaultPatterns ¶

func DefaultPatterns() []Pattern

DefaultPatterns returns the built-in security impact patterns. These augment the context-specific scoring in the analyzer (e.g., isPermissiveRule) by providing pattern-based scoring for changes that lack explicit SecurityImpact.

type RiskItem ¶

type RiskItem struct {
	Path        string `json:"path"`
	Description string `json:"description"`
	Impact      string `json:"impact"`
}

RiskItem describes a single high-priority risk.

type RiskSummary ¶

type RiskSummary struct {
	Score    int        `json:"score"`
	High     int        `json:"high"`
	Medium   int        `json:"medium"`
	Low      int        `json:"low"`
	TopRisks []RiskItem `json:"top_risks,omitempty"`
}

RiskSummary contains aggregate security risk information for a set of changes.

func (*RiskSummary) HasRisks ¶

func (r *RiskSummary) HasRisks() bool

HasRisks returns true if any security impacts were detected.

type Scorer ¶

type Scorer struct {
	// contains filtered or unexported fields
}

Scorer evaluates security impact of configuration changes.

func NewScorer ¶

func NewScorer() *Scorer

NewScorer creates a Scorer with the default security patterns.

func NewScorerWithPatterns ¶

func NewScorerWithPatterns(patterns []Pattern) *Scorer

NewScorerWithPatterns creates a Scorer with custom patterns.

func (*Scorer) Score ¶

func (s *Scorer) Score(change ChangeInput) string

Score evaluates a single change and returns the highest applicable security impact. If the change already has a SecurityImpact set (from analyzer domain logic), it is preserved. Otherwise, the scorer applies pattern-based matching.

func (*Scorer) ScoreAll ¶

func (s *Scorer) ScoreAll(changes []ChangeInput) RiskSummary

ScoreAll computes an aggregate risk summary for a set of changes.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL