Documentation
¶
Overview ¶
Package safety implements static analysis for shell command safety evaluation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CommandAnalyzer ¶
type CommandAnalyzer struct {
// contains filtered or unexported fields
}
CommandAnalyzer performs static analysis on shell commands.
func NewCommandAnalyzer ¶
func NewCommandAnalyzer(policy Policy) *CommandAnalyzer
NewCommandAnalyzer creates an analyzer with the given policy.
func (*CommandAnalyzer) Analyze ¶
func (a *CommandAnalyzer) Analyze(cmd string) (*CommandVerdict, error)
Analyze parses and evaluates a command for safety.
type CommandVerdict ¶
type CommandVerdict struct {
Safe bool `json:"safe"`
Reason string `json:"reason,omitempty"`
Risks []Risk `json:"risks,omitempty"`
}
CommandVerdict is the analysis result for a command.
type Policy ¶
type Policy struct {
Mode PolicyMode `yaml:"mode" json:"mode"`
AllowedCommands []string `yaml:"allowed_commands,omitempty" json:"allowed_commands,omitempty"`
BlockedPatterns []string `yaml:"blocked_patterns,omitempty" json:"blocked_patterns,omitempty"`
BlockPipeToShell bool `yaml:"block_pipe_to_shell" json:"block_pipe_to_shell"`
BlockScriptExec bool `yaml:"block_script_execution" json:"block_script_execution"`
EnableStaticAnalysis bool `yaml:"enable_static_analysis" json:"enable_static_analysis"`
MaxCommandLength int `yaml:"max_command_length" json:"max_command_length"`
}
Policy configures the command analyzer.
type PolicyMode ¶
type PolicyMode string
PolicyMode determines how commands are evaluated.
const ( ModeAllowlist PolicyMode = "allowlist" ModeBlocklist PolicyMode = "blocklist" ModeDisabled PolicyMode = "disabled" )
Source Files
Click to show internal directories.
Click to hide internal directories.