permissions

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BannedPrefixes = []string{

	"bash",
	"sh",
	"zsh",
	"fish",
	"dash",

	"python",
	"node",
	"ruby",
	"perl",
	"lua",

	"eval",
	"exec",
	"source",
}

BannedPrefixes lists patterns that should NEVER be saved as approved commands.

View Source 
var ErrCircuitBreakerOpen = errors.New("guardian circuit breaker open: too many consecutive denials, falling back to user")

ErrCircuitBreakerOpen is returned when the guardian has denied too many consecutive requests and should fall back to user prompting.

Functions

func DefaultBlockedCommands added in v0.2.0 

func DefaultBlockedCommands() []string

DefaultBlockedCommands returns the default list of commands that should be blocked.

func DefaultBlockedPaths added in v0.2.0 

func DefaultBlockedPaths() []string

DefaultBlockedPaths returns the default list of paths that should be blocked.

func DefaultPath 

func DefaultPath(projectDir string) string

DefaultPath returns the default permissions file path for a project directory.

func DetectEncoding added in v0.2.0 

func DetectEncoding(text string) string

DetectEncoding determines the encoding category of text. Returns "utf8", "ascii", "binary", or "mixed".

func DetectSuspiciousPatterns added in v0.2.0 

func DetectSuspiciousPatterns(content string) []string

func FormatChanges added in v0.2.0 

func FormatChanges(result *SanitizeResult) string

FormatChanges produces a human-readable summary of all sanitization changes.

func FormatCheckResult added in v0.2.0 

func FormatCheckResult(result *CheckResult) string

FormatCheckResult produces a human-readable report for a check result.

func FormatHistory added in v0.2.0 

func FormatHistory(history []*ApprovalRequest, limit int) string

FormatHistory formats the approval history for display.

func FormatRequest added in v0.2.0 

func FormatRequest(req *ApprovalRequest) string

FormatRequest formats an approval request for display to the user.

func FormatResult added in v0.2.0 

func FormatResult(result *ScanResult) string

FormatResult produces a human-readable string representation of a ScanResult.

func FormatViolation added in v0.2.0 

func FormatViolation(v *BoundaryViolation) string

FormatViolation formats a BoundaryViolation into a human-readable string.

func IsSuspicious added in v0.2.0 

func IsSuspicious(content string) bool

func SanitizeFilePath added in v0.2.0 

func SanitizeFilePath(path string) (string, error)

SanitizeFilePath validates and normalizes a file path, preventing traversal attacks.

func SanitizeJSON added in v0.2.0 

func SanitizeJSON(input string) string

SanitizeJSON removes potentially dangerous keys from JSON input. It strips __proto__, constructor, and prototype keys to prevent prototype pollution.

func Save 

func Save(path string, rules []Rule) error

Save serializes permission rules to a JSON file atomically.

func StripANSI added in v0.2.0 

func StripANSI(text string) string

StripANSI removes ANSI escape sequences from text.

func WrapExternalContent added in v0.2.0 

func WrapExternalContent(content string, opts WrapOptions) string

func WrapWebContent added in v0.2.0 

func WrapWebContent(content string, source ContentSource) string

Types

type Action added in v0.2.0 

type Action string

Action represents the permission action to take for a tool invocation. 

const (
	ActionAllow Action = "allow"
	ActionDeny  Action = "deny"
	ActionAsk   Action = "ask"
)

type ApprovalPolicy added in v0.2.0 

type ApprovalPolicy struct {
	Name          string
	Tools         []string
	RiskLevel     string
	AutoApprove   bool
	RequireReason bool
	Timeout       time.Duration
	MaxPending    int
}

ApprovalPolicy defines rules for how approval requests are handled.

type ApprovalRequest added in v0.2.0 

type ApprovalRequest struct {
	ID          string
	Tool        string
	Args        map[string]interface{}
	Risk        string
	Description string
	CreatedAt   time.Time
	Status      string // "pending", "approved", "denied", "expired"
	ExpiresAt   time.Time
	Reason      string
}

ApprovalRequest represents a request for approval of a high-risk operation.

type ApprovalWorkflow added in v0.2.0 

type ApprovalWorkflow struct {
	Policies []ApprovalPolicy
	Pending  []*ApprovalRequest
	History  []*ApprovalRequest
	PromptFn func(*ApprovalRequest) (bool, string)
	// contains filtered or unexported fields
}

ApprovalWorkflow manages the approval process for destructive or high-risk operations.

func NewApprovalWorkflow added in v0.2.0 

func NewApprovalWorkflow(promptFn func(*ApprovalRequest) (bool, string)) *ApprovalWorkflow

NewApprovalWorkflow creates an ApprovalWorkflow with default policies and the given prompt function.

func (*ApprovalWorkflow) AddPolicy added in v0.2.0 

func (wf *ApprovalWorkflow) AddPolicy(policy ApprovalPolicy)

AddPolicy adds a new approval policy to the workflow.

func (*ApprovalWorkflow) Approve added in v0.2.0 

func (wf *ApprovalWorkflow) Approve(id, reason string) error

Approve approves the pending request with the given ID.

func (*ApprovalWorkflow) CheckPolicy added in v0.2.0 

func (wf *ApprovalWorkflow) CheckPolicy(tool string, risk string) *ApprovalPolicy

CheckPolicy finds the matching policy for a tool and risk level.

func (*ApprovalWorkflow) Deny added in v0.2.0 

func (wf *ApprovalWorkflow) Deny(id, reason string) error

Deny denies the pending request with the given ID.

func (*ApprovalWorkflow) ExpirePending added in v0.2.0 

func (wf *ApprovalWorkflow) ExpirePending()

ExpirePending marks all expired pending requests.

func (*ApprovalWorkflow) GetPending added in v0.2.0 

func (wf *ApprovalWorkflow) GetPending() []*ApprovalRequest

GetPending returns all currently pending approval requests.

func (*ApprovalWorkflow) IsApproved added in v0.2.0 

func (wf *ApprovalWorkflow) IsApproved(id string) bool

IsApproved returns true if the request with the given ID has been approved.

func (*ApprovalWorkflow) RequestApproval added in v0.2.0 

func (wf *ApprovalWorkflow) RequestApproval(tool string, args map[string]interface{}, risk string) (*ApprovalRequest, error)

RequestApproval creates an approval request for the given tool invocation. If the matching policy auto-approves, the request is approved immediately. Otherwise, the PromptFn is called to ask the user.

type AskRecord 

type AskRecord struct {
	ToolName string
	Summary  string
	Allowed  bool
	Count    int
}

AskRecord records a permission decision.

type AutoModeState 

type AutoModeState struct {
	// contains filtered or unexported fields
}

AutoModeState tracks auto-allow decisions for learning user preferences.

func NewAutoModeState 

func NewAutoModeState() *AutoModeState

NewAutoModeState creates a new auto-mode state.

func (*AutoModeState) Record 

func (a *AutoModeState) Record(toolName, summary string, allowed bool)

Record records a permission decision.

func (*AutoModeState) ShouldAutoAllow 

func (a *AutoModeState) ShouldAutoAllow(toolName, summary string) (bool, bool)

ShouldAutoAllow checks if a tool should be automatically allowed.

type BoundaryChecker added in v0.2.0 

type BoundaryChecker struct {
	ProjectRoot     string
	AllowedPaths    []string
	BlockedPaths    []string
	AllowedCommands []string
	BlockedCommands []string
	MaxFileSize     int64
	MaxFiles        int
	FilesModified   int
	// contains filtered or unexported fields
}

BoundaryChecker enforces safety boundaries that prevent the agent from performing actions outside its authorized scope.

func NewBoundaryChecker added in v0.2.0 

func NewBoundaryChecker(projectRoot string) *BoundaryChecker

NewBoundaryChecker creates a new BoundaryChecker with sensible defaults.

func (*BoundaryChecker) CheckCommand added in v0.2.0 

func (bc *BoundaryChecker) CheckCommand(command string) *BoundaryViolation

CheckCommand verifies that a command is not in the blocked list and does not attempt privilege escalation or dangerous system operations.

func (*BoundaryChecker) CheckEnvironment added in v0.2.0 

func (bc *BoundaryChecker) CheckEnvironment(key string) *BoundaryViolation

CheckEnvironment verifies that access to sensitive environment variables is blocked.

func (*BoundaryChecker) CheckFileCount added in v0.2.0 

func (bc *BoundaryChecker) CheckFileCount() *BoundaryViolation

CheckFileCount verifies that the number of modified files has not exceeded the session limit.

func (*BoundaryChecker) CheckFileSize added in v0.2.0 

func (bc *BoundaryChecker) CheckFileSize(path string, size int64) *BoundaryViolation

CheckFileSize verifies that a file write does not exceed the maximum allowed size.

func (*BoundaryChecker) CheckNetwork added in v0.2.0 

func (bc *BoundaryChecker) CheckNetwork(host string, port int) *BoundaryViolation

CheckNetwork verifies that network connections are not targeting internal/private networks or cloud metadata endpoints.

func (*BoundaryChecker) CheckPath added in v0.2.0 

func (bc *BoundaryChecker) CheckPath(path string) *BoundaryViolation

CheckPath verifies that a given path is within the authorized project boundary.

func (*BoundaryChecker) IsWithinProject added in v0.2.0 

func (bc *BoundaryChecker) IsWithinProject(path string) bool

IsWithinProject checks whether a path resolves to within the project root.

func (*BoundaryChecker) RecordModification added in v0.2.0 

func (bc *BoundaryChecker) RecordModification(path string)

RecordModification tracks a file modification for MaxFiles enforcement.

func (*BoundaryChecker) RecordViolation added in v0.2.0 

func (bc *BoundaryChecker) RecordViolation(v *BoundaryViolation)

RecordViolation stores a violation for tracking purposes.

func (*BoundaryChecker) Summary added in v0.2.0 

func (bc *BoundaryChecker) Summary() string

Summary returns a summary of the current session's boundary state.

type BoundaryViolation added in v0.2.0 

type BoundaryViolation struct {
	Type        string // "path", "command", "size", "count", "network", "env"
	Description string
	Attempted   string
	Allowed     string
	Severity    string // "LOW", "MEDIUM", "HIGH", "CRITICAL"
}

BoundaryViolation represents a single boundary violation detected by the checker.

type BypassKillswitch 

type BypassKillswitch struct {
	// contains filtered or unexported fields
}

BypassKillswitch disables permission checks globally.

func NewBypassKillswitch 

func NewBypassKillswitch() *BypassKillswitch

NewBypassKillswitch creates a new bypass killswitch.

func (*BypassKillswitch) Disable 

func (b *BypassKillswitch) Disable()

Disable disables the bypass killswitch.

func (*BypassKillswitch) Enable 

func (b *BypassKillswitch) Enable()

Enable enables the bypass killswitch.

func (*BypassKillswitch) IsEnabled 

func (b *BypassKillswitch) IsEnabled() bool

IsEnabled checks if the bypass killswitch is enabled.

type Canonicalizer added in v0.2.0 

type Canonicalizer struct{}

Canonicalizer normalizes shell commands for stable approval caching. It is stateless and safe for concurrent use.

func NewCanonicalizer added in v0.2.0 

func NewCanonicalizer() *Canonicalizer

NewCanonicalizer creates a new Canonicalizer instance.

func (*Canonicalizer) Canonicalize added in v0.2.0 

func (c *Canonicalizer) Canonicalize(command string) string

Canonicalize normalizes a shell command for consistent matching.

func (*Canonicalizer) ExtractBaseCommand added in v0.2.0 

func (c *Canonicalizer) ExtractBaseCommand(command string) string

ExtractBaseCommand returns just the binary name from a command.

func (*Canonicalizer) ExtractSubcommand added in v0.2.0 

func (c *Canonicalizer) ExtractSubcommand(command string) string

ExtractSubcommand returns the binary name plus its first non-flag argument.

func (*Canonicalizer) GeneratePattern added in v0.2.0 

func (c *Canonicalizer) GeneratePattern(command string) string

GeneratePattern creates a glob pattern that would match this command and similar ones.

func (*Canonicalizer) IsBannedPrefix added in v0.2.0 

func (c *Canonicalizer) IsBannedPrefix(command string) bool

IsBannedPrefix checks if a command starts with a banned prefix.

func (*Canonicalizer) IsEquivalent added in v0.2.0 

func (c *Canonicalizer) IsEquivalent(cmd1, cmd2 string) bool

IsEquivalent checks if two commands are semantically the same for permission purposes.

type CheckResult added in v0.2.0 

type CheckResult struct {
	Package        string
	Safe           bool
	Advisories     []string
	Severity       string
	Recommendation string
	CheckedAt      time.Time
}

CheckResult represents the outcome of a package safety check.

type Classifier 

type Classifier struct {
	// contains filtered or unexported fields
}

Classifier classifies commands as safe or dangerous.

func NewClassifier 

func NewClassifier() *Classifier

NewClassifier creates a new permission classifier.

func (*Classifier) Classify 

func (c *Classifier) Classify(command string) string

Classify classifies a command as safe, unsafe, or unknown.

type ContentSource added in v0.2.0 

type ContentSource string
const (
	SourceEmail     ContentSource = "email"
	SourceWebhook   ContentSource = "webhook"
	SourceAPI       ContentSource = "api"
	SourceBrowser   ContentSource = "browser"
	SourceWebSearch ContentSource = "web_search"
	SourceWebFetch  ContentSource = "web_fetch"
	SourceUnknown   ContentSource = "unknown"
)

type Destination added in v0.2.0 

type Destination struct {
	Host       string
	Port       int
	Protocol   string
	Source     string
	Suspicious bool
}

Destination represents a network destination extracted from a command.

type EgressAttempt added in v0.2.0 

type EgressAttempt struct {
	Command      string
	Destinations []Destination
	Allowed      bool
	Reason       string
}

EgressAttempt represents the result of inspecting a command for egress activity.

type EgressInspector added in v0.2.0 

type EgressInspector struct {
	AllowedDomains   []string
	BlockedDomains   []string
	AllowedProtocols []string
	// contains filtered or unexported fields
}

EgressInspector detects and blocks data exfiltration attempts in shell commands by checking outbound network destinations before execution.

func NewEgressInspector added in v0.2.0 

func NewEgressInspector() *EgressInspector

NewEgressInspector creates an EgressInspector with sensible defaults.

func (*EgressInspector) AddAllowed added in v0.2.0 

func (e *EgressInspector) AddAllowed(domain string)

AddAllowed adds a domain to the allowed list.

func (*EgressInspector) AddBlocked added in v0.2.0 

func (e *EgressInspector) AddBlocked(domain string)

AddBlocked adds a domain to the blocked list.

func (*EgressInspector) ExtractNetcat added in v0.2.0 

func (e *EgressInspector) ExtractNetcat(command string) []string

ExtractNetcat parses nc/netcat host port patterns.

func (*EgressInspector) ExtractSSHDests added in v0.2.0 

func (e *EgressInspector) ExtractSSHDests(command string) []string

ExtractSSHDests parses ssh user@host, scp user@host:path patterns.

func (*EgressInspector) ExtractURLs added in v0.2.0 

func (e *EgressInspector) ExtractURLs(command string) []string

ExtractURLs finds all URLs in the command (http://, https://, git://, ssh://).

func (*EgressInspector) FormatAttempt added in v0.2.0 

func (e *EgressInspector) FormatAttempt(attempt *EgressAttempt) string

FormatAttempt produces a human-readable report of an egress inspection.

func (*EgressInspector) Inspect added in v0.2.0 

func (e *EgressInspector) Inspect(command string) *EgressAttempt

Inspect analyzes a command for network egress destinations and returns an EgressAttempt indicating whether the command is allowed.

func (*EgressInspector) IsAllowed added in v0.2.0 

func (e *EgressInspector) IsAllowed(host string) bool

IsAllowed checks whether a host is permitted based on allow/block lists. Blocked takes precedence over allowed.

func (*EgressInspector) IsSuspicious added in v0.2.0 

func (e *EgressInspector) IsSuspicious(command string) bool

IsSuspicious detects patterns commonly associated with data exfiltration.

type Guardian added in v0.2.0 

type Guardian struct {
	Enabled               bool
	Provider              string
	Model                 string
	Timeout               time.Duration
	MaxConsecutiveDenials int

	ChatFn func(ctx context.Context, prompt string) (string, error)
	// contains filtered or unexported fields
}

Guardian is an LLM-powered automatic permission reviewer that decides permissions on behalf of the user, reducing approval fatigue.

func NewGuardian added in v0.2.0 

func NewGuardian(chatFn func(context.Context, string) (string, error)) *Guardian

NewGuardian creates a new Guardian with sensible defaults.

func (*Guardian) ResetCircuitBreaker added in v0.2.0 

func (g *Guardian) ResetCircuitBreaker()

ResetCircuitBreaker resets the consecutive denial counter.

func (*Guardian) Review added in v0.2.0 

func (g *Guardian) Review(ctx context.Context, req GuardianRequest) (*GuardianDecision, error)

Review evaluates a tool call and returns a decision on whether it should be allowed.

type GuardianDecision added in v0.2.0 

type GuardianDecision struct {
	Allowed    bool    `json:"allowed"`
	Reason     string  `json:"reason"`
	Confidence float64 `json:"confidence"`
}

GuardianDecision represents the guardian's decision on a permission request.

type GuardianRequest added in v0.2.0 

type GuardianRequest struct {
	ToolName            string
	Arguments           map[string]interface{}
	ConversationContext string
	ProjectDescription  string
}

GuardianRequest represents a permission review request.

type InjectionPattern added in v0.2.0 

type InjectionPattern struct {
	Name     string
	Pattern  *regexp.Regexp
	Severity string // "critical", "high", "medium", "low"
	Category string // "system_override", "data_exfil", "role_hijack", "instruction_leak"
}

InjectionPattern defines a single pattern used to detect prompt injection attempts.

type InjectionScanner added in v0.2.0 

type InjectionScanner struct {
	Patterns  []*InjectionPattern
	Threshold float64
	// contains filtered or unexported fields
}

InjectionScanner detects malicious prompt injection attempts in user input and tool outputs.

func NewInjectionScanner added in v0.2.0 

func NewInjectionScanner() *InjectionScanner

NewInjectionScanner creates an InjectionScanner pre-loaded with 30+ detection patterns.

func (*InjectionScanner) DetectUnicodeAttacks added in v0.2.0 

func (s *InjectionScanner) DetectUnicodeAttacks(text string) []Threat

DetectUnicodeAttacks identifies homoglyphs, zero-width characters, bidirectional overrides, and invisible separators.

func (*InjectionScanner) IsHighEntropy added in v0.2.0 

func (s *InjectionScanner) IsHighEntropy(text string) bool

IsHighEntropy detects potential encoded payloads by calculating Shannon entropy. Text with entropy above 4.5 bits per character is considered suspicious.

func (*InjectionScanner) Scan added in v0.2.0 

func (s *InjectionScanner) Scan(text string) *ScanResult

Scan analyzes text for injection attempts and returns a structured result.

func (*InjectionScanner) ScanToolOutput added in v0.2.0 

func (s *InjectionScanner) ScanToolOutput(output string) *ScanResult

ScanToolOutput scans tool output for injection attempts that might be embedded in data returned by external tools (poisoned responses).

type InputSanitizer added in v0.2.0 

type InputSanitizer struct {
	MaxLength        int
	StripInvisible   bool
	NormalizeUnicode bool
	// contains filtered or unexported fields
}

InputSanitizer cleans and validates all inputs before they reach the LLM, preventing injection, encoding attacks, and malformed data.

func NewInputSanitizer added in v0.2.0 

func NewInputSanitizer() *InputSanitizer

NewInputSanitizer creates an InputSanitizer with sensible defaults.

func (*InputSanitizer) Sanitize added in v0.2.0 

func (s *InputSanitizer) Sanitize(input string) *SanitizeResult

Sanitize applies all sanitization steps to the input and returns a detailed result.

type MalwareEntry added in v0.2.0 

type MalwareEntry struct {
	Package     string
	Ecosystem   string // "npm", "pypi", "go", "crates"
	Advisory    string
	Severity    string // "CRITICAL", "HIGH", "MEDIUM", "LOW"
	Description string
	DateAdded   time.Time
}

MalwareEntry represents a known malicious package in the database.

type OSVChecker added in v0.2.0 

type OSVChecker struct {
	KnownMalware map[string]*MalwareEntry
	Cache        map[string]*CheckResult
	CacheTTL     time.Duration
	// contains filtered or unexported fields
}

OSVChecker checks packages against a known malware database before installation.

func NewOSVChecker added in v0.2.0 

func NewOSVChecker() *OSVChecker

NewOSVChecker creates an OSVChecker pre-populated with known malicious packages.

func (*OSVChecker) CheckCommand added in v0.2.0 

func (c *OSVChecker) CheckCommand(command string) *CheckResult

CheckCommand parses a shell command to extract and check the package being installed.

func (*OSVChecker) CheckPackage added in v0.2.0 

func (c *OSVChecker) CheckPackage(name, ecosystem string) *CheckResult

CheckPackage checks whether a package is known to be malicious.

func (*OSVChecker) DetectSuspiciousName added in v0.2.0 

func (c *OSVChecker) DetectSuspiciousName(name string) []string

DetectSuspiciousName identifies red flags in a package name.

func (*OSVChecker) IsTyposquat added in v0.2.0 

func (c *OSVChecker) IsTyposquat(name, ecosystem string) bool

IsTyposquat checks whether a package name appears to be a typosquat of a popular package.

func (*OSVChecker) RefreshDatabase added in v0.2.0 

func (c *OSVChecker) RefreshDatabase() error

RefreshDatabase is a placeholder for future OSV API integration. In production, this would fetch the latest advisories from https://api.osv.dev/v1/query.

type Rule 

type Rule struct {
	Tool    string `json:"tool"`    // tool name or "*" for all
	Pattern string `json:"pattern"` // glob pattern for arguments (e.g., "/tmp/*", "*.go", "go test*")
	Action  Action `json:"action"`
	Reason  string `json:"reason,omitempty"` // optional explanation
}

Rule defines a single permission rule mapping a tool and argument pattern to an action.

func Load 

func Load(path string) ([]Rule, error)

Load deserializes permission rules from a JSON file.

func ParseRuleLine added in v0.2.0 

func ParseRuleLine(line string) (*Rule, error)

ParseRuleLine parses a single rule line into a Rule. Format: <action> <tool> <pattern> The pattern may be quoted to include spaces.

type RuleSet added in v0.2.0 

type RuleSet struct {
	Rules []Rule
	// contains filtered or unexported fields
}

RuleSet holds an ordered collection of permission rules.

func NewRuleSet added in v0.2.0 

func NewRuleSet() *RuleSet

NewRuleSet creates a new empty RuleSet.

func (*RuleSet) AddRule added in v0.2.0 

func (rs *RuleSet) AddRule(rule Rule)

AddRule appends a rule to the end of the RuleSet.

func (*RuleSet) Evaluate added in v0.2.0 

func (rs *RuleSet) Evaluate(toolName string, args map[string]interface{}) Action

Evaluate checks the rules in order and returns the action for the given tool and args. First matching rule wins. Returns ActionAsk if no rules match.

func (*RuleSet) LoadFromFile added in v0.2.0 

func (rs *RuleSet) LoadFromFile(path string) error

LoadFromFile parses a .hawk/rules file and populates the RuleSet.

func (*RuleSet) RemoveRule added in v0.2.0 

func (rs *RuleSet) RemoveRule(index int) error

RemoveRule removes the rule at the given index.

func (*RuleSet) SaveToFile added in v0.2.0 

func (rs *RuleSet) SaveToFile(path string) error

SaveToFile writes the rules to a file in the .hawk/rules format.

type SanitizeChange added in v0.2.0 

type SanitizeChange struct {
	Type        string // "stripped", "normalized", "truncated", "escaped"
	Position    int
	Original    string
	Replacement string
}

SanitizeChange describes a single modification made during sanitization.

func NormalizeHomoglyphs added in v0.2.0 

func NormalizeHomoglyphs(text string) (string, []SanitizeChange)

NormalizeHomoglyphs detects mixed Latin+Cyrillic scripts and replaces Cyrillic lookalikes with Latin equivalents. Pure Cyrillic text is left alone.

func StripInvisibleChars added in v0.2.0 

func StripInvisibleChars(text string) (string, []SanitizeChange)

StripInvisibleChars removes invisible Unicode characters from text. This includes zero-width space/joiner/non-joiner, BOM markers, bidirectional overrides, invisible separators, and tag characters.

type SanitizeResult added in v0.2.0 

type SanitizeResult struct {
	Clean       string
	Original    string
	Changes     []SanitizeChange
	WasModified bool
}

SanitizeResult holds the outcome of sanitizing an input string.

type ScanResult added in v0.2.0 

type ScanResult struct {
	IsSafe         bool
	Threats        []Threat
	Score          float64
	Recommendation string
}

ScanResult contains the outcome of scanning text for injection attempts.

type ShadowedRuleDetector 

type ShadowedRuleDetector struct{}

ShadowedRuleDetector detects when permission rules shadow each other.

func (*ShadowedRuleDetector) DetectShadowedRules 

func (d *ShadowedRuleDetector) DetectShadowedRules(allowRules, denyRules []string) []string

DetectShadowedRules finds shadowed permission rules.

type Threat added in v0.2.0 

type Threat struct {
	Pattern  string
	Category string
	Severity string
	Match    string
	Position int
}

Threat represents a detected injection threat with context about the match.

type WrapOptions added in v0.2.0 

type WrapOptions struct {
	Source         ContentSource
	Sender         string
	Subject        string
	IncludeWarning bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.