audit

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package audit provides agent surface security auditing for hawk-eco. It scans MCP hooks, permissions, and integration points for security issues.

Index

Constants

This section is empty.

Variables

View Source
var (
	CriticalCategories = []Category{
		{Name: "RCE", Description: "Remote Code Execution", Severity: "critical"},
		{Name: "SQL Injection", Description: "SQL Injection vulnerability", Severity: "critical"},
		{Name: "Auth Bypass", Description: "Authentication bypass", Severity: "critical"},
	}

	HighCategories = []Category{
		{Name: "SSRF", Description: "Server-Side Request Forgery", Severity: "high"},
		{Name: "Path Traversal", Description: "Path traversal vulnerability", Severity: "high"},
		{Name: "Command Injection", Description: "OS command injection", Severity: "high"},
	}

	MediumCategories = []Category{
		{Name: "XSS", Description: "Cross-Site Scripting", Severity: "medium"},
		{Name: "IDOR", Description: "Insecure Direct Object Reference", Severity: "medium"},
		{Name: "Missing Encryption", Description: "Missing TLS/encryption", Severity: "medium"},
	}

	LowCategories = []Category{
		{Name: "Info Exposure", Description: "Information exposure", Severity: "low"},
		{Name: "Missing Headers", Description: "Missing security headers", Severity: "low"},
		{Name: "Verbose Errors", Description: "Verbose error messages", Severity: "low"},
	}
)

Common categories

View Source
var (
	SecretPatterns = []*regexp.Regexp{
		regexp.MustCompile(`(?i)(password|passwd|pwd)\s*[:=]\s*["'][^"']{8,}`),
		regexp.MustCompile(`(?i)api[_-]?key\s*[:=]\s*["'][^"']{16,}`),
		regexp.MustCompile(`(?i)secret[_-]?key\s*[:=]\s*["'][^"']{16,}`),
		regexp.MustCompile(`(?i)token\s*[:=]\s*["'][^"']{20,}`),
		regexp.MustCompile(`(?i)aws[_-]?access[_-]?key[_-]?id\s*[:=]\s*["'][A-Z0-9]{16}`),
		regexp.MustCompile(`(?i)hardcoded.*secret`),
		regexp.MustCompile(`(?i)(sk|pk)_[a-zA-Z0-9]{20,}`),
	}

	AuthBypassPatterns = []*regexp.Regexp{
		regexp.MustCompile(`(?i)(bypass|disable|skip|ignore|no.*auth|without.*auth)`),
		regexp.MustCompile(`(?i)(admin.*true|superuser|root.*access)`),
	}
)

Common patterns for security detection

Functions

func DefaultRules

func DefaultRules() []string

DefaultRules returns the default security audit rules.

func ValidateRule

func ValidateRule(rule string) bool

ValidateRule checks if a rule is valid.

Types

type AuditFinding

type AuditFinding struct {
	Severity       string `json:"severity"`
	Category       string `json:"category"`
	File           string `json:"file"`
	Line           int    `json:"line"`
	Description    string `json:"description"`
	Recommendation string `json:"recommendation"`
	Evidence       string `json:"evidence,omitempty"`
	Source         string `json:"source"`
}

AuditFinding represents a security finding from an audit.

type AuditReport

type AuditReport struct {
	// contains filtered or unexported fields
}

AuditReport contains the results of an audit.

func Audit

func Audit(ctx context.Context, scope *AuditScope) (*AuditReport, error)

Audit performs a security audit on the given targets. It returns a report with all findings.

func NewAuditReport

func NewAuditReport() *AuditReport

NewAuditReport creates a new empty audit report.

func (*AuditReport) AddFinding

func (r *AuditReport) AddFinding(f AuditFinding)

AddFinding adds a finding to the report.

func (*AuditReport) Count

func (r *AuditReport) Count() int

Count returns the total number of findings.

func (*AuditReport) FilterByCategory

func (r *AuditReport) FilterByCategory(category string) []AuditFinding

FilterByCategory filters findings by category.

func (*AuditReport) FilterBySeverity

func (r *AuditReport) FilterBySeverity(severity string) []AuditFinding

FilterBySeverity filters findings by severity.

func (*AuditReport) Findings

func (r *AuditReport) Findings() []AuditFinding

Findings returns all findings.

func (*AuditReport) Stats

func (r *AuditReport) Stats() AuditStats

Stats returns audit statistics.

func (*AuditReport) Summary

func (r *AuditReport) Summary() string

Summary returns a summary of the report.

type AuditScope

type AuditScope struct {
	Targets     []AuditTarget
	Rules       []string
	Timeout     time.Duration
	MaxDepth    int
	Concurrency int
}

AuditScope defines the scope of an audit.

type AuditStats

type AuditStats struct {
	TotalTargets       int
	TargetsScanned     int
	FindingsBySeverity map[string]int
	Categories         map[string]int
	DurationMs         int64
}

AuditStats contains statistics about the audit.

type AuditTarget

type AuditTarget struct {
	Type    AuditTargetType
	Path    string
	Recurse bool
	Depth   int
}

AuditTarget represents a target to audit in the codebase.

type AuditTargetType

type AuditTargetType int

AuditTargetType represents a type of audit target.

const (
	// AuditTargetHooks audits MCP hooks and webhooks.
	AuditTargetHooks AuditTargetType = iota
	// AuditTargetMCP audits MCP server configurations.
	AuditTargetMCP
	// AuditTargetPermissions audits permission configurations.
	AuditTargetPermissions
	// AuditTargetSecrets audits secret storage and access.
	AuditTargetSecrets
	// AuditTargetEndpoints audits external endpoints and APIs.
	AuditTargetEndpoints
)

type Category

type Category struct {
	Name        string
	Description string
	Severity    string
}

Category represents common vulnerability categories.

type HTTPClient

type HTTPClient struct {
	// contains filtered or unexported fields
}

HTTPClient provides HTTP access for auditing endpoints.

func NewHTTPClient

func NewHTTPClient(timeout time.Duration) *HTTPClient

NewHTTPClient creates a new HTTP client.

func (*HTTPClient) Get

func (h *HTTPClient) Get(ctx context.Context, url string) (*HTTPResponse, error)

Get performs a GET request to an endpoint.

type HTTPResponse

type HTTPResponse struct {
	StatusCode int
	Body       interface{ Read([]byte) (int, error) }
}

HTTPResponse represents an HTTP response.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL