security

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package security provides prompt injection detection.

Package security provides PII detection and redaction.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RedactPII 

func RedactPII(content string) string

RedactPII redacts personally identifiable information from content.

Types

type ContentGuardrails 

type ContentGuardrails struct {
	// contains filtered or unexported fields
}

ContentGuardrails implements PII and prompt injection detection. Inspired by token-lens's content guardrails.

func NewContentGuardrails 

func NewContentGuardrails() *ContentGuardrails

NewContentGuardrails creates new content guardrails.

func (*ContentGuardrails) Check 

func (cg *ContentGuardrails) Check(content string) []SecurityAlert

Check checks content against guardrails.

type DecisionExplainability 

type DecisionExplainability struct {
	// contains filtered or unexported fields
}

DecisionExplainability provides structured forensic audit records. Inspired by clawshield's decision explainability.

func NewDecisionExplainability 

func NewDecisionExplainability() *DecisionExplainability

NewDecisionExplainability creates a new decision explainability system.

func (*DecisionExplainability) GetDecisions 

func (de *DecisionExplainability) GetDecisions() []DecisionRecord

GetDecisions returns all recorded decisions.

func (*DecisionExplainability) Record 

func (de *DecisionExplainability) Record(action, reason string, evidence []string, confidence float64)

Record records a decision with evidence.

type DecisionRecord 

type DecisionRecord struct {
	Action     string    `json:"action"`
	Reason     string    `json:"reason"`
	Evidence   []string  `json:"evidence"`
	Timestamp  time.Time `json:"timestamp"`
	Confidence float64   `json:"confidence"`
}

DecisionRecord represents a forensic audit record.

type EBPFMonitor 

type EBPFMonitor struct {
	// contains filtered or unexported fields
}

EBPFMonitor implements eBPF-based syscall monitoring. Inspired by clawshield's eBPF kernel monitoring.

func NewEBPFMonitor 

func NewEBPFMonitor() *EBPFMonitor

NewEBPFMonitor creates a new eBPF monitor.

func (*EBPFMonitor) CheckSyscall 

func (m *EBPFMonitor) CheckSyscall(syscall string, args string) *SecurityAlert

CheckSyscall checks if a syscall pattern is suspicious.

func (*EBPFMonitor) Enable 

func (m *EBPFMonitor) Enable() error

Enable enables eBPF monitoring.

type Finding 

type Finding struct {
	Rule     string
	Severity string
	Message  string
	Line     int
	Match    string
}

Finding represents a security finding.

func DetectPromptInjection 

func DetectPromptInjection(content string) []Finding

DetectPromptInjection checks for prompt injection attempts.

func DetectSecrets 

func DetectSecrets(content string) []Finding

DetectSecrets checks for potential secrets in content.

type FirewallRule 

type FirewallRule struct {
	Action     string // "allow", "deny"
	Protocol   string // "tcp", "udp", "icmp"
	Port       int
	DestIP     string
	DestDomain string
}

FirewallRule represents a firewall rule.

type GuardrailRule 

type GuardrailRule struct {
	Name    string
	Pattern string
	Action  string // "block", "redact", "warn"
}

GuardrailRule represents a content guardrail rule.

type InjectionDetector 

type InjectionDetector struct {
	// contains filtered or unexported fields
}

InjectionDetector detects prompt injection attempts.

func NewInjectionDetector 

func NewInjectionDetector() *InjectionDetector

NewInjectionDetector creates a new injection detector.

func (*InjectionDetector) AddPattern 

func (d *InjectionDetector) AddPattern(injectionType InjectionType, pattern string) error

AddPattern adds a custom detection pattern.

func (*InjectionDetector) Detect 

func (d *InjectionDetector) Detect(content string) []InjectionPattern

Detect scans content for injection attempts.

func (*InjectionDetector) Disable 

func (d *InjectionDetector) Disable(injectionType InjectionType)

Disable disables a detection type.

func (*InjectionDetector) Enable 

func (d *InjectionDetector) Enable(injectionType InjectionType)

Enable enables a detection type.

func (*InjectionDetector) IsSafe 

func (d *InjectionDetector) IsSafe(content string) bool

IsSafe checks if content appears safe (no injection detected).

func (*InjectionDetector) Sanitize 

func (d *InjectionDetector) Sanitize(content string) string

Sanitize removes potentially dangerous content.

func (*InjectionDetector) Scan 

func (d *InjectionDetector) Scan(content string) ScanResult

Scan performs a detailed scan.

func (*InjectionDetector) SetScoreThreshold 

func (d *InjectionDetector) SetScoreThreshold(injectionType InjectionType, score float64)

SetScoreThreshold sets the confidence threshold.

type InjectionPattern 

type InjectionPattern struct {
	Type        InjectionType `json:"type"`
	Confidence  float64       `json:"confidence"`
	MatchedText string        `json:"matched_text"`
	Position    int           `json:"position"`
	Severity    string        `json:"severity"` // low, medium, high, critical
}

InjectionPattern represents a detected injection attempt.

type InjectionType 

type InjectionType string

InjectionType represents the type of injection detected. 

const (
	InjectionSystemPrompt   InjectionType = "system_prompt"
	InjectionJailbreak      InjectionType = "jailbreak"
	InjectionDataExtraction InjectionType = "data_extraction"
	InjectionIndirect       InjectionType = "indirect"
	InjectionContextShift   InjectionType = "context_shift"
	InjectionRolePlay       InjectionType = "role_play"
)

type NetworkFirewall 

type NetworkFirewall struct {
	// contains filtered or unexported fields
}

NetworkFirewall implements iptables-based egress filtering. Inspired by clawshield's network firewall.

func NewNetworkFirewall 

func NewNetworkFirewall() *NetworkFirewall

NewNetworkFirewall creates a new network firewall.

func (*NetworkFirewall) AddRule 

func (nf *NetworkFirewall) AddRule(rule FirewallRule)

AddRule adds a firewall rule.

func (*NetworkFirewall) CheckConnection 

func (nf *NetworkFirewall) CheckConnection(destIP string, port int, protocol string) bool

CheckConnection checks if a connection is allowed.

type PIIDetector 

type PIIDetector struct {
	// contains filtered or unexported fields
}

PIIDetector detects and redacts PII.

func NewPIIDetector 

func NewPIIDetector() *PIIDetector

NewPIIDetector creates a new PII detector with default patterns.

func (*PIIDetector) AddPattern 

func (d *PIIDetector) AddPattern(name, pattern string) error

AddPattern adds a custom pattern.

func (*PIIDetector) Detect 

func (d *PIIDetector) Detect(content string) []PIIPattern

Detect finds all PII in content.

func (*PIIDetector) Disable 

func (d *PIIDetector) Disable(patternType string)

Disable disables a pattern type.

func (*PIIDetector) Enable 

func (d *PIIDetector) Enable(patternType string)

Enable enables a pattern type.

func (*PIIDetector) GetPatternNames 

func (d *PIIDetector) GetPatternNames() []string

GetPatternNames returns all pattern names.

func (*PIIDetector) HasPII 

func (d *PIIDetector) HasPII(content string) bool

HasPII checks if content contains PII.

func (*PIIDetector) IsEnabled 

func (d *PIIDetector) IsEnabled(patternType string) bool

IsEnabled checks if a pattern type is enabled.

func (*PIIDetector) Redact 

func (d *PIIDetector) Redact(content string) string

Redact replaces PII with placeholders.

func (*PIIDetector) RedactWithOptions 

func (d *PIIDetector) RedactWithOptions(content string, opts RedactOptions) string

RedactWithOptions redacts with custom options.

func (*PIIDetector) RemovePattern 

func (d *PIIDetector) RemovePattern(name string)

RemovePattern removes a pattern.

func (*PIIDetector) Scan 

func (d *PIIDetector) Scan(content string) PIIScanResult

Scan scans content and returns detailed results.

type PIIPattern 

type PIIPattern struct {
	Type     string `json:"type"`
	Pattern  string `json:"pattern"`
	Position int    `json:"position"`
	Length   int    `json:"length"`
	Value    string `json:"value,omitempty"` // Redacted in output
}

PIIPattern represents a detected PII pattern.

type PIIScanResult 

type PIIScanResult struct {
	HasPII   bool         `json:"has_pii"`
	Findings []PIIPattern `json:"findings"`
	Redacted string       `json:"redacted,omitempty"`
}

PIIScanResult contains PII scan results.

type RedactOptions 

type RedactOptions struct {
	Types       []string // Specific types to redact
	Mask        bool     // Partial masking instead of full replacement
	Replacement string   // Custom replacement string
}

RedactOptions provides redaction options.

type Rule 

type Rule struct {
	Name        string
	Pattern     *regexp.Regexp
	Severity    string
	Description string
}

Rule represents a security scanning rule.

type SIEMIntegration 

type SIEMIntegration struct {
	// contains filtered or unexported fields
}

SIEMIntegration implements SIEM integration with OCSF format. Inspired by clawshield's SIEM integration.

func NewSIEMIntegration 

func NewSIEMIntegration(endpoint string) *SIEMIntegration

NewSIEMIntegration creates a new SIEM integration.

func (*SIEMIntegration) FormatOCSF 

func (si *SIEMIntegration) FormatOCSF(alert SecurityAlert) string

FormatOCSF formats an alert in OCSF v1.1 format.

type ScanResult 

type ScanResult struct {
	Safe       bool               `json:"safe"`
	Score      float64            `json:"score"`    // 0.0 = safe, 1.0 = definitely injection
	Severity   string             `json:"severity"` // none, low, medium, high, critical
	Detections []InjectionPattern `json:"detections"`
}

ScanResult contains detailed scan results.

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner performs security scanning on content. Inspired by clawshield and token-lens.

func NewScanner 

func NewScanner() *Scanner

NewScanner creates a new security scanner.

func (*Scanner) Scan 

func (s *Scanner) Scan(content string) []Finding

Scan scans content for security issues.

type SecurityAlert 

type SecurityAlert struct {
	Type      string    `json:"type"`
	Severity  string    `json:"severity"`
	Message   string    `json:"message"`
	Timestamp time.Time `json:"timestamp"`
	Details   string    `json:"details,omitempty"`
}

SecurityAlert represents a security alert.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.