Documentation
¶
Overview ¶
Package security provides content scanning and PII redaction for TokMan.
The security package detects sensitive information in command output such as API keys, tokens, credentials, and personally identifiable information (PII).
Scanner ¶
Use the Scanner to detect sensitive content:
scanner := security.NewScanner()
findings := scanner.Scan(output)
for _, f := range findings {
fmt.Printf("Found %s: %s\n", f.Rule, f.Match)
}
Redaction ¶
RedactPII removes detected sensitive information:
safe := security.RedactPII(output)
Validation ¶
The Validator type provides input validation for API requests:
v := security.NewValidator()
if err := v.ValidateBudget(budget); err != nil { ... }
Package security provides content scanning and PII redaction capabilities for detecting sensitive information in command output.
Index ¶
- Constants
- func HasHiddenUnicode(s string) bool
- func IsPrintableASCII(s string) bool
- func IsSuspiciousContent(content string) bool
- func RedactPII(content string) string
- func RedactWithMask(content string, mask rune) string
- func SanitizeForLogging(content string) string
- func ValidateUTF8(content string) bool
- type Finding
- type ScanRule
- type Scanner
- type Validator
Constants ¶
const ( SeverityCritical = "critical" SeverityHigh = "high" SeverityMedium = "medium" SeverityLow = "low" )
Severity levels for findings
Variables ¶
This section is empty.
Functions ¶
func HasHiddenUnicode ¶ added in v0.28.0
HasHiddenUnicode checks for hidden/invisible Unicode characters
func IsPrintableASCII ¶ added in v0.28.0
IsPrintableASCII checks if a string contains only printable ASCII characters
func IsSuspiciousContent ¶ added in v0.28.0
IsSuspiciousContent checks for potentially malicious content patterns
func RedactWithMask ¶ added in v0.28.0
RedactWithMask redacts sensitive data but keeps structure with mask character
func SanitizeForLogging ¶ added in v0.28.0
SanitizeForLogging prepares content for logging by redacting PII and truncating if needed
func ValidateUTF8 ¶ added in v0.28.0
ValidateUTF8 checks if content is valid UTF-8
Types ¶
type Finding ¶
Finding represents a security finding from content scanning
func ValidateContent ¶ added in v0.28.0
ValidateContent checks if content is safe and returns findings Returns true if safe (no critical findings), false otherwise
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner provides security scanning capabilities
func NewScanner ¶
func NewScanner() *Scanner
NewScanner creates a new security scanner with all rules configured
func (*Scanner) HasCriticalFindings ¶ added in v0.28.0
HasCriticalFindings checks if content contains any critical severity findings
type Validator ¶ added in v0.28.0
type Validator struct{}
Validator provides input validation for API requests
func NewValidator ¶ added in v0.28.0
func NewValidator() *Validator
NewValidator creates a new input validator
func (*Validator) ValidateBudget ¶ added in v0.28.0
ValidateBudget validates a token budget value
func (*Validator) ValidateMode ¶ added in v0.28.0
ValidateMode validates a compression mode value
func (*Validator) ValidatePath ¶ added in v0.28.0
ValidatePath validates a file path for security
func (*Validator) ValidatePreset ¶ added in v0.28.0
ValidatePreset validates a compression preset value
Source Files