permissions

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2025 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyFiltersToQuery 

func ApplyFiltersToQuery(query map[string]interface{}, permFilters map[string]interface{}) (map[string]interface{}, bool, error)

ApplyFiltersToQuery applies permission filters to a TheHive query This is used by search and manage tools to ensure queries respect permissions

func GetDefaultPermissions 

func GetDefaultPermissions() ([]byte, error)

GetDefaultPermissions returns the embedded default read-only permissions

func MergeFilters 

func MergeFilters(userQuery map[string]interface{}, permissionFilters map[string]interface{}) (map[string]interface{}, bool)

MergeFilters combines permission filters with user-provided query filters Returns the merged filter and a boolean indicating if permission filters were applied

func Validate 

func Validate(config *Config) error

Validate validates a permissions configuration

Types

type AutomationPermissions 

type AutomationPermissions struct {
	Mode    string   `yaml:"mode"` // "allow_list" or "block_list"
	Allowed []string `yaml:"allowed"`
	Blocked []string `yaml:"blocked"`
}

AutomationPermissions defines analyzer or responder access

type Config 

type Config struct {
	Version     string             `yaml:"version"`
	Permissions PermissionsSection `yaml:"permissions"`
}

Config represents the complete permissions configuration

func LoadAdminForTesting 

func LoadAdminForTesting() *Config

LoadAdminForTesting returns an admin permissions configuration for testing purposes

func LoadDefault 

func LoadDefault() (*Config, error)

LoadDefault loads the embedded default read-only permissions

func LoadFromFile 

func LoadFromFile(path string) (*Config, error)

LoadFromFile loads and parses a permissions configuration from a file

func ParseYAML 

func ParseYAML(data []byte) (*Config, error)

ParseYAML parses YAML data into a Config struct

func (*Config) GetAllowedAnalyzers 

func (c *Config) GetAllowedAnalyzers(allAnalyzers []string) []string

GetAllowedAnalyzers returns list of allowed analyzer names

func (*Config) GetAllowedResponders 

func (c *Config) GetAllowedResponders(allResponders []string) []string

GetAllowedResponders returns list of allowed responder names

func (*Config) GetToolFilters 

func (c *Config) GetToolFilters(toolName string) map[string]interface{}

GetToolFilters returns the filters for a specific tool

func (*Config) IsAnalyzerAllowed 

func (c *Config) IsAnalyzerAllowed(analyzerName string) bool

IsAnalyzerAllowed checks if an analyzer is permitted based on global rules

func (*Config) IsEntityOperationAllowed 

func (c *Config) IsEntityOperationAllowed(entityType, operation string) bool

IsEntityOperationAllowed checks if a specific operation on an entity type is permitted If no entity-specific permissions are configured, defaults to the tool's general allowed setting

func (*Config) IsResponderAllowed 

func (c *Config) IsResponderAllowed(responderName string) bool

IsResponderAllowed checks if a responder is permitted based on global rules

func (*Config) IsToolAllowed 

func (c *Config) IsToolAllowed(toolName string) bool

IsToolAllowed checks if a tool is permitted

type EntityOperation 

type EntityOperation struct {
	Create  bool `yaml:"create"`
	Update  bool `yaml:"update"`
	Delete  bool `yaml:"delete"`
	Comment bool `yaml:"comment"`
}

EntityOperation defines which operations are allowed for an entity type

type PermissionInfo 

type PermissionInfo struct {
	Applied       bool     `json:"applied"`
	FilterApplied bool     `json:"filter_applied,omitempty"`
	Message       string   `json:"message,omitempty"`
	Restrictions  []string `json:"restrictions,omitempty"`
}

PermissionInfo describes how permissions affected a response

func NewPermissionInfo 

func NewPermissionInfo() PermissionInfo

NewPermissionInfo creates a PermissionInfo with applied=false

func NewPermissionInfoDenied 

func NewPermissionInfoDenied(message string) PermissionInfo

NewPermissionInfoDenied creates a PermissionInfo for a denied operation

func NewPermissionInfoFiltered 

func NewPermissionInfoFiltered(message string) PermissionInfo

NewPermissionInfoFiltered creates a PermissionInfo for a filtered operation

func NewPermissionInfoRestricted 

func NewPermissionInfoRestricted(restrictions []string) PermissionInfo

NewPermissionInfoRestricted creates a PermissionInfo with restrictions list

type PermissionsSection 

type PermissionsSection struct {
	Tools      map[string]ToolPermission `yaml:"tools"`
	Analyzers  AutomationPermissions     `yaml:"analyzers"`
	Responders AutomationPermissions     `yaml:"responders"`
}

PermissionsSection contains all permission categories

type ToolPermission 

type ToolPermission struct {
	Allowed           bool                       `yaml:"allowed"`
	Filters           map[string]interface{}     `yaml:"filters,omitempty"`
	EntityPermissions map[string]EntityOperation `yaml:"entity_permissions,omitempty"` // For manage-entities tool
}

ToolPermission defines access and filtering for a specific tool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.