security

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2025 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Entropy thresholds for different sensitivity levels
	LowEntropyThreshold    = 3.5
	MediumEntropyThreshold = 4.5
	HighEntropyThreshold   = 5.5

	// Minimum length for entropy-based detection
	MinEntropyLength = 20

	// Maximum length to consider (avoid very long strings like base64 images)
	MaxEntropyLength = 200
)

Variables

This section is empty.

Functions

func CalculateEntropy 

func CalculateEntropy(s string) float64

CalculateEntropy calculates Shannon entropy for a string

Types

type AllowlistConfig 

type AllowlistConfig struct {
	Patterns []string `toml:"patterns,omitempty"`
	Files    []string `toml:"files,omitempty"`
}

type ContentScanConfig 

type ContentScanConfig struct {
	EntropyThreshold float64 `toml:"entropy_threshold"`
	MinSecretLength  int     `toml:"min_secret_length"`
	MaxFileSize      int     `toml:"max_file_size"`
	ScanBinaryFiles  bool    `toml:"scan_binary_files"`
	ContextWindow    int     `toml:"context_window"`
}

type Detector 

type Detector struct {
	// contains filtered or unexported fields
}

func NewDetector 

func NewDetector(config *SecurityConfig) *Detector

func (*Detector) DetectSecrets 

func (d *Detector) DetectSecrets(content []byte, filePath string) []Finding

func (*Detector) SetSensitivity 

func (d *Detector) SetSensitivity(level SensitivityLevel)

type EntropyAnalysis 

type EntropyAnalysis struct {
	Value      string
	Length     int
	Entropy    float64
	IsSecret   bool
	Confidence float64
	Reason     string
}

type EntropyAnalyzer 

type EntropyAnalyzer struct {
	// contains filtered or unexported fields
}

func NewEntropyAnalyzer 

func NewEntropyAnalyzer(threshold float64) *EntropyAnalyzer

func (*EntropyAnalyzer) AnalyzeString 

func (ea *EntropyAnalyzer) AnalyzeString(s string) EntropyAnalysis

AnalyzeString provides detailed entropy analysis

func (*EntropyAnalyzer) ExtractHighEntropyStrings 

func (ea *EntropyAnalyzer) ExtractHighEntropyStrings(text string) []string

ExtractHighEntropyStrings finds all high-entropy strings in text

func (*EntropyAnalyzer) IsHighEntropy 

func (ea *EntropyAnalyzer) IsHighEntropy(s string) bool

IsHighEntropy checks if a string has high entropy indicating randomness

type Finding 

type Finding struct {
	Type       SecretType
	Value      string // Redacted version
	RawValue   string // Original value (kept for internal use)
	Location   Location
	Confidence float64  // 0.0 to 1.0
	Context    string   // Surrounding text
	Reasons    []string // Why it was flagged
	RiskLevel  RiskLevel
}

func (*Finding) Redact 

func (f *Finding) Redact() string

type Location 

type Location struct {
	FilePath   string
	LineNumber int
	Column     int
	LineText   string
}

type PatternConfig 

type PatternConfig struct {
	Critical []string `toml:"critical,omitempty"`
	High     []string `toml:"high,omitempty"`
	Medium   []string `toml:"medium,omitempty"`
	Low      []string `toml:"low,omitempty"`
	Custom   []string `toml:"custom,omitempty"`
}

type PatternMatcher 

type PatternMatcher struct {
	// contains filtered or unexported fields
}

func NewPatternMatcher 

func NewPatternMatcher(config *SecurityConfig) *PatternMatcher

func (*PatternMatcher) AddPattern 

func (pm *PatternMatcher) AddPattern(pattern string, level RiskLevel)

func (*PatternMatcher) GetAllPatterns 

func (pm *PatternMatcher) GetAllPatterns() map[RiskLevel][]string

func (*PatternMatcher) GetPatterns 

func (pm *PatternMatcher) GetPatterns(level RiskLevel) []string

func (*PatternMatcher) RemovePattern 

func (pm *PatternMatcher) RemovePattern(pattern string, level RiskLevel)

func (*PatternMatcher) ShouldExclude 

func (pm *PatternMatcher) ShouldExclude(path string) (bool, RiskLevel, string)

type RiskLevel 

type RiskLevel int
const (
	RiskLevelNone RiskLevel = iota
	RiskLevelLow
	RiskLevelMedium
	RiskLevelHigh
	RiskLevelCritical
)

func (RiskLevel) String 

func (r RiskLevel) String() string

type ScanReport 

type ScanReport struct {
	Results       []ScanResult
	TotalFiles    int
	ScannedFiles  int
	SkippedFiles  int
	TotalFindings int
	HighestRisk   RiskLevel
}

func (*ScanReport) Summary 

func (r *ScanReport) Summary() string

type ScanResult 

type ScanResult struct {
	FilePath string
	Findings []Finding
	Risk     RiskLevel
	Passed   bool
	Error    error
}

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner 

func NewScanner(config *SecurityConfig) *Scanner

func (*Scanner) ScanDirectory 

func (s *Scanner) ScanDirectory(path string, ignores []string) (*ScanReport, error)

func (*Scanner) ScanFile 

func (s *Scanner) ScanFile(path string, content []byte) (*ScanResult, error)

func (*Scanner) SetSensitivity 

func (s *Scanner) SetSensitivity(level SensitivityLevel)

type SecretType 

type SecretType string
const (
	SecretTypeAPIKey        SecretType = "api_key"
	SecretTypeAnthropicKey  SecretType = "anthropic_key"
	SecretTypeGenericAPIKey SecretType = "generic_api_key"
	SecretTypePassword      SecretType = "password"
	SecretTypePrivateKey    SecretType = "private_key"
	SecretTypeToken         SecretType = "token"
	SecretTypeAWSKey        SecretType = "aws_key"
	SecretTypeGitHubToken   SecretType = "github_token"
	SecretTypeJWT           SecretType = "jwt"
	SecretTypeDatabaseURL   SecretType = "database_url"
	SecretTypeGeneric       SecretType = "generic_secret"
	SecretTypePII           SecretType = "pii"
	SecretTypeCreditCard    SecretType = "credit_card"
	SecretTypeSSN           SecretType = "ssn"
	SecretTypeEmail         SecretType = "email"
	SecretTypeIPAddress     SecretType = "ip_address"
)

type SecurityConfig 

type SecurityConfig struct {
	// Global security settings
	Enabled         bool             `toml:"enabled"`
	ScanContent     bool             `toml:"scan_content"`
	ExcludePatterns bool             `toml:"exclude_patterns"`
	Sensitivity     SensitivityLevel `toml:"sensitivity"`
	FailOnSecrets   bool             `toml:"fail_on_secrets"`
	Interactive     bool             `toml:"interactive"`

	// Pattern exclusion configuration
	PatternConfig PatternConfig `toml:"pattern_config,omitempty"`

	// Content scanning configuration
	ContentScan ContentScanConfig `toml:"content_scan,omitempty"`

	// Allowlist configuration
	Allowlist AllowlistConfig `toml:"allowlist,omitempty"`
}

func DefaultSecurityConfig 

func DefaultSecurityConfig() *SecurityConfig

DefaultSecurityConfig returns a security configuration with sensible defaults

func (*SecurityConfig) IsFileAllowed 

func (sc *SecurityConfig) IsFileAllowed(filePath string) bool

IsFileAllowed checks if a file is in the allowlist

func (*SecurityConfig) IsPatternAllowed 

func (sc *SecurityConfig) IsPatternAllowed(value string) bool

IsPatternAllowed checks if a value matches any allowlist pattern

func (*SecurityConfig) Merge 

func (sc *SecurityConfig) Merge(other *SecurityConfig)

Merge combines two security configurations, with the second taking precedence

func (*SecurityConfig) Validate 

func (sc *SecurityConfig) Validate() error

Validate checks if the security configuration is valid

type SecurityContext 

type SecurityContext struct {
	// contains filtered or unexported fields
}

func NewSecurityContext 

func NewSecurityContext(config *SecurityConfig) *SecurityContext

func (*SecurityContext) InteractivePrompt 

func (sc *SecurityContext) InteractivePrompt(report *ScanReport) (bool, bool, error)

InteractivePrompt presents security findings to the user and gets their decision Returns: proceed (continue with this dotfile), skipAll (skip security for remaining dotfiles), error

func (*SecurityContext) ScanPath 

func (sc *SecurityContext) ScanPath(path string, ignores []string) (*ScanReport, error)

ScanPath scans a file or directory for security issues before sync

func (*SecurityContext) ShouldProceed 

func (sc *SecurityContext) ShouldProceed(report *ScanReport) (bool, string)

ShouldProceed determines if sync should continue based on security findings

type SensitivityLevel 

type SensitivityLevel string
const (
	SensitivityLow      SensitivityLevel = "low"
	SensitivityMedium   SensitivityLevel = "medium"
	SensitivityHigh     SensitivityLevel = "high"
	SensitivityParanoid SensitivityLevel = "paranoid"
)

type ValidationError 

type ValidationError struct {
	Field   string
	Message string
}

func (*ValidationError) Error 

func (e *ValidationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.