Documentation
¶
Index ¶
- func ApplyRedactPatterns(content string, patterns []RedactPattern) (string, map[string]int)
- func Fingerprint(secret string) string
- type AIServiceDetector
- type CloudCredentialsDetector
- type Detector
- type GenericAPIKeyDetector
- type GitHubTokenDetector
- type HTTPAuthDetector
- type JWTDetector
- type NPMTokenDetector
- type RedactPattern
- type Redactor
- type Registry
- type SSHPrivateKeyDetector
- type SplunkTokenDetector
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyRedactPatterns ¶ added in v0.3.0
func ApplyRedactPatterns( content string, patterns []RedactPattern, ) (string, map[string]int)
ApplyRedactPatterns applies redaction patterns to content, returning the redacted text and a map of label to match count.
func Fingerprint ¶
Fingerprint computes a SHA-256 hash of a secret for deduplication purposes. This allows identifying the same secret across different locations without storing the actual value.
Types ¶
type AIServiceDetector ¶
type AIServiceDetector struct {
// contains filtered or unexported fields
}
AIServiceDetector detects API keys for various AI services
func NewAIServiceDetector ¶
func NewAIServiceDetector() *AIServiceDetector
NewAIServiceDetector creates a new AI service API key detector
func (*AIServiceDetector) Detect ¶
func (d *AIServiceDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for AI service API keys and returns findings
func (*AIServiceDetector) Name ¶
func (d *AIServiceDetector) Name() string
Name returns the detector name
type CloudCredentialsDetector ¶
type CloudCredentialsDetector struct {
// contains filtered or unexported fields
}
CloudCredentialsDetector detects cloud provider credentials (AWS, GCP, Azure)
func NewCloudCredentialsDetector ¶
func NewCloudCredentialsDetector() *CloudCredentialsDetector
NewCloudCredentialsDetector creates a new cloud credentials detector
func (*CloudCredentialsDetector) Detect ¶
func (d *CloudCredentialsDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for cloud provider credentials and returns findings
func (*CloudCredentialsDetector) Name ¶
func (d *CloudCredentialsDetector) Name() string
Name returns the detector name
type Detector ¶
type Detector interface {
// Name returns the detector name (e.g., "github-pat", "aws-access-key")
Name() string
// Detect scans the input text and returns findings if secrets are detected
// The context parameter provides probe-specific metadata about where the content came from
Detect(content string, ctx *models.DetectionContext) []models.Finding
}
Detector defines the interface for secret/credential detectors
type GenericAPIKeyDetector ¶
type GenericAPIKeyDetector struct {
// contains filtered or unexported fields
}
GenericAPIKeyDetector detects generic API keys and high-entropy secrets
func NewGenericAPIKeyDetector ¶
func NewGenericAPIKeyDetector() *GenericAPIKeyDetector
NewGenericAPIKeyDetector creates a new generic API key detector
func (*GenericAPIKeyDetector) Detect ¶
func (d *GenericAPIKeyDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for generic API keys and returns findings
func (*GenericAPIKeyDetector) Name ¶
func (d *GenericAPIKeyDetector) Name() string
Name returns the detector name
type GitHubTokenDetector ¶
type GitHubTokenDetector struct {
// contains filtered or unexported fields
}
GitHubTokenDetector detects various GitHub token types
func NewGitHubPATDetector ¶
func NewGitHubPATDetector() *GitHubTokenDetector
NewGitHubPATDetector creates a new GitHub token detector
func (*GitHubTokenDetector) Detect ¶
func (d *GitHubTokenDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for GitHub tokens and returns findings
func (*GitHubTokenDetector) Name ¶
func (d *GitHubTokenDetector) Name() string
Name returns the detector name
type HTTPAuthDetector ¶
type HTTPAuthDetector struct {
// contains filtered or unexported fields
}
HTTPAuthDetector detects HTTP authentication credentials in various contexts
func NewHTTPAuthDetector ¶
func NewHTTPAuthDetector() *HTTPAuthDetector
NewHTTPAuthDetector creates a new HTTP authentication detector
func (*HTTPAuthDetector) Detect ¶
func (d *HTTPAuthDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for HTTP authentication credentials and returns findings
func (*HTTPAuthDetector) Name ¶
func (d *HTTPAuthDetector) Name() string
Name returns the detector name
type JWTDetector ¶
type JWTDetector struct {
// contains filtered or unexported fields
}
JWTDetector detects JWT tokens in various contexts
func (*JWTDetector) Detect ¶
func (d *JWTDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for JWT tokens and returns findings
type NPMTokenDetector ¶
type NPMTokenDetector struct {
// contains filtered or unexported fields
}
NPMTokenDetector detects various NPM and Yarn authentication tokens
func NewNPMTokenDetector ¶
func NewNPMTokenDetector() *NPMTokenDetector
NewNPMTokenDetector creates a new NPM token detector
func (*NPMTokenDetector) Detect ¶
func (d *NPMTokenDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for NPM/Yarn tokens and returns findings
func (*NPMTokenDetector) Name ¶
func (d *NPMTokenDetector) Name() string
Name returns the detector name
type RedactPattern ¶ added in v0.3.0
type RedactPattern struct {
Regex *regexp.Regexp
Replacement string
Label string
Prefixes []string
}
RedactPattern holds a compiled regex for content redaction.
type Redactor ¶ added in v0.3.0
Redactor is optionally implemented by detectors that support content redaction (find-and-replace of secrets).
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages all registered detectors
func (*Registry) DetectAll ¶
DetectAll runs all registered detectors against the content The context parameter provides probe-specific metadata that gets included in findings
func (*Registry) GetDetectors ¶
GetDetectors returns all registered detectors
type SSHPrivateKeyDetector ¶
type SSHPrivateKeyDetector struct {
// contains filtered or unexported fields
}
SSHPrivateKeyDetector detects SSH private keys in content
func NewSSHPrivateKeyDetector ¶
func NewSSHPrivateKeyDetector() *SSHPrivateKeyDetector
NewSSHPrivateKeyDetector creates a new SSH private key detector
func (*SSHPrivateKeyDetector) Detect ¶
func (d *SSHPrivateKeyDetector) Detect(content string, ctx *models.DetectionContext) []models.Finding
Detect scans content for SSH private keys and returns findings
func (*SSHPrivateKeyDetector) Name ¶
func (d *SSHPrivateKeyDetector) Name() string
Name returns the detector name
type SplunkTokenDetector ¶ added in v0.3.0
type SplunkTokenDetector struct {
// contains filtered or unexported fields
}
SplunkTokenDetector detects Splunk session tokens
func NewSplunkTokenDetector ¶ added in v0.3.0
func NewSplunkTokenDetector() *SplunkTokenDetector
NewSplunkTokenDetector creates a new Splunk session token detector
func (*SplunkTokenDetector) Detect ¶ added in v0.3.0
func (d *SplunkTokenDetector) Detect( content string, ctx *models.DetectionContext, ) []models.Finding
Detect scans content for Splunk session tokens and returns findings
func (*SplunkTokenDetector) Name ¶ added in v0.3.0
func (d *SplunkTokenDetector) Name() string
Name returns the detector name
Source Files