models

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2026 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Fingerprint added in v0.4.0 

func Fingerprint(value string) string

Fingerprint computes a SHA-256 hash of a value for deduplication purposes. This allows identifying the same secret across different locations without storing the actual value.

func FingerprintFromFields added in v0.4.0 

func FingerprintFromFields(fields ...string) string

FingerprintFromFields computes a fingerprint from multiple identifying fields. Use this for config-based findings where the fingerprint is derived from stable attributes like finding ID, path, and other discriminating fields.

func SaltedFingerprint added in v0.4.0 

func SaltedFingerprint(value, salt string) string

SaltedFingerprint computes an HMAC-SHA256 of value using salt as the key. Used by detectors to produce machine-unique fingerprints for detected secrets.

Types

type CacheConfig 

type CacheConfig struct {
	TTL            string `yaml:"ttl" mapstructure:"ttl"`                           // Duration string, e.g., "30m"
	SampleSize     int    `yaml:"sample_size" mapstructure:"sample_size"`           // Number of files to sample for validation
	ValidateOnLoad bool   `yaml:"validate_on_load" mapstructure:"validate_on_load"` // Enable staleness checking
}

CacheConfig contains configuration for file index cache staleness detection

type Config 

type Config struct {
	Version     int               `yaml:"version" mapstructure:"version"`
	Probes      ProbeConfig       `yaml:"probes" mapstructure:"probes"`
	Privacy     PrivacyConfig     `yaml:"privacy" mapstructure:"privacy"`
	Output      OutputConfig      `yaml:"output" mapstructure:"output"`
	SeverityMap map[string]string `yaml:"severity_map" mapstructure:"severity_map"`
	FileIndex   FileIndexConfig   `yaml:"file_index" mapstructure:"file_index"`
	HostInfo    HostInfoConfig    `yaml:"hostinfo" mapstructure:"hostinfo"`
}

Config represents the Bagel configuration

type DetectionContext 

type DetectionContext struct {
	// Source indicates where the content came from (e.g., "env:GITHUB_TOKEN", "file:/path/to/config")
	Source string

	// ProbeName is the name of the probe that invoked the detector
	ProbeName string

	// LineNumber is the 1-based line number where the content was found (0 if not applicable)
	LineNumber int

	// EnvVarName is the environment variable name (empty if not from env)
	EnvVarName string

	// Extra allows probes to pass additional arbitrary metadata
	Extra map[string]any

	// FingerprintSalt is a machine-specific salt (os:arch:hostname:username)
	// used by detectors to produce machine-unique secret fingerprints
	FingerprintSalt string
}

DetectionContext provides probe-specific context to detectors This allows probes to pass metadata that gets included in findings

func NewDetectionContext 

func NewDetectionContext(input NewDetectionContextInput) *DetectionContext

func (*DetectionContext) FormatSource 

func (c *DetectionContext) FormatSource() string

FormatSource returns a formatted source string that includes line number if present

func (*DetectionContext) WithEnvVarName 

func (c *DetectionContext) WithEnvVarName(name string) *DetectionContext

WithEnvVarName sets the environment variable name and returns the context for chaining

func (*DetectionContext) WithExtra 

func (c *DetectionContext) WithExtra(key string, value any) *DetectionContext

WithExtra sets an extra metadata key-value pair and returns the context for chaining

func (*DetectionContext) WithLineNumber 

func (c *DetectionContext) WithLineNumber(line int) *DetectionContext

WithLineNumber sets the line number and returns the context for chaining

type FileIndexConfig 

type FileIndexConfig struct {
	MaxDepth       int             `yaml:"max_depth" mapstructure:"max_depth"`
	FollowSymlinks bool            `yaml:"follow_symlinks" mapstructure:"follow_symlinks"`
	BaseDirs       []string        `yaml:"base_dirs" mapstructure:"base_dirs"`
	ExcludePaths   []string        `yaml:"exclude_paths" mapstructure:"exclude_paths"`
	Patterns       []PatternConfig `yaml:"patterns" mapstructure:"patterns"`
	Cache          CacheConfig     `yaml:"cache" mapstructure:"cache"`
}

FileIndexConfig contains configuration for file indexing

type Finding 

type Finding struct {
	ID          string                 `json:"id"`
	Type        FindingType            `json:"type"`
	TypeName    FindingTypeName        `json:"type_name"`
	Fingerprint string                 `json:"fingerprint"`
	Probe       string                 `json:"probe"`
	Severity    string                 `json:"severity"`
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	Message     string                 `json:"message"`
	Path        string                 `json:"path,omitempty"`
	Locations   []string               `json:"locations,omitempty"` // Additional locations when deduplicated
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

Finding represents a single security finding

func (Finding) MarshalJSON added in v0.5.0 

func (f Finding) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler, auto-populating TypeName from Type.

type FindingType added in v0.4.0 

type FindingType string

FindingType classifies the category of a security finding. 

const (
	FindingTypeSecret           FindingType = "secret"
	FindingTypeMisconfiguration FindingType = "misconfiguration"
)

func (FindingType) TypeName added in v0.5.0 

func (t FindingType) TypeName() FindingTypeName

TypeName returns the human-readable display name for a FindingType.

type FindingTypeName added in v0.5.0 

type FindingTypeName string

FindingTypeName is the human-readable display name for a FindingType. 

const (
	FindingTypeNameSecret           FindingTypeName = "Secret"
	FindingTypeNameMisconfiguration FindingTypeName = "Misconfiguration"
)

type HostInfo 

type HostInfo struct {
	Hostname string      `json:"hostname"`
	OS       string      `json:"os"`
	Arch     string      `json:"arch"`
	Username string      `json:"username"`
	System   *SystemInfo `json:"system,omitempty"`
}

HostInfo contains information about the scanned host

func (*HostInfo) FingerprintSalt added in v0.4.0 

func (h *HostInfo) FingerprintSalt() string

FingerprintSalt returns a machine-specific salt derived from host identity fields. Used by detectors to produce machine-unique secret fingerprints.

type HostInfoConfig 

type HostInfoConfig struct {
	Extended bool `yaml:"extended" mapstructure:"extended"`
}

HostInfoConfig contains configuration for extended host information collection

type Metadata 

type Metadata struct {
	Version   string    `json:"version"`
	Timestamp time.Time `json:"timestamp"`
	Duration  string    `json:"duration"`
}

Metadata contains scan metadata

type NewDetectionContextInput 

type NewDetectionContextInput struct {
	Source    string
	ProbeName string
}

NewDetectionContext creates a new DetectionContext with required fields

type OutputConfig 

type OutputConfig struct {
	IncludeFileHashes  bool `yaml:"include_file_hashes" mapstructure:"include_file_hashes"`
	IncludeFileContent bool `yaml:"include_file_content" mapstructure:"include_file_content"`
}

OutputConfig contains output-related settings

type PatternConfig 

type PatternConfig struct {
	Name     string   `yaml:"name" mapstructure:"name"`
	Patterns []string `yaml:"patterns" mapstructure:"patterns"`
	Type     string   `yaml:"type" mapstructure:"type"` // "glob", "exact", "regex"
}

PatternConfig defines a file pattern to index

type PrivacyConfig 

type PrivacyConfig struct {
	RedactPaths        []string `yaml:"redact_paths" mapstructure:"redact_paths"`
	ExcludeEnvPrefixes []string `yaml:"exclude_env_prefixes" mapstructure:"exclude_env_prefixes"`
}

PrivacyConfig contains privacy-related settings

type ProbeConfig 

type ProbeConfig struct {
	Git          ProbeSettings `yaml:"git" mapstructure:"git"`
	SSH          ProbeSettings `yaml:"ssh" mapstructure:"ssh"`
	NPM          ProbeSettings `yaml:"npm" mapstructure:"npm"`
	Env          ProbeSettings `yaml:"env" mapstructure:"env"`
	ShellHistory ProbeSettings `yaml:"shell_history" mapstructure:"shell_history"`
	Cloud        ProbeSettings `yaml:"cloud" mapstructure:"cloud"`
	JetBrains    ProbeSettings `yaml:"jetbrains" mapstructure:"jetbrains"`
	GH           ProbeSettings `yaml:"gh" mapstructure:"gh"`
	AICli        ProbeSettings `yaml:"ai_cli" mapstructure:"ai_cli"`
	WireGuard    ProbeSettings `yaml:"wireguard" mapstructure:"wireguard"`
	PyPI         ProbeSettings `yaml:"pypi" mapstructure:"pypi"`
}

ProbeConfig contains configuration for all probes

type ProbeSettings 

type ProbeSettings struct {
	Enabled bool                   `yaml:"enabled" mapstructure:"enabled"`
	Flags   map[string]interface{} `yaml:"flags" mapstructure:"flags"`
}

ProbeSettings contains settings for a specific probe

type ScanResult 

type ScanResult struct {
	Metadata Metadata  `json:"metadata"`
	Host     HostInfo  `json:"host"`
	Findings []Finding `json:"findings"`
}

ScanResult represents the complete scan output

type SystemInfo 

type SystemInfo struct {
	OSVersion     string    `json:"os_version,omitempty"`
	KernelVersion string    `json:"kernel_version,omitempty"`
	CPUModel      string    `json:"cpu_model,omitempty"`
	CPUCores      int       `json:"cpu_cores,omitempty"`
	RAMTotalGB    float64   `json:"ram_total_gb,omitempty"`
	BootTime      time.Time `json:"boot_time,omitempty"`
	Timezone      string    `json:"timezone,omitempty"`
}

SystemInfo contains detailed system information

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.