Documentation
¶
Overview ¶
Package models contains domain models for SmokedMeat communication.
Package models contains domain models for SmokedMeat.
Package models contains domain models for SmokedMeat.
Index ¶
- type CIPlatform
- type CachePoisonStatus
- type CloudQueryResult
- type CloudResource
- type Coleslaw
- type DetectedSecret
- type NetworkInfo
- type OIDCInfo
- type Order
- type OrderStatus
- type PivotResult
- type ReconResult
- func (r *ReconResult) AddError(err string)
- func (r *ReconResult) AddSecret(name string, secretType SecretType, length int, highValue bool)
- func (r *ReconResult) HasHighValueSecrets() bool
- func (r *ReconResult) HighValueSecretCount() int
- func (r *ReconResult) Marshal() ([]byte, error)
- func (r *ReconResult) SecretCount() int
- type RepoInfo
- type RunnerInfo
- type ScanFinding
- type ScanResult
- type ScanRule
- type SecretType
- type WorkflowInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CIPlatform ¶
type CIPlatform string
CIPlatform identifies the CI/CD platform.
const ( PlatformUnknown CIPlatform = "unknown" PlatformGitHubActions CIPlatform = "github_actions" PlatformGitLabCI CIPlatform = "gitlab_ci" PlatformAzureDevOps CIPlatform = "azure_devops" PlatformCircleCI CIPlatform = "circleci" PlatformJenkins CIPlatform = "jenkins" PlatformBitbucket CIPlatform = "bitbucket" )
type CachePoisonStatus ¶
type CachePoisonStatus struct {
Status string `json:"status"`
Error string `json:"error,omitempty"`
RuntimeSource string `json:"runtime_source,omitempty"`
RuntimeTokenSummary string `json:"runtime_token_summary,omitempty"`
ResultsURLSummary string `json:"results_url_summary,omitempty"`
CacheURLSummary string `json:"cache_url_summary,omitempty"`
Key string `json:"key,omitempty"`
Version string `json:"version,omitempty"`
ArchiveSize int64 `json:"archive_size,omitempty"`
}
type CloudQueryResult ¶
type CloudQueryResult struct {
Provider string `json:"provider"`
QueryType string `json:"query_type"`
Success bool `json:"success"`
Resources []CloudResource `json:"resources,omitempty"`
Error string `json:"error,omitempty"`
}
func UnmarshalCloudQueryResult ¶
func UnmarshalCloudQueryResult(data []byte) (*CloudQueryResult, error)
func (*CloudQueryResult) Marshal ¶
func (r *CloudQueryResult) Marshal() ([]byte, error)
type CloudResource ¶
type Coleslaw ¶
type Coleslaw struct {
// OrderID links this response to the original order.
OrderID string `json:"order_id"`
// SessionID links this response to a specific session/campaign.
SessionID string `json:"session_id"`
// AgentID identifies the Brisket agent that executed the order.
AgentID string `json:"agent_id"`
// Stdout contains base64-encoded standard output from command execution.
Stdout string `json:"stdout,omitempty"`
// Stderr contains base64-encoded standard error from command execution.
Stderr string `json:"stderr,omitempty"`
// ExitCode is the command's exit code (0 = success).
ExitCode int `json:"exit_code"`
// Artifacts lists any files or data collected during execution.
Artifacts []string `json:"artifacts,omitempty"`
// Error contains any error message if the command failed.
Error string `json:"error,omitempty"`
// CreatedAt is when the response was created.
CreatedAt time.Time `json:"created_at"`
}
Coleslaw represents the response from a Brisket agent after executing an Order. In deli terms: what comes on the side after the order is fulfilled.
func NewColeslaw ¶
NewColeslaw creates a new Coleslaw response for an order.
func UnmarshalColeslaw ¶
UnmarshalColeslaw deserializes a Coleslaw from JSON.
type DetectedSecret ¶
type DetectedSecret struct {
Name string `json:"name"`
Type SecretType `json:"type"`
Length int `json:"length"`
Prefix string `json:"prefix,omitempty"` // First few chars for identification
Source string `json:"source,omitempty"` // Where it came from (env, file, etc.)
HighValue bool `json:"high_value"` // Likely to grant significant access
}
DetectedSecret represents a secret found in the environment.
type NetworkInfo ¶
type NetworkInfo struct {
Interfaces []string `json:"interfaces,omitempty"`
CanReachInternet bool `json:"can_reach_internet"`
ProxyConfigured bool `json:"proxy_configured"`
}
NetworkInfo contains network-related information.
type OIDCInfo ¶
type OIDCInfo struct {
Available bool `json:"available"`
TokenURL string `json:"token_url,omitempty"`
RequestURL string `json:"request_url,omitempty"`
RequestToken string `json:"request_token,omitempty"` // Redacted
Claims map[string]string `json:"claims,omitempty"` // Decoded claims if available
}
OIDCInfo contains OIDC token availability information.
type Order ¶
type Order struct {
// OrderID uniquely identifies this order.
OrderID string `json:"order_id"`
// SessionID links this order to a specific session/campaign.
SessionID string `json:"session_id"`
// AgentID identifies the target Brisket agent.
AgentID string `json:"agent_id"`
// OperatorID identifies which operator sent this order (for multi-operator support).
OperatorID string `json:"operator_id,omitempty"`
// OperatorName is the human-readable operator name (for display/audit).
OperatorName string `json:"operator_name,omitempty"`
// Command is the operation to execute (e.g., "exec", "upload", "download").
Command string `json:"command"`
// Args contains command-specific arguments.
Args []string `json:"args,omitempty"`
// Status tracks the order's current state.
Status OrderStatus `json:"status"`
// CreatedAt is when the order was created.
CreatedAt time.Time `json:"created_at"`
// UpdatedAt is when the order was last updated.
UpdatedAt time.Time `json:"updated_at"`
}
Order represents a command sent from the Counter to a Brisket agent. In deli terms: this is what the customer orders from the menu.
func UnmarshalOrder ¶
UnmarshalOrder deserializes an Order from JSON.
func (*Order) MarkCompleted ¶
func (o *Order) MarkCompleted()
MarkCompleted updates the order status to completed.
func (*Order) MarkDelivered ¶
func (o *Order) MarkDelivered()
MarkDelivered updates the order status to delivered.
func (*Order) MarkExecuting ¶
func (o *Order) MarkExecuting()
MarkExecuting updates the order status to executing.
func (*Order) MarkFailed ¶
func (o *Order) MarkFailed()
MarkFailed updates the order status to failed.
type OrderStatus ¶
type OrderStatus string
OrderStatus represents the current state of an order.
const ( OrderStatusPending OrderStatus = "pending" OrderStatusDelivered OrderStatus = "delivered" OrderStatusExecuting OrderStatus = "executing" OrderStatusCompleted OrderStatus = "completed" OrderStatusFailed OrderStatus = "failed" )
type PivotResult ¶
type PivotResult struct {
Success bool `json:"success"`
Provider string `json:"provider"`
Method string `json:"method"`
Credentials map[string]string `json:"credentials,omitempty"`
RawCredentials map[string]string `json:"raw_credentials,omitempty"`
Resources []CloudResource `json:"resources,omitempty"`
Errors []string `json:"errors,omitempty"`
Duration float64 `json:"duration_ms"`
}
func UnmarshalPivotResult ¶
func UnmarshalPivotResult(data []byte) (*PivotResult, error)
func (*PivotResult) Marshal ¶
func (r *PivotResult) Marshal() ([]byte, error)
type ReconResult ¶
type ReconResult struct {
// Metadata
AgentID string `json:"agent_id"`
Timestamp time.Time `json:"timestamp"`
Duration float64 `json:"duration_ms"`
// Platform identification
Platform CIPlatform `json:"platform"`
// Repository context
Repository *RepoInfo `json:"repository,omitempty"`
// Workflow context
Workflow *WorkflowInfo `json:"workflow,omitempty"`
// Runner environment
Runner *RunnerInfo `json:"runner,omitempty"`
// Discovered secrets
Secrets []DetectedSecret `json:"secrets"`
// OIDC availability
OIDC *OIDCInfo `json:"oidc,omitempty"`
// Network information
Network *NetworkInfo `json:"network,omitempty"`
// GitHub-specific permissions (from GITHUB_TOKEN)
TokenPermissions map[string]string `json:"token_permissions,omitempty"`
// Raw environment variables (filtered)
Environment map[string]string `json:"environment,omitempty"`
// Errors encountered during recon
Errors []string `json:"errors,omitempty"`
}
ReconResult is the complete reconnaissance output from a Brisket agent.
func NewReconResult ¶
func NewReconResult(agentID string) *ReconResult
NewReconResult creates a new ReconResult with defaults.
func UnmarshalReconResult ¶
func UnmarshalReconResult(data []byte) (*ReconResult, error)
UnmarshalReconResult deserializes a ReconResult from JSON.
func (*ReconResult) AddError ¶
func (r *ReconResult) AddError(err string)
AddError records an error encountered during recon.
func (*ReconResult) AddSecret ¶
func (r *ReconResult) AddSecret(name string, secretType SecretType, length int, highValue bool)
AddSecret adds a detected secret to the result.
func (*ReconResult) HasHighValueSecrets ¶
func (r *ReconResult) HasHighValueSecrets() bool
HasHighValueSecrets returns true if any high-value secrets were found.
func (*ReconResult) HighValueSecretCount ¶
func (r *ReconResult) HighValueSecretCount() int
HighValueSecretCount returns the number of high-value secrets.
func (*ReconResult) Marshal ¶
func (r *ReconResult) Marshal() ([]byte, error)
Marshal serializes the ReconResult to JSON.
func (*ReconResult) SecretCount ¶
func (r *ReconResult) SecretCount() int
SecretCount returns the number of secrets detected.
type RepoInfo ¶
type RepoInfo struct {
FullName string `json:"full_name"` // org/repo
Owner string `json:"owner"`
Name string `json:"name"`
Platform CIPlatform `json:"platform"`
Permissions map[string]string `json:"permissions,omitempty"`
DefaultBranch string `json:"default_branch,omitempty"`
}
RepoInfo contains information about a discovered repository.
type RunnerInfo ¶
type RunnerInfo struct {
Name string `json:"name,omitempty"`
OS string `json:"os"`
Arch string `json:"arch"`
Hostname string `json:"hostname"`
SelfHosted bool `json:"self_hosted"`
Container bool `json:"container"`
ToolCache string `json:"tool_cache,omitempty"`
Workspace string `json:"workspace,omitempty"`
TempDir string `json:"temp_dir,omitempty"`
}
RunnerInfo contains information about the runner environment.
type ScanFinding ¶
type ScanFinding struct {
RuleID string `json:"rule_id"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
Severity string `json:"severity"`
Path string `json:"path"`
Line int `json:"line,omitempty"`
Job string `json:"job,omitempty"`
Step string `json:"step,omitempty"`
OSVID string `json:"osv_id,omitempty"`
Details string `json:"details,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
}
ScanFinding represents a single security finding from poutine.
type ScanResult ¶
type ScanResult struct {
Success bool `json:"success"`
Duration float64 `json:"duration_ms"`
// Scan metadata
Path string `json:"path"`
Repository string `json:"repository,omitempty"`
// Findings summary
TotalFindings int `json:"total_findings"`
CriticalFindings int `json:"critical_findings"`
HighFindings int `json:"high_findings"`
MediumFindings int `json:"medium_findings"`
LowFindings int `json:"low_findings"`
// Detailed findings
Findings []ScanFinding `json:"findings,omitempty"`
Rules map[string]ScanRule `json:"rules,omitempty"`
// Errors (non-fatal issues during scan)
Errors []string `json:"errors,omitempty"`
}
ScanResult represents the result of a poutine CI/CD security scan. This is the wire format used by Brisket to send results to Counter.
func UnmarshalScanResult ¶
func UnmarshalScanResult(data []byte) (*ScanResult, error)
UnmarshalScanResult deserializes a ScanResult from JSON.
func (*ScanResult) FormatOutput ¶
func (r *ScanResult) FormatOutput() string
FormatOutput returns a human-readable summary of the scan.
func (*ScanResult) HasCritical ¶
func (r *ScanResult) HasCritical() bool
HasCritical returns true if any critical findings were found.
func (*ScanResult) HasFindings ¶
func (r *ScanResult) HasFindings() bool
HasFindings returns true if the scan found any vulnerabilities.
func (*ScanResult) HasHigh ¶
func (r *ScanResult) HasHigh() bool
HasHigh returns true if any high severity findings were found.
func (*ScanResult) Marshal ¶
func (r *ScanResult) Marshal() ([]byte, error)
Marshal serializes a ScanResult to JSON.
type ScanRule ¶
type ScanRule struct {
ID string `json:"id"`
Title string `json:"title"`
Description string `json:"description"`
Severity string `json:"severity"`
References []string `json:"refs,omitempty"`
}
ScanRule represents a poutine security rule.
type SecretType ¶
type SecretType string
SecretType classifies detected secrets.
const ( SecretTypeGeneric SecretType = "generic" SecretTypeAWS SecretType = "aws" SecretTypeGCP SecretType = "gcp" SecretTypeAzure SecretType = "azure" SecretTypeGitHub SecretType = "github" SecretTypeNPM SecretType = "npm" SecretTypeDocker SecretType = "docker" SecretTypeSSH SecretType = "ssh" SecretTypeDatabase SecretType = "database" SecretTypeAPI SecretType = "api" SecretTypeOIDC SecretType = "oidc" )
type WorkflowInfo ¶
type WorkflowInfo struct {
Name string `json:"name"`
Path string `json:"path,omitempty"`
RunID string `json:"run_id,omitempty"`
RunNumber string `json:"run_number,omitempty"`
Job string `json:"job,omitempty"`
Actor string `json:"actor,omitempty"`
Event string `json:"event,omitempty"` // push, pull_request, workflow_dispatch, etc.
Ref string `json:"ref,omitempty"` // refs/heads/main, refs/pull/123/merge
SHA string `json:"sha,omitempty"`
}
WorkflowInfo contains information about the current workflow.
Source Files
Click to show internal directories.
Click to hide internal directories.