Documentation
¶
Overview ¶
Package rye provides "Light Rye Bread" - injection payload generation for CI/CD pipelines. Different injection contexts have different character constraints and escape requirements.
Index ¶
- Variables
- type BuildingBlock
- type Generator
- type InjectionContext
- type InsightItem
- type Language
- type LightRye
- type MenuItem
- type Mode
- type Payload
- type Quote
- type Stager
- func BranchNameStager(kitchenURL string) *Stager
- func GitHubScriptStager(kitchenURL string) *Stager
- func NewStager(kitchenURL string, ctx InjectionContext) *Stager
- func NewStagerWithID(id, kitchenURL string, ctx InjectionContext) *Stager
- func PRBodyStager(kitchenURL string) *Stager
- func PRTitleStager(kitchenURL string) *Stager
- type StagerPayload
Constants ¶
This section is empty.
Variables ¶
var ( // BranchName - Git branch names have strict constraints. // Forbidden: space, ~, ^, :, ?, *, [, \, .., @{, // // Max practical length: ~250 chars BranchName = InjectionContext{ Name: "git_branch", MaxLength: 250, ForbiddenChars: []rune{' ', '~', '^', ':', '?', '*', '[', '\\', '@'}, QuoteStyle: QuoteNone, Multiline: false, Language: LangBash, } // PRTitle - Pull request titles, used in ${{ github.event.pull_request.title }} // More flexible than branch names but still single line. PRTitle = InjectionContext{ Name: "pr_title", MaxLength: 256, QuoteStyle: QuoteNone, Multiline: false, Language: LangBash, } // PRBody - Pull request body, used in ${{ github.event.pull_request.body }} // Most flexible - multiline, long content allowed. PRBody = InjectionContext{ Name: "pr_body", MaxLength: 65536, QuoteStyle: QuoteNone, Multiline: true, Language: LangBash, } // CommitMessage - Git commit messages. CommitMessage = InjectionContext{ Name: "commit_message", MaxLength: 72, QuoteStyle: QuoteNone, Multiline: true, Language: LangBash, } // IssueTitle - GitHub issue titles. IssueTitle = InjectionContext{ Name: "issue_title", MaxLength: 256, QuoteStyle: QuoteNone, Multiline: false, Language: LangBash, } // IssueBody - GitHub issue body. IssueBody = InjectionContext{ Name: "issue_body", MaxLength: 65536, QuoteStyle: QuoteNone, Multiline: true, Language: LangBash, } BashUnquoted = InjectionContext{ Name: "bash_unquoted", MaxLength: 0, QuoteStyle: QuoteNone, Multiline: true, Language: LangBash, } BashSingleQuoted = InjectionContext{ Name: "bash_single_quoted", MaxLength: 0, QuoteStyle: QuoteSingle, Multiline: true, Language: LangBash, } BashDoubleQuoted = InjectionContext{ Name: "bash_double_quoted", MaxLength: 0, QuoteStyle: QuoteDouble, Multiline: true, Language: LangBash, } BashHeredocUnquoted = InjectionContext{ Name: "bash_heredoc_unquoted", MaxLength: 0, QuoteStyle: QuoteNone, Multiline: true, Language: LangBash, } // GitHubScript - actions/github-script JavaScript context. // Injected into template literals or script blocks. GitHubScript = InjectionContext{ Name: "github_script", MaxLength: 0, QuoteStyle: QuoteBacktick, Multiline: true, Language: LangJavaScript, } // BashRun - Direct bash run: block in workflow. BashRun = InjectionContext{ Name: "bash_run", MaxLength: 0, QuoteStyle: QuoteDouble, Multiline: true, Language: LangBash, } )
Common injection contexts for GitHub Actions.
Functions ¶
This section is empty.
Types ¶
type BuildingBlock ¶
type BuildingBlock struct {
Name string // e.g., "IFS_SPACE", "BASE64_URL", "CURL_BASH"
Template string // The template with placeholders
Example string // Filled-in example
Description string // What this does
}
BuildingBlock represents a component for manual mode.
type Generator ¶
type Generator struct {
Context InjectionContext
}
Generator creates payloads for a specific context.
func NewGenerator ¶
func NewGenerator(ctx InjectionContext) *Generator
NewGenerator creates a generator for the given context.
type InjectionContext ¶
type InjectionContext struct {
Name string // Human-readable name
MaxLength int // Maximum payload length (0 = unlimited)
ForbiddenChars []rune // Characters that will break the injection
EscapeChar rune // Character used for escaping (0 = none)
QuoteStyle Quote // How strings are quoted in this context
Multiline bool // Whether newlines are allowed
Language Language // The execution language
}
InjectionContext defines constraints for an injection vector.
func GetContextByName ¶
func GetContextByName(name string) (InjectionContext, bool)
GetContextByName resolves an injection context name or alias.
type InsightItem ¶
type InsightItem struct {
Context string // Injection context
IsPossible bool // Whether injection is viable
Constraints []string // Character/length constraints
Template string // Editable template payload
Placeholders []string // What needs to be filled in
Suggestions []string // Recommended modifications
}
InsightItem represents analysis for semi-auto mode.
type LightRye ¶
LightRye is the main interface for injection payload generation. It supports three modes of operation: - Manual: Building blocks for experts - SemiAuto: Insight + editable templates - FullAuto: Menu -> preview -> execute
func NewLightRye ¶
NewLightRye creates a new LightRye instance.
func (*LightRye) BuildingBlocks ¶
func (lr *LightRye) BuildingBlocks() []BuildingBlock
BuildingBlocks returns components for manual assembly.
func (*LightRye) Insight ¶
func (lr *LightRye) Insight(contextName string) (*InsightItem, error)
Insight analyzes a context and returns editable templates for semi-auto mode.
func (*LightRye) Menu ¶
Menu returns available injection options for full-auto mode. Each item is a ready-to-use payload that can be previewed and executed.
func (*LightRye) QuickStager ¶
func (lr *LightRye) QuickStager(contextName string) (*StagerPayload, error)
QuickStager generates a ready-to-use stager for a context (full-auto convenience).
type MenuItem ¶
type MenuItem struct {
ID string // Unique identifier
Name string // Display name
Context string // Injection context (pr_title, git_branch, etc.)
Description string // What this does
Payload StagerPayload // The ready-to-use payload
Preview string // Short preview of the payload
Constraints []string // Character/length constraints
}
MenuItem represents an option in the full-auto menu.
type Mode ¶
type Mode int
Mode represents the injection automation level.
const ( // ModeManual provides building blocks - user constructs the final payload. // Shows available techniques, constraints, and encoding helpers. ModeManual Mode = iota // ModeSemiAuto provides insight + editable templates. // Detects what's possible, generates template, allows modification. ModeSemiAuto // ModeFullAuto provides menu -> preview -> execute. // Ready-to-use payloads with Kitchen integration. ModeFullAuto )
type Payload ¶
type Payload struct {
Raw string // The raw payload to inject
Encoded string // URL/base64 encoded if needed
Context string // Which context this is for
Technique string // Injection technique used
Notes string // Usage notes
}
Payload represents a generated injection payload.
type Stager ¶
type Stager struct {
ID string // Random ID registered with Kitchen
KitchenURL string // Base Kitchen URL (e.g., "http://kitchen.example.com")
Context InjectionContext // Target injection context
ResponseType string // What Kitchen returns: "bash", "js", "python"
}
Stager represents a callback stager that phones home to Kitchen. The stager is a minimal payload that fits within injection constraints and retrieves the actual payload from Kitchen.
func BranchNameStager ¶
BranchNameStager is a convenience function for git branch injection.
func GitHubScriptStager ¶
GitHubScriptStager is a convenience function for github-script injection.
func NewStager ¶
func NewStager(kitchenURL string, ctx InjectionContext) *Stager
NewStager creates a new stager with a random ID.
func NewStagerWithID ¶
func NewStagerWithID(id, kitchenURL string, ctx InjectionContext) *Stager
NewStagerWithID creates a new stager with a specific ID (for testing).
func PRBodyStager ¶
PRBodyStager is a convenience function for PR body injection.
func PRTitleStager ¶
PRTitleStager is a convenience function for PR title injection.
func (*Stager) CallbackURL ¶
CallbackURL returns the full callback URL.
func (*Stager) Generate ¶
func (s *Stager) Generate() StagerPayload
Generate creates a stager payload appropriate for the context.
func (*Stager) GeneratePolyglot ¶
func (s *Stager) GeneratePolyglot() StagerPayload
GeneratePolyglot creates a JS polyglot that works in both single and double quote contexts. This is the primary payload for actions/github-script injection.
func (*Stager) GenerateSingleQuoteBreak ¶
func (s *Stager) GenerateSingleQuoteBreak() StagerPayload
GenerateSingleQuoteBreak creates a JS payload specifically for single-quote contexts.
type StagerPayload ¶
type StagerPayload struct {
Raw string // The actual payload string to inject
Encoded string // Base64 encoded callback URL (for constrained contexts)
Context string // Context name
Technique string // e.g., "ifs_curl_bash", "js_template_exec"
KitchenPath string // Full callback URL (/r/{id})
CallbackURL string // Full URL to Kitchen stager endpoint
Notes string // Usage notes
Mode Mode // Which mode generated this
}
StagerPayload is the generated payload for a specific context.
Source Files