Documentation
¶
Index ¶
Constants ¶
View Source
const ( // EnvVarSecret is a secret that was found in an // environment variable EnvVarSecret SecretSource = "environment variable" // BuildArgSecret is a secret that was found within // a supplied build argument BuildArgSecret = "build argument" // FileSecret is a secret that was found within the // contents of a file FileSecret = "file content" // FileSystem is a secret that is just an entire file, // identified by its path or name. (e.g. terraform.tfstate) FileSystem = "file path" )
View Source
const ( // RegexDetection is a detection that identifies secrets using a list // of regular expressions RegexDetection DetectionType = "regular expression" // EntropyDetection is a detection that identifies secrets by // calculating the entropy of a string, and checking if that entropy is greater // than a given threshold EntropyDetection = "entropy" // FileDetection is a detection that identified a secret by the path or // name of a file. (e.g. terraform.tfstate) FileDetection = "file" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Detection ¶
type Detection struct {
// Type is the DetectionType of this secret, or rather
// how this secret was detected
Type DetectionType `json:"type"`
// Name is the name of the secret, i.e. what does
// the secret itself belong to/represent
// i.e. AWS Access Token, GitLab API Key
Name string `json:"name"`
// Location is the line in the docker file or
// filesystem path where the secret was found
Location string `json:"location"`
// Value is the actual value of the secret
Value string `json:"value"`
// Source is the SecretSource of where the secret originated from.
Source SecretSource `json:"source"`
}
Detection represents a detected secret
type DetectionType ¶
type DetectionType = string
DetectionType is the method by which the secret was found
type Detector ¶
type Detector interface {
// EvalBuildArgs will attempt to detect any
// secrets in the given build arguments of an image.
// It will return a list of Detection representing the
// detected secrets found
EvalBuildArgs([]image.BuildArg) []Detection
// EvalEnvVars will attempt to detect any
// secrets in the given environment variables of an image.
// It will return a list of Detection representing the
// detected secrets found
EvalEnvVars([]image.EnvVar) []Detection
}
func NewRegexDetector ¶
NewRegexDetector will construct a new Detector that will search all environment variables, build arguments and contents of files on the file system for strings that matches any of the given Pattern
type Pattern ¶
type Pattern struct {
// Expression is a regular expression for matching a secret.
// must be compatible with RE2 Syntax
// TODO(add link to RE2 syntax)
Expression string
// Name is a human-readable name of the secret the expression
// searches for (i.e. AWS Secret Key, OAuth token, etc.)
Name string
}
Pattern reprsents a user defined pattern for the Regexp Detector to search for.
type Regexp ¶
type Regexp struct {
// contains filtered or unexported fields
}
Regexp is a Detector implementation for detecting secrets using regular expression.
func (Regexp) EvalBuildArgs ¶
EvalBuildArgs will evaluate the build arguments to see if any of them have a value that matches one of the configured Pattern
type SecretSource ¶
type SecretSource = string
SecretSource represents the source of where the secret was found within the image
Source Files
Click to show internal directories.
Click to hide internal directories.