accesschk

package
v1.100.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package accesschk parses the text output of the Sysinternals AccessChk tool (https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk) into a structured representation. AccessChk has no machine-readable output mode, so the parser is intentionally tolerant: anything it cannot recognize is preserved verbatim and the full original text is always retained in Raw, so a policy can fall back to string matching regardless of the output mode used.

Index

Constants

View Source 
const ToolName = "AccessChk"

ToolName is the canonical tool name recorded for AccessChk materials.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACE 

type ACE struct {
	Index     int      `json:"index"`
	AceType   string   `json:"ace_type,omitempty"`
	Principal string   `json:"principal"`
	AceFlags  []string `json:"ace_flags"`
	Rights    []string `json:"rights"`
}

ACE is a single access control entry from a security descriptor reported by the -l output mode (DACL or SACL).

type AccessEntry 

type AccessEntry struct {
	Access    string   `json:"access"`
	Principal string   `json:"principal"`
	Rights    []string `json:"rights"`
}

AccessEntry is a single principal and the access it was granted on an object, as reported by the compact default (R/W) output mode.

type Object 

type Object struct {
	Name            string        `json:"name"`
	DescriptorFlags []string      `json:"descriptor_flags,omitempty"`
	Owner           string        `json:"owner,omitempty"`
	DACL            []ACE         `json:"dacl,omitempty"`
	SACL            []ACE         `json:"sacl,omitempty"`
	AccessEntries   []AccessEntry `json:"access_entries"`
	RawLines        []string      `json:"raw_lines"`
}

Object is a single securable object reported by AccessChk.

AccessEntries is populated by the compact default mode; DescriptorFlags, Owner, DACL and SACL are populated by the -l (full security descriptor) mode. RawLines always holds every indented line verbatim regardless of mode.

type Report 

type Report struct {
	Tool    Tool     `json:"tool"`
	Objects []Object `json:"objects"`
	Raw     string   `json:"raw"`
}

Report is the structured projection of an AccessChk run.

func Parse 

func Parse(data []byte) (*Report, error)

Parse converts AccessChk text output into a Report. It only returns an error when the input is not valid UTF-8 text; well-formed text always parses, with any unrecognized content preserved in the per-object RawLines and the top-level Raw field.

func (*Report) LooksLikeAccessChk 

func (r *Report) LooksLikeAccessChk() bool

LooksLikeAccessChk reports whether the parsed report resembles genuine AccessChk output. It is deliberately lenient: a recognizable banner, at least one parsed access entry, or an SDDL/descriptor marker is enough.

type Tool 

type Tool struct {
	Name    string `json:"name"`
	Version string `json:"version,omitempty"`
}

Tool holds the tool identity parsed from the AccessChk banner.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.