engine

package

v5.0.0 Latest Latest Go to latest Published: Jan 19, 2026 License: Apache-2.0 Imports: 35 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/checkmarx/2ms

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CheckRulesRequiredFields(rulesToCheck []*ruledefine.Rule) error
func GetRulesCommand(engineConfig *EngineConfig) *cobra.Command
type DetectorConfig
type Engine
type EngineConfig
type EngineOption
- func WithPluginChannels(pluginChannels plugins.PluginChannels) EngineOption
type IEngine
- func Init(engineConfig *EngineConfig, opts ...EngineOption) (IEngine, error)
type IScorer

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoRulesSelected          = fmt.Errorf("no rules were selected")
	ErrFailedToCompileRegexRule = fmt.Errorf("failed to compile regex rule")
)

Functions ¶

func CheckRulesRequiredFields ¶

func CheckRulesRequiredFields(rulesToCheck []*ruledefine.Rule) error

CheckRulesRequiredFields checks that required fields are present in the Rule. This is meant for user defined rules, default rules have more strict checks in unit tests

func GetRulesCommand ¶

func GetRulesCommand(engineConfig *EngineConfig) *cobra.Command

Types ¶

type DetectorConfig ¶

type DetectorConfig struct {
	SelectedRules             []*ruledefine.Rule
	CustomRegexPatterns       []string
	AdditionalIgnoreRules     []string
	MaxTargetMegabytes        int
	MaxFindings               uint64 // Total findings limit across entire scan
	MaxRuleMatchesPerFragment uint64 // Regex matches limit per rule per fragment
	MaxSecretSize             uint64 // Maximum secret size in bytes (0 = no limit)
}

type Engine ¶

type Engine struct {
	Report reporting.IReport

	ScanConfig resources.ScanConfig
	// contains filtered or unexported fields
}

func (*Engine) DetectFile ¶

func (e *Engine) DetectFile(ctx context.Context, item plugins.ISourceItem, secretsChannel chan *secrets.Secret) error

DetectFile reads the given file and detects secrets in it

func (*Engine) DetectFragment ¶

func (e *Engine) DetectFragment(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, pluginName string) error

DetectFragment detects secrets in the given fragment

func (*Engine) GetCvssScoreWithoutValidationCh ¶

func (e *Engine) GetCvssScoreWithoutValidationCh() chan *secrets.Secret

func (*Engine) GetDetectorWorkerPool ¶

func (e *Engine) GetDetectorWorkerPool() workerpool.Pool

func (*Engine) GetErrorsCh ¶

func (e *Engine) GetErrorsCh() chan error

func (*Engine) GetPluginChannels ¶

func (e *Engine) GetPluginChannels() plugins.PluginChannels

func (*Engine) GetReport ¶

func (e *Engine) GetReport() reporting.IReport

func (*Engine) GetSecretsExtrasCh ¶

func (e *Engine) GetSecretsExtrasCh() chan *secrets.Secret

func (*Engine) GetValidationCh ¶

func (e *Engine) GetValidationCh() chan *secrets.Secret

func (*Engine) Scan ¶

func (e *Engine) Scan(pluginName string)

func (*Engine) SetPluginChannels ¶

func (e *Engine) SetPluginChannels(pluginChannels plugins.PluginChannels)

func (*Engine) Shutdown ¶

func (e *Engine) Shutdown() error

func (*Engine) Wait ¶

func (e *Engine) Wait()

type EngineConfig ¶

type EngineConfig struct {
	SelectedList []string
	IgnoreList   []string
	SpecialList  []string

	MaxTargetMegabytes        int
	MaxFindings               uint64 // Total findings limit across entire scan
	MaxRuleMatchesPerFragment uint64 // Regex matches limit per rule per fragment
	MaxSecretSize             uint64 // Maximum secret size in bytes (0 = no limit)

	IgnoredIds    []string
	AllowedValues []string

	DetectorWorkerPoolSize int

	CustomRegexPatterns   []string
	AdditionalIgnoreRules []string

	CustomRules []*ruledefine.Rule

	ScanConfig resources.ScanConfig
}

type EngineOption ¶

type EngineOption func(*Engine)

func WithPluginChannels ¶

func WithPluginChannels(pluginChannels plugins.PluginChannels) EngineOption

type IEngine ¶

type IEngine interface {
	DetectFragment(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, pluginName string) error
	DetectFile(ctx context.Context, item plugins.ISourceItem, secretsChannel chan *secrets.Secret) error

	GetReport() reporting.IReport

	Scan(pluginName string)
	Wait()

	GetPluginChannels() plugins.PluginChannels
	SetPluginChannels(pluginChannels plugins.PluginChannels)

	GetErrorsCh() chan error

	Shutdown() error
}

func Init ¶

func Init(engineConfig *EngineConfig, opts ...EngineOption) (IEngine, error)

type IScorer ¶

type IScorer interface {
	AssignScoreAndSeverity(secret *secrets.Secret)
	GetRulesBaseRiskScore(ruleId string) float64
	GetKeywords() map[string]struct{}
	GetRulesToBeApplied() map[string]config.Rule
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
chunk Package chunk is a generated GoMock package.	Package chunk is a generated GoMock package.
constants
detect
extra
linecontent
rules
ruledefine
scripts/convertgitleaks command
score
semaphore Package semaphore is a generated GoMock package.	Package semaphore is a generated GoMock package.
validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL