kb

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package kb loads and queries the embedded TOML knowledge base.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HasGlobPattern 

func HasGlobPattern(pattern string) bool

HasGlobPattern checks if a pattern contains glob characters.

Types

type CIConfig 

type CIConfig struct {
	Format     string            `toml:"format"`
	Files      []CIFilePattern   `toml:"files"`
	MatrixKeys map[string]string `toml:"matrix_keys"` // maps our key name to the CI matrix key
}

CIConfig holds CI parsing rules.

type CIConfigDef 

type CIConfigDef struct {
	CI CIConfig `toml:"ci"`
}

CIConfigDef defines CI configuration for matrix parsing.

type CIFilePattern 

type CIFilePattern struct {
	Pattern string `toml:"pattern"`
}

CIFilePattern defines a file pattern for CI configs.

type CommandInfo 

type CommandInfo struct {
	Run          string   `toml:"run"`
	Alternatives []string `toml:"alternatives"`
}

CommandInfo holds the commands associated with a tool.

type ConfigInfo 

type ConfigInfo struct {
	Files    []string `toml:"files"`
	Lockfile string   `toml:"lockfile"`
}

ConfigInfo holds paths to a tool's configuration files.

type DetectInfo 

type DetectInfo struct {
	Files           []string            `toml:"files"`
	Dependencies    []string            `toml:"dependencies"`
	DevDependencies []string            `toml:"dev_dependencies"`
	FileContains    map[string][]string `toml:"file_contains"`
	KeyExists       map[string][]string `toml:"key_exists"`
	Ecosystems      []string            `toml:"ecosystems"`
}

DetectInfo holds the detection primitives for a tool.

type KnowledgeBase 

type KnowledgeBase struct {
	Tools          []*ToolDef
	ByName         map[string]*ToolDef
	ByCategory     map[string][]*ToolDef
	Ecosystems     map[string][]*ToolDef
	ScriptSources  []ScriptSourceDef
	Resources      []ResourceDef
	Layouts        *LayoutDef
	StyleConfig    *StyleConfigDef
	Runtimes       []RuntimeVersionDef
	ManifestFiles  []string
	CIConfig       *CIConfigDef
	Threats        map[string]ThreatDef // threat ID -> definition
	ThreatMappings []ThreatMapping
}

KnowledgeBase holds all loaded definitions.

func Load 

func Load(fsys embed.FS) (*KnowledgeBase, error)

Load reads all TOML files from the embedded filesystem and returns a KnowledgeBase.

func (*KnowledgeBase) AllEcosystems 

func (base *KnowledgeBase) AllEcosystems() []string

AllEcosystems returns all known ecosystem names.

func (*KnowledgeBase) Categories 

func (base *KnowledgeBase) Categories() []string

Categories returns all known tool categories.

func (*KnowledgeBase) ToolsForCategory 

func (base *KnowledgeBase) ToolsForCategory(category string) []*ToolDef

ToolsForCategory returns all tools matching a category.

func (*KnowledgeBase) ToolsForEcosystem 

func (base *KnowledgeBase) ToolsForEcosystem(ecosystem string) []*ToolDef

ToolsForEcosystem returns all tools for a given ecosystem.

func (*KnowledgeBase) Validate added in v0.5.0 

func (base *KnowledgeBase) Validate() error

Validate checks cross-references in the loaded knowledge base. Called after Load to verify threat IDs in mappings and sinks resolve.

type LayoutDef 

type LayoutDef struct {
	Layout LayoutRules `toml:"layout"`
}

LayoutDef defines directory layout patterns to detect.

type LayoutRules 

type LayoutRules struct {
	SourceDirs []string `toml:"source_dirs"` // directories that indicate source
	TestDirs   []string `toml:"test_dirs"`   // directories that indicate tests
}

LayoutRules holds the layout detection rules.

type ManifestFileDef 

type ManifestFileDef struct {
	Manifests ManifestInfo `toml:"manifests"`
}

ManifestFileDef defines manifest files the dependency checker should look at.

type ManifestInfo 

type ManifestInfo struct {
	Files []string `toml:"files"`
}

ManifestInfo lists manifest files for dependency detection.

type ResourceDef 

type ResourceDef struct {
	Resource ResourceInfo `toml:"resource"`
}

ResourceDef defines a project resource to look for.

type ResourceInfo 

type ResourceInfo struct {
	Name     string   `toml:"name"`
	Field    string   `toml:"field"`    // JSON field name in output
	Group    string   `toml:"group"`    // optional group: legal, community, security, metadata
	Patterns []string `toml:"patterns"` // file patterns to match
	Dirs     []string `toml:"dirs"`     // additional subdirectories to search (root is always searched first)
}

ResourceInfo holds the detection rules for a resource file.

type RuntimeInfo 

type RuntimeInfo struct {
	Name  string   `toml:"name"`  // e.g. "Ruby", "Node"
	Files []string `toml:"files"` // e.g. [".ruby-version", ".tool-versions"]
}

RuntimeInfo holds detection rules for runtime version files.

type RuntimeVersionDef 

type RuntimeVersionDef struct {
	Runtime RuntimeInfo `toml:"runtime"`
}

RuntimeVersionDef defines runtime version files to detect.

type ScriptSourceDef 

type ScriptSourceDef struct {
	Source SourceInfo `toml:"source"`
}

ScriptSourceDef defines how to extract scripts from a project file.

type SecurityInfo added in v0.5.0 

type SecurityInfo struct {
	Threats []string `toml:"threats"` // explicit threat IDs beyond what taxonomy implies
	Sinks   []Sink   `toml:"sinks"`
}

SecurityInfo holds security-relevant data for a tool.

type Sink added in v0.5.0 

type Sink struct {
	Symbol string `toml:"symbol"` // method/function name, e.g. "html_safe"
	Threat string `toml:"threat"` // threat ID from _threats.toml registry
	CWE    string `toml:"cwe"`    // optional, defaults from threat registry
	Note   string `toml:"note"`
}

Sink is a known dangerous function or method in a tool.

type SourceInfo 

type SourceInfo struct {
	Name    string `toml:"name"`
	File    string `toml:"file"`
	Format  string `toml:"format"`  // "makefile", "json_scripts", "targets"
	Command string `toml:"command"` // prefix for run commands (e.g. "make", "just")
}

SourceInfo holds metadata about a script source.

type StyleConfigDef 

type StyleConfigDef struct {
	Style StyleRules `toml:"style"`
}

StyleConfigDef defines style configuration files to check.

type StyleConfigFile 

type StyleConfigFile struct {
	File       string `toml:"file"`
	Provides   string `toml:"provides"` // what it configures: "indentation", "all", etc.
	SourceName string `toml:"source_name"`
}

StyleConfigFile maps a config file to the style info it provides.

type StyleRules 

type StyleRules struct {
	ConfigFiles []StyleConfigFile `toml:"config_files"`
	SampleExts  []string          `toml:"sample_extensions"` // extensions to sample for inference
	SampleLimit int               `toml:"sample_limit"`
}

StyleRules holds style detection rules.

type Taxonomy added in v0.5.0 

type Taxonomy struct {
	Role       []string `toml:"role"`
	Function   []string `toml:"function"`
	Layer      []string `toml:"layer"`
	Domain     []string `toml:"domain"`
	Audience   []string `toml:"audience"`
	Technology []string `toml:"technology"`
}

Taxonomy holds oss-taxonomy facet classifications for a tool. Term values are kebab-case IDs from github.com/ecosyste-ms/oss-taxonomy.

func (Taxonomy) Empty added in v0.5.0 

func (t Taxonomy) Empty() bool

Empty reports whether all facets are unset.

func (Taxonomy) Tags added in v0.5.0 

func (t Taxonomy) Tags() []string

Tags returns all facet values as facet:term strings, e.g. "role:framework". Used for matching against threat mappings.

type ThreatDef added in v0.5.0 

type ThreatDef struct {
	ID    string `toml:"id"`
	CWE   string `toml:"cwe"`
	OWASP string `toml:"owasp"`
	Title string `toml:"title"`
}

ThreatDef is a threat ID registered in _threats.toml.

type ThreatMapping added in v0.5.0 

type ThreatMapping struct {
	Match   []string `toml:"match"`   // facet:term tags, all must be present
	Threats []string `toml:"threats"` // threat IDs that apply when matched
	Note    string   `toml:"note"`
}

ThreatMapping maps a set of taxonomy tags to threat IDs. Match is conjunctive: a tool must carry all listed tags to trigger.

type ToolDef 

type ToolDef struct {
	Tool     ToolInfo     `toml:"tool"`
	Detect   DetectInfo   `toml:"detect"`
	Commands CommandInfo  `toml:"commands"`
	Config   ConfigInfo   `toml:"config"`
	Taxonomy Taxonomy     `toml:"taxonomy"`
	Security SecurityInfo `toml:"security"`
	Source   string       `toml:"-"` // filesystem path this was loaded from
}

ToolDef is the parsed representation of a tool TOML file.

type ToolInfo 

type ToolInfo struct {
	Name        string `toml:"name"`
	Category    string `toml:"category"`
	Homepage    string `toml:"homepage"`
	Docs        string `toml:"docs"`
	Repo        string `toml:"repo"`
	Description string `toml:"description"`
	Default     bool   `toml:"default"` // preferred suggestion for this category in the ecosystem
}

ToolInfo holds metadata about a tool.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.