core

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: GPL-3.0 Imports: 3 Imported by: 0

Documentation

Overview

Package core provides the centralized type definitions and registry for input detection. This is the SINGLE SOURCE OF TRUTH for all input-related types.

Index

Constants

This section is empty.

Variables

View Source 
var AllSourceTypes = []SourceType{
	SourceHTTPGet, SourceHTTPPost, SourceHTTPBody, SourceHTTPJSON,
	SourceHTTPHeader, SourceHTTPCookie, SourceHTTPPath, SourceHTTPFile,
	SourceHTTPRequest, SourceSession, SourceCLIArg, SourceEnvVar,
	SourceStdin, SourceFile, SourceDatabase, SourceNetwork, SourceUserInput,
}

AllSourceTypes lists all valid source types for iteration/validation.

View Source 
var LabelToSourceType = map[InputLabel]SourceType{
	LabelHTTPGet:     SourceHTTPGet,
	LabelHTTPPost:    SourceHTTPPost,
	LabelHTTPCookie:  SourceHTTPCookie,
	LabelHTTPHeader:  SourceHTTPHeader,
	LabelHTTPBody:    SourceHTTPBody,
	LabelCLI:         SourceCLIArg,
	LabelEnvironment: SourceEnvVar,
	LabelFile:        SourceFile,
	LabelDatabase:    SourceDatabase,
	LabelNetwork:     SourceNetwork,
	LabelUserInput:   SourceUserInput,
}

LabelToSourceType maps InputLabel to SourceType

View Source 
var SourceTypeToLabel = map[SourceType]InputLabel{
	SourceHTTPGet:    LabelHTTPGet,
	SourceHTTPPost:   LabelHTTPPost,
	SourceHTTPCookie: LabelHTTPCookie,
	SourceHTTPHeader: LabelHTTPHeader,
	SourceHTTPBody:   LabelHTTPBody,
	SourceCLIArg:     LabelCLI,
	SourceEnvVar:     LabelEnvironment,
	SourceFile:       LabelFile,
	SourceDatabase:   LabelDatabase,
	SourceNetwork:    LabelNetwork,
	SourceUserInput:  LabelUserInput,
}

SourceTypeToLabel maps SourceType to InputLabel

Functions

func ExtractKey 

func ExtractKey(expr string) string

ExtractKey extracts the key from array/property access expressions

func IsExcludedMethod 

func IsExcludedMethod(methodName string) bool

IsExcludedMethod checks if a method should be excluded from input detection

func IsInputMethod 

func IsInputMethod(methodName string) bool

IsInputMethod checks if a method name indicates input retrieval

func IsInputObject 

func IsInputObject(objName string) bool

IsInputObject checks if an object name carries input

func IsInputProperty 

func IsInputProperty(propName string) bool

IsInputProperty checks if a property name holds input data

func IsValidSourceType 

func IsValidSourceType(s string) bool

IsValidSourceType checks if a string is a valid SourceType.

Types

type InputLabel 

type InputLabel string

InputLabel provides additional categorization for input sources 

const (
	LabelHTTPGet     InputLabel = "http_get"
	LabelHTTPPost    InputLabel = "http_post"
	LabelHTTPCookie  InputLabel = "http_cookie"
	LabelHTTPHeader  InputLabel = "http_header"
	LabelHTTPBody    InputLabel = "http_body"
	LabelCLI         InputLabel = "cli"
	LabelEnvironment InputLabel = "environment"
	LabelFile        InputLabel = "file"
	LabelDatabase    InputLabel = "database"
	LabelNetwork     InputLabel = "network"
	LabelUserInput   InputLabel = "user_input"
)

type InputPattern 

type InputPattern struct {
	Name        string       // Unique identifier
	Description string       // Human-readable description
	Category    SourceType   // Primary category
	Labels      []InputLabel // Additional labels
	Language    string       // Target language (empty = all)
	Framework   string       // Target framework (empty = all)

	// Pattern matching (use one or more)
	ExactMatch    string         // Exact string match
	Regex         *regexp.Regexp // Compiled regex
	MethodName    string         // Method name to match
	PropertyName  string         // Property name to match
	ObjectPattern string         // Object name pattern

	// Context requirements
	RequireObject bool   // Must be called on an object
	ObjectType    string // Required object type (if known)
	ParamIndex    int    // Which parameter receives input (-1 = return value)
}

InputPattern defines a pattern for detecting input sources

type MatchResult 

type MatchResult struct {
	Pattern  *InputPattern
	Category SourceType
	Labels   []InputLabel
	Key      string // Extracted key if applicable
}

MatchResult contains the result of a pattern match

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry holds all registered input patterns

func GetRegistry 

func GetRegistry() *Registry

GetRegistry returns the global registry singleton

func (*Registry) IsNonInput 

func (r *Registry) IsNonInput(expr string) bool

IsNonInput checks if a pattern is explicitly marked as non-input

func (*Registry) Match 

func (r *Registry) Match(expr string, language string, framework string) *MatchResult

Match attempts to match an expression against registered patterns

func (*Registry) MatchMethod 

func (r *Registry) MatchMethod(objName string, methodName string, language string, framework string) *MatchResult

MatchMethod checks if a method call is an input source

func (*Registry) MatchProperty 

func (r *Registry) MatchProperty(objName string, propName string, language string, framework string) *MatchResult

MatchProperty checks if a property access is an input source

func (*Registry) Register 

func (r *Registry) Register(pattern *InputPattern)

Register adds a pattern to the registry

func (*Registry) RegisterNonInput 

func (r *Registry) RegisterNonInput(pattern string)

RegisterNonInput marks a pattern as explicitly NOT user input

type SourceType 

type SourceType string

SourceType categorizes the origin of input data 

const (
	SourceHTTPGet     SourceType = "http_get"
	SourceHTTPPost    SourceType = "http_post"
	SourceHTTPBody    SourceType = "http_body"
	SourceHTTPJSON    SourceType = "http_json"
	SourceHTTPHeader  SourceType = "http_header"
	SourceHTTPCookie  SourceType = "http_cookie"
	SourceHTTPPath    SourceType = "http_path"
	SourceHTTPFile    SourceType = "http_file"
	SourceHTTPRequest SourceType = "http_request"
	SourceSession     SourceType = "session"
	SourceCLIArg      SourceType = "cli_arg"
	SourceEnvVar      SourceType = "env_var"
	SourceStdin       SourceType = "stdin"
	SourceFile        SourceType = "file"
	SourceDatabase    SourceType = "database"
	SourceNetwork     SourceType = "network"
	SourceUserInput   SourceType = "user_input"
	SourceUnknown     SourceType = "unknown"
)

func (SourceType) IsServerSideData 

func (s SourceType) IsServerSideData() bool

IsServerSideData returns true if this source type is server-controlled

func (SourceType) IsUserInput 

func (s SourceType) IsUserInput() bool

IsUserInput returns true if this source type represents direct user input

type UniversalPatterns 

type UniversalPatterns struct {
	// Input method detection
	InputMethod   *regexp.Regexp
	InputProperty *regexp.Regexp
	InputObject   *regexp.Regexp
	ExcludeMethod *regexp.Regexp

	// Key/property access
	ArrayKeyAccess *regexp.Regexp
	PropertyAccess *regexp.Regexp
	MethodCall     *regexp.Regexp

	// Assignment patterns
	SimpleAssign   *regexp.Regexp
	PropertyAssign *regexp.Regexp
}

UniversalPatterns holds pre-compiled regex patterns used across all languages

func GetUniversalPatterns 

func GetUniversalPatterns() *UniversalPatterns

GetUniversalPatterns returns the singleton universal patterns instance

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.