dependencyfirewall

package

v1.3.1 Latest Latest Go to latest Published: Apr 28, 2026 License: AGPL-3.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/l3montree-dev/devguard

Links

Open Source Insights

Documentation ¶

Index ¶

type DependencyProxyCache
type DependencyProxyConfigs
type DependencyProxyController
- func NewDependencyProxyController(dependencyProxyService shared.DependencyProxySecretService, ...) *DependencyProxyController
type GoDependencyProxyController
- func NewGoDependencyProxyController(controller *DependencyProxyController) *GoDependencyProxyController
- func (d *GoDependencyProxyController) ExtractGoVersionAndReleaseTime(data []byte) (string, time.Time, bool)
- func (d *GoDependencyProxyController) ProxyGo(c shared.Context) error
type NPMDependencyProxyController
- func NewNPMDependencyProxyController(controller *DependencyProxyController) *NPMDependencyProxyController
type OCIDependencyProxyController
- func NewOCIDependencyProxyController(controller *DependencyProxyController) *OCIDependencyProxyController
type PythonDependencyProxyController
- func NewPythonDependencyProxyController(controller *DependencyProxyController) *PythonDependencyProxyController

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DependencyProxyCache ¶

type DependencyProxyCache struct {
	CacheDir string
}

type DependencyProxyConfigs ¶

type DependencyProxyConfigs struct {
	Rules         []string `json:"rules"`
	MinReleaseAge int      `json:"minReleaseAge"` // in hours
}

type DependencyProxyController ¶

type DependencyProxyController struct {
	// contains filtered or unexported fields
}

func NewDependencyProxyController ¶

func NewDependencyProxyController(
	dependencyProxyService shared.DependencyProxySecretService,
	config DependencyProxyCache,
	maliciousChecker shared.MaliciousPackageChecker,
	assetRepository shared.AssetRepository,
	projectRepository shared.ProjectRepository,
	orgRepository shared.OrganizationRepository,
) *DependencyProxyController

func (*DependencyProxyController) CacheDataWithIntegrity ¶

func (d *DependencyProxyController) CacheDataWithIntegrity(cachePath string, data []byte) error

CacheDataWithIntegrity stores data and its SHA256 hash for integrity verification.

func (*DependencyProxyController) CacheReleaseTime ¶

func (d *DependencyProxyController) CacheReleaseTime(cachePath string, releaseTime time.Time) error

CacheReleaseTime stores the release time for a cached entry to enable MinReleaseAge checks on cache hits.

func (*DependencyProxyController) CheckNotAllowedPackage ¶

func (d *DependencyProxyController) CheckNotAllowedPackage(ctx context.Context, eco ecosystem, path string, configs DependencyProxyConfigs) (bool, string)

func (*DependencyProxyController) GetDependencyProxyConfigs ¶

func (d *DependencyProxyController) GetDependencyProxyConfigs(c shared.Context) (DependencyProxyConfigs, error)

GetDependencyProxyConfigs reads the proxy secret from the `:secret` route parameter and delegates to LoadConfigsBySecret.

func (*DependencyProxyController) GetDependencyProxyURLs ¶

func (d *DependencyProxyController) GetDependencyProxyURLs(ctx shared.Context) error

func (*DependencyProxyController) LoadConfigsBySecret ¶

func (d *DependencyProxyController) LoadConfigsBySecret(c shared.Context, secret string) (DependencyProxyConfigs, error)

LoadConfigsBySecret resolves DependencyProxyConfigs for a secret string. An empty secret returns empty (permissive) configs without error.

func (*DependencyProxyController) ReadCachedReleaseTime ¶

func (d *DependencyProxyController) ReadCachedReleaseTime(cachePath string) (time.Time, bool)

ReadCachedReleaseTime reads the stored release time for a cached entry.

func (*DependencyProxyController) VerifyCacheIntegrity ¶

func (d *DependencyProxyController) VerifyCacheIntegrity(cachePath string, data []byte) bool

VerifyCacheIntegrity checks if the cached data matches its stored hash.

type GoDependencyProxyController ¶

type GoDependencyProxyController struct {
	*DependencyProxyController
}

GoDependencyProxyController handles Go dependency proxy requests. It embeds DependencyProxyController to reuse shared helpers and state.

func NewGoDependencyProxyController ¶

func NewGoDependencyProxyController(controller *DependencyProxyController) *GoDependencyProxyController

func (*GoDependencyProxyController) ExtractGoVersionAndReleaseTime ¶

func (d *GoDependencyProxyController) ExtractGoVersionAndReleaseTime(data []byte) (string, time.Time, bool)

ExtractGoVersionAndReleaseTime parses a Go proxy .info response and returns the resolved version and its release time.

func (*GoDependencyProxyController) ProxyGo ¶

func (d *GoDependencyProxyController) ProxyGo(c shared.Context) error

type NPMDependencyProxyController ¶

type NPMDependencyProxyController struct {
	*DependencyProxyController
}

NPMDependencyProxyController handles npm dependency proxy requests. It embeds DependencyProxyController to reuse shared helpers and state.

func NewNPMDependencyProxyController ¶

func NewNPMDependencyProxyController(controller *DependencyProxyController) *NPMDependencyProxyController

func (*NPMDependencyProxyController) ExtractNPMVersionAndReleaseTimeFromMetadata ¶

func (d *NPMDependencyProxyController) ExtractNPMVersionAndReleaseTimeFromMetadata(data []byte) (string, time.Time)

ExtractNPMVersionAndReleaseTimeFromMetadata parses NPM package metadata JSON and extracts the latest version and its release time.

func (*NPMDependencyProxyController) ProxyNPMAudit ¶

func (d *NPMDependencyProxyController) ProxyNPMAudit(c shared.Context) error

func (*NPMDependencyProxyController) ProxyNPMMetadata ¶

func (d *NPMDependencyProxyController) ProxyNPMMetadata(c shared.Context) error

ProxyNPMMetadata handles metadata / version-resolution npm requests (no explicit version in path). Routes: GET /npm/:package and GET /npm/:scope/:name

func (*NPMDependencyProxyController) ProxyNPMTarball ¶

func (d *NPMDependencyProxyController) ProxyNPMTarball(c shared.Context) error

ProxyNPMTarball handles explicit-version npm requests (.tgz downloads). Routes: GET /npm/:package/-/* and GET /npm/:scope/:name/-/*

type OCIDependencyProxyController ¶

type OCIDependencyProxyController struct {
	*DependencyProxyController
}

OCIDependencyProxyController handles OCI registry proxy requests. Image references must be fully qualified: <registry>/<image> (e.g. docker.io/library/nginx). It embeds DependencyProxyController to reuse shared helpers and state.

func NewOCIDependencyProxyController ¶

func NewOCIDependencyProxyController(controller *DependencyProxyController) *OCIDependencyProxyController

func (*OCIDependencyProxyController) ProxyOCIBlob ¶

func (d *OCIDependencyProxyController) ProxyOCIBlob(c shared.Context) error

ProxyOCIBlob handles layer and config blob downloads. Routes:

GET|HEAD /oci/v2/:registry/:image/blobs/:digest
GET|HEAD /oci/v2/:registry/:namespace/:image/blobs/:digest

func (*OCIDependencyProxyController) ProxyOCIManifest ¶

func (d *OCIDependencyProxyController) ProxyOCIManifest(c shared.Context) error

ProxyOCIManifest handles manifest fetch and existence-check requests. The registry hostname is part of the route so that requests are fully qualified:

docker.io/library/nginx:latest  →  GET /oci/v2/docker.io/library/nginx/manifests/latest
ghcr.io/org/image:sha256:abc    →  GET /oci/v2/ghcr.io/org/image/manifests/sha256:abc

Routes:

GET|HEAD /oci/v2/:registry/:image/manifests/:reference
GET|HEAD /oci/v2/:registry/:namespace/:image/manifests/:reference

func (*OCIDependencyProxyController) ProxyOCIReferrers ¶

func (d *OCIDependencyProxyController) ProxyOCIReferrers(c shared.Context) error

ProxyOCIReferrers handles the OCI referrers API (signatures, SBOMs, etc.). Routes:

GET /v2/:registry/:image/referrers/:digest
GET /v2/:registry/:namespace/:image/referrers/:digest

func (*OCIDependencyProxyController) ProxyOCITagsList ¶

func (d *OCIDependencyProxyController) ProxyOCITagsList(c shared.Context) error

ProxyOCITagsList handles image tag listing. Routes:

GET /oci/v2/:registry/:image/tags/list
GET /oci/v2/:registry/:namespace/:image/tags/list

func (*OCIDependencyProxyController) ProxyOCIVersionCheck ¶

func (d *OCIDependencyProxyController) ProxyOCIVersionCheck(c shared.Context) error

ProxyOCIVersionCheck handles the OCI Distribution Spec v2 version check. Route: GET|HEAD /oci/v2/

type PythonDependencyProxyController ¶

type PythonDependencyProxyController struct {
	*DependencyProxyController
}

PythonDependencyProxyController handles PyPI dependency proxy requests. It embeds DependencyProxyController to reuse shared helpers and state.

func NewPythonDependencyProxyController ¶

func NewPythonDependencyProxyController(controller *DependencyProxyController) *PythonDependencyProxyController

func (*PythonDependencyProxyController) ExtractPyPIReleaseTime ¶

func (d *PythonDependencyProxyController) ExtractPyPIReleaseTime(data []byte, version string) (string, time.Time, bool)

ExtractPyPIReleaseTime parses a PyPI JSON API response and returns the resolved version and its upload time. If version is empty, it uses info.version (the current release).

func (*PythonDependencyProxyController) ProxyPyPIPackage ¶

func (d *PythonDependencyProxyController) ProxyPyPIPackage(c shared.Context) error

ProxyPyPIPackage handles explicit-version PyPI package downloads (from /packages/). Route: GET /pypi/packages/*

func (*PythonDependencyProxyController) ProxyPyPISimple ¶

func (d *PythonDependencyProxyController) ProxyPyPISimple(c shared.Context) error

ProxyPyPISimple handles PyPI /simple/ metadata requests, resolving the latest version before checking rules. Route: GET /pypi/simple/:package

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL