attack

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AssetChange 

type AssetChange struct {
	Type      string    `json:"type"` // added, removed, changed
	AssetName string    `json:"asset_name"`
	AssetType string    `json:"asset_type"`
	Timestamp time.Time `json:"timestamp"`
}

AssetChange represents a recent asset change.

type AssetPathScore 

type AssetPathScore struct {
	// AssetID is the UUID of the asset.
	AssetID string `json:"asset_id"`
	// Name is the human-readable name of the asset.
	Name string `json:"name"`
	// AssetType is the type of the asset (e.g., "host", "application").
	AssetType string `json:"asset_type"`
	// Exposure is the asset's configured exposure level.
	Exposure string `json:"exposure"`
	// Criticality is the asset's criticality level.
	Criticality string `json:"criticality"`
	// RiskScore is the asset-level risk score (1-10).
	RiskScore int `json:"risk_score"`
	// IsCrownJewel marks high-value target assets.
	IsCrownJewel bool `json:"is_crown_jewel"`
	// FindingCount is the number of open findings on this asset.
	FindingCount int `json:"finding_count"`

	// ReachableFrom is the count of distinct public entry points that can
	// reach this asset following attack-path relationship types.
	ReachableFrom int `json:"reachable_from"`
	// PathScore is the composite attack path score:
	//   (reachable_from * impact_weight) where impact_weight = risk_score * criticality_multiplier
	// Higher = more urgent to remediate.
	PathScore float64 `json:"path_score"`
	// IsEntryPoint is true when this asset is itself a public entry point.
	IsEntryPoint bool `json:"is_entry_point"`
	// IsProtected is true when the asset has at least one "protected_by" or "monitors" relationship.
	IsProtected bool `json:"is_protected"`
}

AssetPathScore holds the computed attack path score for a single asset.

type AssetTypeBreakdown 

type AssetTypeBreakdown struct {
	Type    string `json:"type"`
	Total   int    `json:"total"`
	Exposed int    `json:"exposed"`
}

AssetTypeBreakdown represents asset count breakdown by type.

type ExposedService 

type ExposedService struct {
	ID           string    `json:"id"`
	Name         string    `json:"name"`
	Type         string    `json:"type"`
	Port         int       `json:"port,omitempty"`
	Exposure     string    `json:"exposure"`
	Criticality  string    `json:"criticality"`
	FindingCount int       `json:"finding_count"`
	LastSeen     time.Time `json:"last_seen"`
}

ExposedService represents an exposed service/asset.

type PathScoringResult 

type PathScoringResult struct {
	Summary PathSummary `json:"summary"`
	// TopAssets is the ranked list of assets by PathScore (descending), limited to 50.
	TopAssets []AssetPathScore `json:"top_assets"`
}

PathScoringResult is the full result returned by ComputeAttackPathScores.

type PathSummary 

type PathSummary struct {
	// TotalPaths is the total number of directed attack paths discovered
	// (entry point → reachable asset pairs).
	TotalPaths int `json:"total_paths"`
	// EntryPoints is the count of public-exposure assets that act as entry points.
	EntryPoints int `json:"entry_points"`
	// ReachableAssets is the count of non-public assets reachable from at least one entry point.
	ReachableAssets int `json:"reachable_assets"`
	// MaxDepth is the longest BFS chain found.
	MaxDepth int `json:"max_depth"`
	// CriticalReachable is the count of critical/high assets reachable from entry points.
	CriticalReachable int `json:"critical_reachable"`
	// CrownJewelsAtRisk is the count of crown-jewel assets reachable from entry points.
	CrownJewelsAtRisk int `json:"crown_jewels_at_risk"`
	// HasRelationshipData indicates whether the tenant has any relationship data at all.
	HasRelationshipData bool `json:"has_relationship_data"`
}

PathSummary holds aggregate attack path metrics for the tenant.

type SurfaceRepository 

type SurfaceRepository interface {
	// GetStats returns attack surface statistics for a tenant
	GetStats(ctx context.Context, tenantID shared.ID) (*SurfaceStatsData, error)
	// GetExposedServices returns top exposed services/assets
	GetExposedServices(ctx context.Context, tenantID shared.ID, limit int) ([]ExposedService, error)
	// GetRecentChanges returns recent asset changes
	GetRecentChanges(ctx context.Context, tenantID shared.ID, limit int) ([]AssetChange, error)
	// GetStatsWithTrends returns stats with week-over-week comparison
	GetStatsWithTrends(ctx context.Context, tenantID shared.ID) (*SurfaceStatsData, error)
}

SurfaceRepository defines the interface for attack surface data access.

type SurfaceService 

type SurfaceService struct {
	// contains filtered or unexported fields
}

SurfaceService provides attack surface operations.

func NewSurfaceService 

func NewSurfaceService(assetRepo asset.Repository, relRepo asset.RelationshipRepository, log *logger.Logger) *SurfaceService

NewSurfaceService creates a new SurfaceService.

func (*SurfaceService) ComputeAttackPathScores 

func (s *SurfaceService) ComputeAttackPathScores(
	ctx context.Context,
	tenantID shared.ID,
	relRepo asset.RelationshipRepository,
) (*PathScoringResult, error)

ComputeAttackPathScores performs in-memory attack path analysis for the tenant. It:

  1. Loads all assets (nodes) and relationships (edges)
  2. Identifies public-exposure assets as entry points
  3. Runs BFS from each entry point following attack-path edges
  4. Counts how many entry points can reach each internal asset
  5. Computes a composite PathScore from reachability + risk + criticality
  6. Returns top 50 assets by PathScore + aggregate summary

func (*SurfaceService) GetAttackPathScores 

func (s *SurfaceService) GetAttackPathScores(ctx context.Context, tenantID shared.ID) (*PathScoringResult, error)

GetAttackPathScores computes attack path scoring for the tenant.

func (*SurfaceService) GetStats 

func (s *SurfaceService) GetStats(ctx context.Context, tenantID shared.ID) (*SurfaceStats, error)

GetStats returns attack surface statistics for a tenant.

type SurfaceStats 

type SurfaceStats struct {
	// Summary stats
	TotalAssets       int     `json:"total_assets"`
	ExposedServices   int     `json:"exposed_services"`
	CriticalExposures int     `json:"critical_exposures"`
	RiskScore         float64 `json:"risk_score"`

	// Trends (week-over-week)
	TotalAssetsChange       int `json:"total_assets_change"`
	ExposedServicesChange   int `json:"exposed_services_change"`
	CriticalExposuresChange int `json:"critical_exposures_change"`

	// Asset breakdown by type with exposed count
	AssetBreakdown []AssetTypeBreakdown `json:"asset_breakdown"`

	// Top exposed services
	ExposedServicesList []ExposedService `json:"exposed_services_list"`

	// Recent changes
	RecentChanges []AssetChange `json:"recent_changes"`
}

SurfaceStats represents aggregated attack surface statistics.

type SurfaceStatsData 

type SurfaceStatsData struct {
	TotalAssets             int
	ExposedServices         int
	CriticalExposures       int
	AverageRiskScore        float64
	TotalAssetsChange       int
	ExposedServicesChange   int
	CriticalExposuresChange int
	ByType                  map[string]int
	ExposedByType           map[string]int
}

SurfaceStatsData holds raw attack surface statistics.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.