template

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Package validators provides template validation for different scanner types.

Index

Constants

View Source 
const MaxSourcesPerTenant = 50

MaxSourcesPerTenant is the maximum number of template sources a tenant can have.

Variables

This section is empty.

Functions

func NewScanAdapter 

func NewScanAdapter(syncer *Syncer) scan.TemplateSyncer

NewScanAdapter wires a template.Syncer into the scan package's narrow TemplateSyncer interface. Used by cmd/server/services.go.

Types

type CreateSourceInput 

type CreateSourceInput struct {
	TenantID        string               `json:"tenant_id" validate:"required,uuid"`
	UserID          string               `json:"user_id" validate:"omitempty,uuid"`
	Name            string               `json:"name" validate:"required,min=1,max=255"`
	SourceType      string               `json:"source_type" validate:"required,oneof=git s3 http"`
	TemplateType    string               `json:"template_type" validate:"required,oneof=nuclei semgrep gitleaks"`
	Description     string               `json:"description" validate:"max=1000"`
	Enabled         bool                 `json:"enabled"`
	AutoSyncOnScan  bool                 `json:"auto_sync_on_scan"`
	CacheTTLMinutes int                  `json:"cache_ttl_minutes" validate:"min=0,max=10080"` // Max 1 week
	GitConfig       *ts.GitSourceConfig  `json:"git_config,omitempty"`
	S3Config        *ts.S3SourceConfig   `json:"s3_config,omitempty"`
	HTTPConfig      *ts.HTTPSourceConfig `json:"http_config,omitempty"`
	CredentialID    string               `json:"credential_id" validate:"omitempty,uuid"`
}

CreateSourceInput represents the input for creating a template source.

type GitleaksValidator 

type GitleaksValidator struct{}

GitleaksValidator validates Gitleaks config files (TOML).

func (*GitleaksValidator) CountRules 

func (v *GitleaksValidator) CountRules(content []byte) int

CountRules counts the number of rules in the Gitleaks config.

func (*GitleaksValidator) ExtractMetadata 

func (v *GitleaksValidator) ExtractMetadata(content []byte) map[string]any

ExtractMetadata extracts metadata from Gitleaks config.

func (*GitleaksValidator) Validate 

func (v *GitleaksValidator) Validate(content []byte) *ValidationResult

Validate validates Gitleaks config content.

type ListSourcesInput 

type ListSourcesInput struct {
	TenantID     string  `json:"tenant_id" validate:"required,uuid"`
	SourceType   *string `json:"source_type" validate:"omitempty,oneof=git s3 http"`
	TemplateType *string `json:"template_type" validate:"omitempty,oneof=nuclei semgrep gitleaks"`
	Enabled      *bool   `json:"enabled"`
	Page         int     `json:"page"`
	PageSize     int     `json:"page_size"`
	SortBy       string  `json:"sort_by"`
	SortOrder    string  `json:"sort_order"`
}

ListSourcesInput represents the input for listing template sources.

type NucleiValidator 

type NucleiValidator struct{}

NucleiValidator validates Nuclei template files (YAML).

func (*NucleiValidator) CountRules 

func (v *NucleiValidator) CountRules(content []byte) int

CountRules returns 1 for Nuclei (each file is one template).

func (*NucleiValidator) ExtractMetadata 

func (v *NucleiValidator) ExtractMetadata(content []byte) map[string]any

ExtractMetadata extracts metadata from Nuclei template.

func (*NucleiValidator) Validate 

func (v *NucleiValidator) Validate(content []byte) *ValidationResult

Validate validates Nuclei template content.

type SecretStoreDecryptor 

type SecretStoreDecryptor interface {
	DecryptCredentialData(ctx context.Context, tenantID shared.ID, credentialID string) (any, error)
}

SecretStoreDecryptor is the narrow surface the Syncer needs to decrypt git credentials. Kept local so the template package does not import the app root — that would cycle through app.scanner_template_service.go, which itself depends on template's template.

*app.SecretStoreService satisfies this interface at runtime.

type SemgrepValidator 

type SemgrepValidator struct{}

SemgrepValidator validates Semgrep rule files (YAML).

func (*SemgrepValidator) CountRules 

func (v *SemgrepValidator) CountRules(content []byte) int

CountRules counts the number of rules in the Semgrep config.

func (*SemgrepValidator) ExtractMetadata 

func (v *SemgrepValidator) ExtractMetadata(content []byte) map[string]any

ExtractMetadata extracts metadata from Semgrep rules.

func (*SemgrepValidator) Validate 

func (v *SemgrepValidator) Validate(content []byte) *ValidationResult

Validate validates Semgrep rule content.

type SourceService 

type SourceService struct {
	// contains filtered or unexported fields
}

SourceService handles template source business operations.

func NewSourceService 

func NewSourceService(repo ts.Repository, log *logger.Logger) *SourceService

NewSourceService creates a new SourceService.

func (*SourceService) CreateSource 

func (s *SourceService) CreateSource(ctx context.Context, input CreateSourceInput) (*ts.TemplateSource, error)

CreateSource creates a new template source.

func (*SourceService) DeleteSource 

func (s *SourceService) DeleteSource(ctx context.Context, tenantID, sourceID string) error

DeleteSource deletes a template source.

func (*SourceService) DisableSource 

func (s *SourceService) DisableSource(ctx context.Context, tenantID, sourceID string) (*ts.TemplateSource, error)

DisableSource disables a template source.

func (*SourceService) EnableSource 

func (s *SourceService) EnableSource(ctx context.Context, tenantID, sourceID string) (*ts.TemplateSource, error)

EnableSource enables a template source.

func (*SourceService) ForceSync 

func (s *SourceService) ForceSync(ctx context.Context, tenantID, sourceID string) (*SyncResult, error)

ForceSync triggers an immediate sync for a specific source. This is used for manual "force sync" requests from the API.

func (*SourceService) GetSource 

func (s *SourceService) GetSource(ctx context.Context, tenantID, sourceID string) (*ts.TemplateSource, error)

GetSource retrieves a template source by ID.

func (*SourceService) GetSourcesForScan 

func (s *SourceService) GetSourcesForScan(ctx context.Context, tenantID string, templateTypes []scannertemplate.TemplateType) ([]*ts.TemplateSource, error)

GetSourcesForScan retrieves enabled template sources linked to a scan profile.

func (*SourceService) GetSourcesNeedingSync 

func (s *SourceService) GetSourcesNeedingSync(ctx context.Context, tenantID string) ([]*ts.TemplateSource, error)

GetSourcesNeedingSync returns sources that need to be synced (cache expired).

func (*SourceService) ListSources 

func (s *SourceService) ListSources(ctx context.Context, input ListSourcesInput) (*ts.ListOutput, error)

ListSources lists template sources with filters.

func (*SourceService) SetTemplateSyncer 

func (s *SourceService) SetTemplateSyncer(syncer *Syncer)

SetTemplateSyncer sets the template syncer for force sync operations.

func (*SourceService) UpdateSource 

func (s *SourceService) UpdateSource(ctx context.Context, input UpdateSourceInput) (*ts.TemplateSource, error)

UpdateSource updates an existing template source.

func (*SourceService) UpdateSyncStatus 

func (s *SourceService) UpdateSyncStatus(ctx context.Context, source *ts.TemplateSource) error

UpdateSyncStatus updates the sync status of a template source.

type SyncResult 

type SyncResult struct {
	SourceID       shared.ID
	Success        bool
	Hash           string
	TemplatesFound int
	TemplatesAdded int
	Error          string
	Duration       time.Duration
}

SyncResult contains the result of a sync operation.

type Syncer 

type Syncer struct {
	// contains filtered or unexported fields
}

Syncer handles syncing templates from external sources.

func NewSyncer 

func NewSyncer(
	sourceRepo templatesource.Repository,
	templateRepo scannertemplate.Repository,
	secretStoreSvc SecretStoreDecryptor,
	signingKey []byte,
	log *logger.Logger,
) *Syncer

NewSyncer creates a new Syncer.

func (*Syncer) SyncSource 

func (s *Syncer) SyncSource(ctx context.Context, source *templatesource.TemplateSource) (*SyncResult, error)

SyncSource syncs templates from a single source.

func (*Syncer) SyncSourcesForScan 

func (s *Syncer) SyncSourcesForScan(ctx context.Context, tenantID shared.ID) ([]*SyncResult, error)

SyncSourcesForScan syncs all sources that need updating for a scan.

type TemplateValidator 

type TemplateValidator interface {
	// Validate validates the template content.
	Validate(content []byte) *ValidationResult

	// CountRules counts the number of rules in the template.
	CountRules(content []byte) int

	// ExtractMetadata extracts scanner-specific metadata from the template.
	ExtractMetadata(content []byte) map[string]any
}

TemplateValidator defines the interface for scanner-specific validators.

func GetValidator 

func GetValidator(templateType scannertemplate.TemplateType) TemplateValidator

GetValidator returns the appropriate validator for the template type.

type UpdateSourceInput 

type UpdateSourceInput struct {
	TenantID        string               `json:"tenant_id" validate:"required,uuid"`
	SourceID        string               `json:"source_id" validate:"required,uuid"`
	Name            string               `json:"name" validate:"omitempty,min=1,max=255"`
	Description     string               `json:"description" validate:"max=1000"`
	Enabled         *bool                `json:"enabled"`
	AutoSyncOnScan  *bool                `json:"auto_sync_on_scan"`
	CacheTTLMinutes *int                 `json:"cache_ttl_minutes" validate:"omitempty,min=0,max=10080"`
	GitConfig       *ts.GitSourceConfig  `json:"git_config,omitempty"`
	S3Config        *ts.S3SourceConfig   `json:"s3_config,omitempty"`
	HTTPConfig      *ts.HTTPSourceConfig `json:"http_config,omitempty"`
	CredentialID    *string              `json:"credential_id" validate:"omitempty,uuid"`
}

UpdateSourceInput represents the input for updating a template source.

type ValidationError 

type ValidationError struct {
	Field   string `json:"field"`
	Message string `json:"message"`
	Code    string `json:"code"`
}

ValidationError represents a single validation error.

type ValidationResult 

type ValidationResult struct {
	Valid     bool              `json:"valid"`
	Errors    []ValidationError `json:"errors,omitempty"`
	RuleCount int               `json:"rule_count"`
	Metadata  map[string]any    `json:"metadata,omitempty"`
}

ValidationResult represents the result of template validation.

func ValidateTemplate 

func ValidateTemplate(templateType scannertemplate.TemplateType, content []byte) *ValidationResult

ValidateTemplate validates template content based on its type.

func (*ValidationResult) AddError 

func (r *ValidationResult) AddError(field, message, code string)

AddError adds an error to the validation result.

func (*ValidationResult) ErrorMessages 

func (r *ValidationResult) ErrorMessages() string

ErrorMessages returns all error messages as a single string.

func (*ValidationResult) HasErrors 

func (r *ValidationResult) HasErrors() bool

HasErrors returns true if there are any validation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.