scannertemplate

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package scanner_template defines the ScannerTemplate domain entity for custom scanner templates.

Index

Constants

View Source 
const (
	// DefaultMaxTemplatesPerTenant is the default maximum number of templates per tenant.
	DefaultMaxTemplatesPerTenant = 100

	// DefaultMaxTemplatesPerType is the default maximum number of templates per type per tenant.
	DefaultMaxTemplatesPerType = 50

	// DefaultMaxTotalStorageBytes is the default maximum total storage in bytes per tenant (50MB).
	DefaultMaxTotalStorageBytes = 50 * 1024 * 1024
)

Per-tenant template quota constants.

Variables

This section is empty.

Functions

func ComputeHash 

func ComputeHash(content []byte) string

ComputeHash computes the SHA256 hash of the content.

func ComputeSignature 

func ComputeSignature(content []byte, secret string) string

ComputeSignature computes the HMAC-SHA256 signature of content using the provided secret.

func VerifySignature 

func VerifySignature(content []byte, secret, signature string) bool

VerifySignature verifies that the given signature matches the expected signature for the content.

Types

type Filter 

type Filter struct {
	TenantID     *shared.ID
	TemplateType *TemplateType
	Status       *TemplateStatus
	SourceID     *shared.ID
	Tags         []string
	Search       string
}

Filter represents filter options for listing scanner templates.

type Repository 

type Repository interface {
	// Create creates a new scanner template.
	Create(ctx context.Context, template *ScannerTemplate) error

	// GetByTenantAndID retrieves a scanner template by tenant and ID.
	// This is the primary method for fetching templates as it enforces tenant isolation.
	GetByTenantAndID(ctx context.Context, tenantID, id shared.ID) (*ScannerTemplate, error)

	// GetByTenantAndName retrieves a scanner template by tenant, type, and name.
	GetByTenantAndName(ctx context.Context, tenantID shared.ID, templateType TemplateType, name string) (*ScannerTemplate, error)

	// List lists scanner templates with filters and pagination.
	List(ctx context.Context, filter Filter, page pagination.Pagination) (pagination.Result[*ScannerTemplate], error)

	// ListByIDs retrieves multiple templates by their IDs.
	ListByIDs(ctx context.Context, tenantID shared.ID, ids []shared.ID) ([]*ScannerTemplate, error)

	// Update updates a scanner template.
	Update(ctx context.Context, template *ScannerTemplate) error

	// Delete deletes a scanner template (tenant-scoped).
	Delete(ctx context.Context, tenantID, id shared.ID) error

	// CountByTenant counts the number of templates for a tenant.
	CountByTenant(ctx context.Context, tenantID shared.ID) (int64, error)

	// CountByType counts the number of templates by type for a tenant.
	CountByType(ctx context.Context, tenantID shared.ID, templateType TemplateType) (int64, error)

	// ExistsByName checks if a template with the given name exists.
	ExistsByName(ctx context.Context, tenantID shared.ID, templateType TemplateType, name string) (bool, error)

	// GetUsage returns the current template usage for a tenant.
	GetUsage(ctx context.Context, tenantID shared.ID) (*TemplateUsage, error)
}

Repository defines the interface for scanner template persistence.

type ScannerTemplate 

type ScannerTemplate struct {
	ID           shared.ID
	TenantID     shared.ID
	SourceID     *shared.ID // Reference to template source (nil = manual upload)
	Name         string
	TemplateType TemplateType
	Version      string

	// Content storage
	Content       []byte  // Raw YAML/TOML content (inline for <1MB)
	ContentURL    *string // S3 URL for large templates
	ContentHash   string  // SHA256(Content)
	SignatureHash string  // HMAC-SHA256 for verification

	// Metadata
	RuleCount   int
	Description string
	Tags        []string
	Metadata    map[string]any // Scanner-specific metadata

	// Status
	Status          TemplateStatus
	ValidationError *string

	// Source tracking (for synced templates)
	SyncSource   SyncSource // How this template was synced (manual, git, s3, http)
	SourcePath   *string    // Path within source (e.g., templates/sqli.yaml)
	SourceCommit *string    // Git commit hash

	// Audit
	CreatedBy *shared.ID
	CreatedAt time.Time
	UpdatedAt time.Time
}

ScannerTemplate represents a custom scanner template (Nuclei, Semgrep, or Gitleaks).

func NewScannerTemplate 

func NewScannerTemplate(
	tenantID shared.ID,
	name string,
	templateType TemplateType,
	content []byte,
	createdBy *shared.ID,
) (*ScannerTemplate, error)

NewScannerTemplate creates a new scanner template.

func (*ScannerTemplate) Activate 

func (t *ScannerTemplate) Activate() error

Activate marks the template as active.

func (*ScannerTemplate) BelongsToTenant 

func (t *ScannerTemplate) BelongsToTenant(tenantID shared.ID) bool

BelongsToTenant checks if this template belongs to the specified tenant.

func (*ScannerTemplate) CanManage 

func (t *ScannerTemplate) CanManage(tenantID shared.ID) error

CanManage checks if the given tenant can manage this template.

func (*ScannerTemplate) ClearValidationError 

func (t *ScannerTemplate) ClearValidationError()

ClearValidationError clears the validation error.

func (*ScannerTemplate) Deprecate 

func (t *ScannerTemplate) Deprecate()

Deprecate marks the template as deprecated.

func (*ScannerTemplate) IncrementVersion 

func (t *ScannerTemplate) IncrementVersion()

IncrementVersion increments the patch version.

func (*ScannerTemplate) IsUsable 

func (t *ScannerTemplate) IsUsable() bool

IsUsable returns true if the template can be used in scans.

func (*ScannerTemplate) Revoke 

func (t *ScannerTemplate) Revoke()

Revoke marks the template as revoked (security concern).

func (*ScannerTemplate) SetMetadata 

func (t *ScannerTemplate) SetMetadata(key string, value any)

SetMetadata sets a metadata value.

func (*ScannerTemplate) SetRuleCount 

func (t *ScannerTemplate) SetRuleCount(count int)

SetRuleCount sets the number of rules in the template.

func (*ScannerTemplate) SetSignature 

func (t *ScannerTemplate) SetSignature(signature string)

SetSignature sets the HMAC signature for the template.

func (*ScannerTemplate) SetSourceInfo 

func (t *ScannerTemplate) SetSourceInfo(sourceID shared.ID, sourcePath, sourceCommit string)

SetSourceInfo sets the source tracking information.

func (*ScannerTemplate) SetValidationError 

func (t *ScannerTemplate) SetValidationError(err string)

SetValidationError sets the validation error message.

func (*ScannerTemplate) Update 

func (t *ScannerTemplate) Update(name, description string, content []byte, tags []string) error

Update updates the template content.

func (*ScannerTemplate) VerifySignature 

func (t *ScannerTemplate) VerifySignature(secret string) bool

VerifySignature verifies the template signature using the provided secret.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer handles template signing and verification.

func NewSigner 

func NewSigner(secret []byte) *Signer

NewSigner creates a new Signer with the given secret key.

func (*Signer) Sign 

func (s *Signer) Sign(content []byte) string

Sign computes the HMAC-SHA256 signature of content.

func (*Signer) Verify 

func (s *Signer) Verify(content []byte, signature string) bool

Verify verifies that the given signature matches the expected signature.

type SyncSource 

type SyncSource string

SyncSource represents the source of a template. 

const (
	// SyncSourceManual means the template was uploaded manually.
	SyncSourceManual SyncSource = "manual"
	// SyncSourceGit means the template was synced from a git repository.
	SyncSourceGit SyncSource = "git"
	// SyncSourceS3 means the template was synced from S3/MinIO.
	SyncSourceS3 SyncSource = "s3"
	// SyncSourceHTTP means the template was synced from an HTTP URL.
	SyncSourceHTTP SyncSource = "http"
)

func (SyncSource) IsValid 

func (s SyncSource) IsValid() bool

IsValid checks if the sync source is valid.

type TemplateQuota 

type TemplateQuota struct {
	MaxTemplates         int   `json:"max_templates"`           // Max total templates
	MaxTemplatesNuclei   int   `json:"max_templates_nuclei"`    // Max Nuclei templates
	MaxTemplatesSemgrep  int   `json:"max_templates_semgrep"`   // Max Semgrep templates
	MaxTemplatesGitleaks int   `json:"max_templates_gitleaks"`  // Max Gitleaks templates
	MaxTotalStorageBytes int64 `json:"max_total_storage_bytes"` // Max total storage
}

TemplateQuota represents per-tenant template storage quotas.

func DefaultQuota 

func DefaultQuota() TemplateQuota

DefaultQuota returns the default template quota.

func (TemplateQuota) GetMaxForType 

func (q TemplateQuota) GetMaxForType(templateType TemplateType) int

GetMaxForType returns the maximum templates allowed for a specific type.

type TemplateStatus 

type TemplateStatus string

TemplateStatus represents the status of a template. 

const (
	// TemplateStatusActive means the template is active and can be used.
	TemplateStatusActive TemplateStatus = "active"
	// TemplateStatusPendingReview means the template is awaiting review.
	TemplateStatusPendingReview TemplateStatus = "pending_review"
	// TemplateStatusDeprecated means the template is deprecated and should not be used.
	TemplateStatusDeprecated TemplateStatus = "deprecated"
	// TemplateStatusRevoked means the template has been revoked due to security concerns.
	TemplateStatusRevoked TemplateStatus = "revoked"
)

func (TemplateStatus) IsUsable 

func (s TemplateStatus) IsUsable() bool

IsUsable returns true if the template can be used in scans.

func (TemplateStatus) IsValid 

func (s TemplateStatus) IsValid() bool

IsValid checks if the template status is valid.

type TemplateType 

type TemplateType string

TemplateType represents the type of scanner template. 

const (
	// TemplateTypeNuclei is for Nuclei vulnerability templates (YAML).
	TemplateTypeNuclei TemplateType = "nuclei"
	// TemplateTypeSemgrep is for Semgrep SAST rules (YAML).
	TemplateTypeSemgrep TemplateType = "semgrep"
	// TemplateTypeGitleaks is for Gitleaks secret patterns (TOML).
	TemplateTypeGitleaks TemplateType = "gitleaks"
)

func (TemplateType) ContentType 

func (t TemplateType) ContentType() string

ContentType returns the expected content type for the template type.

func (TemplateType) FileExtension 

func (t TemplateType) FileExtension() string

FileExtension returns the expected file extension for the template type.

func (TemplateType) IsValid 

func (t TemplateType) IsValid() bool

IsValid checks if the template type is valid.

func (TemplateType) MaxRules 

func (t TemplateType) MaxRules() int

MaxRules returns the maximum allowed number of rules for the template type.

func (TemplateType) MaxSize 

func (t TemplateType) MaxSize() int64

MaxSize returns the maximum allowed size in bytes for the template type.

type TemplateUsage 

type TemplateUsage struct {
	TotalTemplates    int64 `json:"total_templates"`
	NucleiTemplates   int64 `json:"nuclei_templates"`
	SemgrepTemplates  int64 `json:"semgrep_templates"`
	GitleaksTemplates int64 `json:"gitleaks_templates"`
	TotalStorageBytes int64 `json:"total_storage_bytes"`
}

TemplateUsage represents current template usage for a tenant.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.