Documentation
¶
Overview ¶
Package handler provides lifecycle management for security scanning workflows. It follows the Handler pattern: OnStart -> HandleFindings -> OnCompleted/OnError.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConsoleHandler ¶
type ConsoleHandler struct {
Verbose bool
}
ConsoleHandler is a simple handler that prints to console. Useful for local development and testing.
func NewConsoleHandler ¶
func NewConsoleHandler(verbose bool) *ConsoleHandler
NewConsoleHandler creates a new console handler.
func (*ConsoleHandler) HandleFindings ¶
func (h *ConsoleHandler) HandleFindings(params HandleFindingsParams) error
func (*ConsoleHandler) OnCompleted ¶
func (h *ConsoleHandler) OnCompleted() error
func (*ConsoleHandler) OnError ¶
func (h *ConsoleHandler) OnError(err error) error
type DataFlow ¶
type DataFlow struct {
TaintSource []Location `json:"taint_source"`
IntermediateVars []Location `json:"intermediate_vars"`
TaintSink []Location `json:"taint_sink"`
}
DataFlow represents taint tracking information for a finding.
type Finding ¶
type Finding struct {
RuleID string `json:"rule_id"`
Title string `json:"title"`
Description string `json:"description"`
Severity string `json:"severity"`
Path string `json:"path"`
StartLine int `json:"start_line"`
EndLine int `json:"end_line"`
Snippet string `json:"snippet"`
DataFlow *DataFlow `json:"data_flow,omitempty"`
}
Finding represents a security finding.
type HandleFindingsParams ¶
type HandleFindingsParams struct {
Report *ctis.Report
Strategy strategy.ScanStrategy
ChangedFiles []strategy.ChangedFile
GitEnv gitenv.GitEnv
}
HandleFindingsParams contains parameters for handling findings.
type Location ¶
type Location struct {
Path string `json:"path"`
Line int `json:"line"`
Column int `json:"column"`
Content string `json:"content"`
}
Location represents a code location in dataflow.
type RemoteHandler ¶
type RemoteHandler struct {
// contains filtered or unexported fields
}
RemoteHandler sends scan results to a remote OpenCTEM server. It also creates PR/MR comments for findings on changed files.
func NewRemoteHandler ¶
func NewRemoteHandler(cfg *RemoteHandlerConfig) *RemoteHandler
NewRemoteHandler creates a new remote handler.
func (*RemoteHandler) HandleFindings ¶
func (h *RemoteHandler) HandleFindings(params HandleFindingsParams) error
HandleFindings processes and sends findings to the server.
func (*RemoteHandler) OnCompleted ¶
func (h *RemoteHandler) OnCompleted() error
OnCompleted is called when the scan completes successfully.
func (*RemoteHandler) OnError ¶
func (h *RemoteHandler) OnError(err error) error
OnError is called when an error occurs during the scan.
type RemoteHandlerConfig ¶
type RemoteHandlerConfig struct {
Pusher core.Pusher
Verbose bool
CreateComments bool
MaxComments int // Max comments per PR/MR (default 10)
}
RemoteHandlerConfig configures the remote handler.
type ScanHandler ¶
type ScanHandler interface {
// OnStart is called at the beginning of a scan.
// It should register the scan with the server and return scan info.
OnStart(gitEnv gitenv.GitEnv, scannerName, scannerType string) (*ScanInfo, error)
// HandleFindings processes scan findings.
// It sends findings to the server and optionally creates PR/MR comments.
HandleFindings(params HandleFindingsParams) error
// OnCompleted is called when the scan completes successfully.
OnCompleted() error
// OnError is called when an error occurs during the scan.
OnError(err error) error
}
ScanHandler manages the lifecycle of a security scan.
Source Files