security

package

v1.0.54 Latest Latest Go to latest Published: Jul 11, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pay-theory/lift

Links

Open Source Insights

Documentation ¶

Index ¶

type Asset
type AssetType
type AssetValue
type AttackVector
type AuthFinding
type AuthFindingType
type AuthenticationTest
type CVSSScore
type Complexity
type ComplianceCheck
type ComplianceLevel
type ComplianceReport
type ComplianceResult
type ComplianceStatus
type ComplianceSummary
type ComplianceViolation
type Cost
type DataFinding
type DataFindingType
type DataProtectionTest
type DataSensitivity
type DataType
type Effort
type Evidence
type HIPAAComplianceChecker
- func NewHIPAAComplianceChecker(timeout time.Duration) *HIPAAComplianceChecker
- func (h *HIPAAComplianceChecker) GenerateComplianceReport() ComplianceReport
- func (h *HIPAAComplianceChecker) GetRequirements() []Requirement
- func (h *HIPAAComplianceChecker) GetStandard() string
- func (h *HIPAAComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)
type Impact
type ImpactAssessment
type Likelihood
type Mitigation
type MitigationType
type OWASPScanner
- func NewOWASPScanner(timeout time.Duration) *OWASPScanner
- func (o *OWASPScanner) GenerateReport(vulns []Vulnerability) SecurityReport
- func (o *OWASPScanner) GetScanType() ScanType
- func (o *OWASPScanner) GetSeverity(vuln Vulnerability) Severity
- func (o *OWASPScanner) Scan(ctx context.Context, target SecurityTarget) ([]Vulnerability, error)
type PCIDSSComplianceChecker
- func NewPCIDSSComplianceChecker(timeout time.Duration) *PCIDSSComplianceChecker
- func (p *PCIDSSComplianceChecker) GenerateComplianceReport() ComplianceReport
- func (p *PCIDSSComplianceChecker) GetRequirements() []Requirement
- func (p *PCIDSSComplianceChecker) GetStandard() string
- func (p *PCIDSSComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)
type PenetrationTest
type Priority
type PrivilegeLevel
type RemediationPlan
type RemediationStep
type ReportFormat
type Requirement
type RequirementResult
type Risk
type RiskLevel
type RiskMatrix
type SOC2ComplianceChecker
- func NewSOC2ComplianceChecker(timeout time.Duration) *SOC2ComplianceChecker
- func (s *SOC2ComplianceChecker) GenerateComplianceReport() ComplianceReport
- func (s *SOC2ComplianceChecker) GetRequirements() []Requirement
- func (s *SOC2ComplianceChecker) GetStandard() string
- func (s *SOC2ComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)
type ScanType
type SecurityConfig
type SecurityContext
type SecurityCredentials
type SecurityFinding
type SecurityReport
type SecurityReportSummary
type SecuritySummary
type SecurityTarget
type SecurityValidationResult
type SecurityValidator
- func NewSecurityValidator(config SecurityConfig) *SecurityValidator
- func (sv *SecurityValidator) AddComplianceCheck(check ComplianceCheck)
- func (sv *SecurityValidator) AddPenetrationTest(test PenetrationTest)
- func (sv *SecurityValidator) AddScanner(scanner VulnerabilityScanner)
- func (sv *SecurityValidator) ValidateTarget(ctx context.Context, target SecurityTarget) (*SecurityValidationResult, error)
type Severity
type StepStatus
type SystemComponent
type SystemInfo
type TargetType
type Threat
type ThreatCategory
type ThreatModel
type Vulnerability
type VulnerabilityScanner
type VulnerabilityType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Asset ¶

type Asset struct {
	ID          string
	Type        AssetType
	Name        string
	Value       AssetValue
	Sensitivity DataSensitivity
	Location    string
	Owner       string
}

type AssetType ¶

type AssetType string

const (
	AssetTypeData        AssetType = "data"
	AssetTypeAPI         AssetType = "api"
	AssetTypeService     AssetType = "service"
	AssetTypeDatabase    AssetType = "database"
	AssetTypeCredentials AssetType = "credentials"
)

type AssetValue ¶

type AssetValue string

const (
	AssetValueLow      AssetValue = "low"
	AssetValueMedium   AssetValue = "medium"
	AssetValueHigh     AssetValue = "high"
	AssetValueCritical AssetValue = "critical"
)

type AttackVector ¶

type AttackVector struct {
	Name            string
	Description     string
	Complexity      Complexity
	Privileges      PrivilegeLevel
	UserInteraction bool
}

type AuthFinding ¶

type AuthFinding struct {
	Type        AuthFindingType
	Severity    Severity
	Description string
	Evidence    []Evidence
	Location    string
	FoundAt     time.Time
}

type AuthFindingType ¶

type AuthFindingType string

const (
	AuthFindingTypeWeakAuth       AuthFindingType = "weak_authentication"
	AuthFindingTypeBrokenAuth     AuthFindingType = "broken_authentication"
	AuthFindingTypeWeakSession    AuthFindingType = "weak_session"
	AuthFindingTypeBrokenAccess   AuthFindingType = "broken_access_control"
	AuthFindingTypePrivEscalation AuthFindingType = "privilege_escalation"
)

type AuthenticationTest ¶

type AuthenticationTest interface {
	TestAuthentication(ctx context.Context, target SecurityTarget) ([]AuthFinding, error)
	TestAuthorization(ctx context.Context, target SecurityTarget) ([]AuthFinding, error)
	TestSessionManagement(ctx context.Context, target SecurityTarget) ([]AuthFinding, error)
}

type CVSSScore ¶

type CVSSScore struct {
	Version  string
	Vector   string
	Score    float64
	Severity Severity
}

type Complexity ¶

type Complexity string

const (
	ComplexityLow    Complexity = "low"
	ComplexityMedium Complexity = "medium"
	ComplexityHigh   Complexity = "high"
)

type ComplianceCheck ¶

type ComplianceCheck interface {
	Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)
	GetStandard() string
	GetRequirements() []Requirement
	GenerateComplianceReport() ComplianceReport
}

type ComplianceLevel ¶

type ComplianceLevel string

const (
	ComplianceLevelBasic      ComplianceLevel = "basic"
	ComplianceLevelStandard   ComplianceLevel = "standard"
	ComplianceLevelStrict     ComplianceLevel = "strict"
	ComplianceLevelEnterprise ComplianceLevel = "enterprise"
)

type ComplianceReport ¶

type ComplianceReport struct {
	Standard  string
	Version   string
	Timestamp time.Time
	Results   []RequirementResult
	Summary   ComplianceSummary
}

type ComplianceResult ¶

type ComplianceResult struct {
	Standard        string
	Compliant       bool
	Score           float64
	Requirements    []RequirementResult
	Violations      []ComplianceViolation
	Recommendations []string
	Timestamp       time.Time
}

type ComplianceStatus ¶

type ComplianceStatus string

const (
	ComplianceStatusPass ComplianceStatus = "pass"
	ComplianceStatusFail ComplianceStatus = "fail"
	ComplianceStatusNA   ComplianceStatus = "not_applicable"
)

type ComplianceSummary ¶

type ComplianceSummary struct {
	TotalRequirements int
	Passed            int
	Failed            int
	NotApplicable     int
	ComplianceScore   float64
}

type ComplianceViolation ¶

type ComplianceViolation struct {
	RequirementID string
	Severity      Severity
	Description   string
	Remediation   string
}

type Cost ¶

type Cost string

const (
	CostVeryLow  Cost = "very_low"
	CostLow      Cost = "low"
	CostMedium   Cost = "medium"
	CostHigh     Cost = "high"
	CostVeryHigh Cost = "very_high"
)

type DataFinding ¶

type DataFinding struct {
	Type        DataFindingType
	Severity    Severity
	Description string
	DataType    DataType
	Location    string
	Evidence    []Evidence
	FoundAt     time.Time
}

type DataFindingType ¶

type DataFindingType string

const (
	DataFindingTypeExposure         DataFindingType = "data_exposure"
	DataFindingTypeLeakage          DataFindingType = "data_leakage"
	DataFindingTypeWeakCrypto       DataFindingType = "weak_cryptography"
	DataFindingTypeNoEncryption     DataFindingType = "no_encryption"
	DataFindingTypePrivacyViolation DataFindingType = "privacy_violation"
)

type DataProtectionTest ¶

type DataProtectionTest interface {
	TestEncryption(ctx context.Context, target SecurityTarget) ([]DataFinding, error)
	TestDataLeakage(ctx context.Context, target SecurityTarget) ([]DataFinding, error)
	TestPrivacyCompliance(ctx context.Context, target SecurityTarget) ([]DataFinding, error)
}

type DataSensitivity ¶

type DataSensitivity string

const (
	DataSensitivityPublic       DataSensitivity = "public"
	DataSensitivityInternal     DataSensitivity = "internal"
	DataSensitivityConfidential DataSensitivity = "confidential"
	DataSensitivityRestricted   DataSensitivity = "restricted"
)

type DataType ¶

type DataType string

const (
	DataTypePII          DataType = "pii"
	DataTypePHI          DataType = "phi"
	DataTypeFinancial    DataType = "financial"
	DataTypeCredentials  DataType = "credentials"
	DataTypeIntellectual DataType = "intellectual_property"
)

type Effort ¶

type Effort string

const (
	EffortMinimal     Effort = "minimal"
	EffortLow         Effort = "low"
	EffortMedium      Effort = "medium"
	EffortHigh        Effort = "high"
	EffortSignificant Effort = "significant"
)

type Evidence ¶

type Evidence struct {
	Type        string
	Description string
	Data        string
	Screenshot  string
	Timestamp   time.Time
}

type HIPAAComplianceChecker ¶

type HIPAAComplianceChecker struct {
	// contains filtered or unexported fields
}

HIPAA Compliance Checker for Healthcare Applications

func NewHIPAAComplianceChecker ¶

func NewHIPAAComplianceChecker(timeout time.Duration) *HIPAAComplianceChecker

func (*HIPAAComplianceChecker) GenerateComplianceReport ¶

func (h *HIPAAComplianceChecker) GenerateComplianceReport() ComplianceReport

func (*HIPAAComplianceChecker) GetRequirements ¶

func (h *HIPAAComplianceChecker) GetRequirements() []Requirement

func (*HIPAAComplianceChecker) GetStandard ¶

func (h *HIPAAComplianceChecker) GetStandard() string

func (*HIPAAComplianceChecker) Validate ¶

func (h *HIPAAComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)

type Impact ¶

type Impact string

const (
	ImpactVeryLow  Impact = "very_low"
	ImpactLow      Impact = "low"
	ImpactMedium   Impact = "medium"
	ImpactHigh     Impact = "high"
	ImpactVeryHigh Impact = "very_high"
)

type ImpactAssessment ¶

type ImpactAssessment struct {
	Confidentiality Impact
	Integrity       Impact
	Availability    Impact
	Financial       Impact
	Reputation      Impact
	Legal           Impact
}

type Likelihood ¶

type Likelihood string

const (
	LikelihoodVeryLow  Likelihood = "very_low"
	LikelihoodLow      Likelihood = "low"
	LikelihoodMedium   Likelihood = "medium"
	LikelihoodHigh     Likelihood = "high"
	LikelihoodVeryHigh Likelihood = "very_high"
)

type Mitigation ¶

type Mitigation struct {
	ID            string
	Name          string
	Description   string
	Type          MitigationType
	Effectiveness float64
	Cost          Cost
	Threats       []string // Threat IDs this mitigation addresses
}

type MitigationType ¶

type MitigationType string

const (
	MitigationTypePreventive MitigationType = "preventive"
	MitigationTypeDetective  MitigationType = "detective"
	MitigationTypeResponsive MitigationType = "responsive"
	MitigationTypeRecovery   MitigationType = "recovery"
)

type OWASPScanner ¶

type OWASPScanner struct {
	// contains filtered or unexported fields
}

OWASP Top 10 Scanner Implementation

func NewOWASPScanner ¶

func NewOWASPScanner(timeout time.Duration) *OWASPScanner

func (*OWASPScanner) GenerateReport ¶

func (o *OWASPScanner) GenerateReport(vulns []Vulnerability) SecurityReport

func (*OWASPScanner) GetScanType ¶

func (o *OWASPScanner) GetScanType() ScanType

func (*OWASPScanner) GetSeverity ¶

func (o *OWASPScanner) GetSeverity(vuln Vulnerability) Severity

func (*OWASPScanner) Scan ¶

func (o *OWASPScanner) Scan(ctx context.Context, target SecurityTarget) ([]Vulnerability, error)

type PCIDSSComplianceChecker ¶

type PCIDSSComplianceChecker struct {
	// contains filtered or unexported fields
}

PCI DSS Compliance Checker for E-commerce Applications

func NewPCIDSSComplianceChecker ¶

func NewPCIDSSComplianceChecker(timeout time.Duration) *PCIDSSComplianceChecker

func (*PCIDSSComplianceChecker) GenerateComplianceReport ¶

func (p *PCIDSSComplianceChecker) GenerateComplianceReport() ComplianceReport

func (*PCIDSSComplianceChecker) GetRequirements ¶

func (p *PCIDSSComplianceChecker) GetRequirements() []Requirement

func (*PCIDSSComplianceChecker) GetStandard ¶

func (p *PCIDSSComplianceChecker) GetStandard() string

func (*PCIDSSComplianceChecker) Validate ¶

func (p *PCIDSSComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)

type PenetrationTest ¶

type PenetrationTest interface {
	Execute(ctx context.Context, target SecurityTarget) ([]SecurityFinding, error)
	GetTestType() string
	GetRiskLevel() RiskLevel
	ValidateExploit(finding SecurityFinding) bool
}

type Priority ¶

type Priority string

const (
	PriorityLow      Priority = "low"
	PriorityMedium   Priority = "medium"
	PriorityHigh     Priority = "high"
	PriorityCritical Priority = "critical"
)

type PrivilegeLevel ¶

type PrivilegeLevel string

const (
	PrivilegeLevelNone PrivilegeLevel = "none"
	PrivilegeLevelLow  PrivilegeLevel = "low"
	PrivilegeLevelHigh PrivilegeLevel = "high"
)

type RemediationPlan ¶

type RemediationPlan struct {
	Steps     []RemediationStep
	Priority  Priority
	Effort    Effort
	Timeline  time.Duration
	Resources []string
}

type RemediationStep ¶

type RemediationStep struct {
	ID          string
	Description string
	Action      string
	Owner       string
	Deadline    time.Time
	Status      StepStatus
}

type ReportFormat ¶

type ReportFormat string

const (
	ReportFormatJSON ReportFormat = "json"
	ReportFormatHTML ReportFormat = "html"
	ReportFormatPDF  ReportFormat = "pdf"
)

type Requirement ¶

type Requirement struct {
	ID          string
	Description string
	Category    string
	Mandatory   bool
	TestMethod  string
}

type RequirementResult ¶

type RequirementResult struct {
	ID          string
	Description string
	Status      ComplianceStatus
	Evidence    []Evidence
	Notes       string
}

type Risk ¶

type Risk struct {
	ThreatID     string
	AssetID      string
	Likelihood   Likelihood
	Impact       Impact
	RiskLevel    RiskLevel
	Mitigations  []string
	ResidualRisk RiskLevel
}

type RiskLevel ¶

type RiskLevel string

const (
	RiskLevelLow      RiskLevel = "low"
	RiskLevelMedium   RiskLevel = "medium"
	RiskLevelHigh     RiskLevel = "high"
	RiskLevelCritical RiskLevel = "critical"
)

type RiskMatrix ¶

type RiskMatrix struct {
	Risks []Risk
}

type SOC2ComplianceChecker ¶

type SOC2ComplianceChecker struct {
	// contains filtered or unexported fields
}

SOC 2 Compliance Checker for General Enterprise Applications

func NewSOC2ComplianceChecker ¶

func NewSOC2ComplianceChecker(timeout time.Duration) *SOC2ComplianceChecker

func (*SOC2ComplianceChecker) GenerateComplianceReport ¶

func (s *SOC2ComplianceChecker) GenerateComplianceReport() ComplianceReport

func (*SOC2ComplianceChecker) GetRequirements ¶

func (s *SOC2ComplianceChecker) GetRequirements() []Requirement

func (*SOC2ComplianceChecker) GetStandard ¶

func (s *SOC2ComplianceChecker) GetStandard() string

func (*SOC2ComplianceChecker) Validate ¶

func (s *SOC2ComplianceChecker) Validate(ctx context.Context, system SystemInfo) (ComplianceResult, error)

type ScanType ¶

type ScanType string

const (
	ScanTypeOWASP ScanType = "owasp"
	ScanTypeSAST  ScanType = "sast"
	ScanTypeDAST  ScanType = "dast"
	ScanTypeIAST  ScanType = "iast"
	ScanTypeAPI   ScanType = "api"
)

type SecurityConfig ¶

type SecurityConfig struct {
	MaxScanTime       time.Duration
	ThreatThreshold   Severity
	ComplianceLevel   ComplianceLevel
	EnablePenetration bool
	EnableCompliance  bool
	ReportFormat      ReportFormat
	AlertOnCritical   bool
}

SecurityConfig configures security validation behavior

type SecurityContext ¶

type SecurityContext struct {
	UserAgent   string
	SessionID   string
	RequestID   string
	TenantID    string
	UserID      string
	Permissions []string
	Roles       []string
}

type SecurityCredentials ¶

type SecurityCredentials struct {
	Username string
	Password string
	Token    string
	APIKey   string
	Headers  map[string]string
}

Supporting types

type SecurityFinding ¶

type SecurityFinding struct {
	ID          string
	Type        string
	RiskLevel   RiskLevel
	Title       string
	Description string
	Evidence    []Evidence
	Remediation string
	FoundAt     time.Time
}

type SecurityReport ¶

type SecurityReport struct {
	ScanType        ScanType
	Timestamp       time.Time
	Vulnerabilities []Vulnerability
	Summary         SecurityReportSummary
}

Supporting types for the framework

type SecurityReportSummary ¶

type SecurityReportSummary struct {
	Total    int
	Critical int
	High     int
	Medium   int
	Low      int
}

type SecuritySummary ¶

type SecuritySummary struct {
	TotalVulnerabilities int
	TotalFindings        int
	ComplianceViolations int
	RiskScore            float64
	CriticalIssues       int
	HighIssues           int
	MediumIssues         int
	LowIssues            int
}

type SecurityTarget ¶

type SecurityTarget struct {
	Type        TargetType
	URL         string
	Credentials SecurityCredentials
	Context     SecurityContext
	Assets      []Asset
	ThreatModel ThreatModel
}

SecurityTarget represents a target for security testing

type SecurityValidationResult ¶

type SecurityValidationResult struct {
	Target     SecurityTarget
	StartTime  time.Time
	EndTime    time.Time
	Duration   time.Duration
	Scanners   map[string][]Vulnerability
	PenTests   map[string][]SecurityFinding
	Compliance map[string]ComplianceResult
	Summary    SecuritySummary
	Errors     []string
}

SecurityValidationResult contains comprehensive security validation results

type SecurityValidator ¶

type SecurityValidator struct {
	// contains filtered or unexported fields
}

SecurityValidator provides comprehensive security testing automation

func NewSecurityValidator ¶

func NewSecurityValidator(config SecurityConfig) *SecurityValidator

NewSecurityValidator creates a new security validator

func (*SecurityValidator) AddComplianceCheck ¶

func (sv *SecurityValidator) AddComplianceCheck(check ComplianceCheck)

AddComplianceCheck adds a compliance check

func (*SecurityValidator) AddPenetrationTest ¶

func (sv *SecurityValidator) AddPenetrationTest(test PenetrationTest)

AddPenetrationTest adds a penetration test

func (*SecurityValidator) AddScanner ¶

func (sv *SecurityValidator) AddScanner(scanner VulnerabilityScanner)

AddScanner adds a vulnerability scanner

func (*SecurityValidator) ValidateTarget ¶

func (sv *SecurityValidator) ValidateTarget(ctx context.Context, target SecurityTarget) (*SecurityValidationResult, error)

ValidateTarget performs comprehensive security validation

type Severity ¶

type Severity string

Core security types

const (
	SeverityLow      Severity = "low"
	SeverityMedium   Severity = "medium"
	SeverityHigh     Severity = "high"
	SeverityCritical Severity = "critical"
)

type StepStatus ¶

type StepStatus string

const (
	StepStatusPending    StepStatus = "pending"
	StepStatusInProgress StepStatus = "in_progress"
	StepStatusCompleted  StepStatus = "completed"
	StepStatusBlocked    StepStatus = "blocked"
)

type SystemComponent ¶

type SystemComponent struct {
	Name    string
	Version string
	Type    string
	Config  map[string]any
}

type SystemInfo ¶

type SystemInfo struct {
	Target      SecurityTarget
	Timestamp   time.Time
	Environment string
	Version     string
	Components  []SystemComponent
}

type TargetType ¶

type TargetType string

const (
	TargetTypeAPI         TargetType = "api"
	TargetTypeDatabase    TargetType = "database"
	TargetTypeNetwork     TargetType = "network"
	TargetTypeApplication TargetType = "application"
	TargetTypeInfra       TargetType = "infrastructure"
)

type Threat ¶

type Threat struct {
	ID          string
	Name        string
	Description string
	Category    ThreatCategory
	Likelihood  Likelihood
	Impact      Impact
	Vectors     []AttackVector
}

type ThreatCategory ¶

type ThreatCategory string

const (
	ThreatCategorySpoofing        ThreatCategory = "spoofing"
	ThreatCategoryTampering       ThreatCategory = "tampering"
	ThreatCategoryRepudiation     ThreatCategory = "repudiation"
	ThreatCategoryInfoDisclosure  ThreatCategory = "information_disclosure"
	ThreatCategoryDenialOfService ThreatCategory = "denial_of_service"
	ThreatCategoryElevationPriv   ThreatCategory = "elevation_of_privilege"
)

type ThreatModel ¶

type ThreatModel struct {
	Assets      []Asset
	Threats     []Threat
	Mitigations []Mitigation
	RiskMatrix  RiskMatrix
}

type Vulnerability ¶

type Vulnerability struct {
	ID          string
	Type        VulnerabilityType
	Severity    Severity
	Title       string
	Description string
	Impact      ImpactAssessment
	Remediation RemediationPlan
	CVSS        CVSSScore
	References  []string
	FoundAt     time.Time
	Location    string
	Evidence    []Evidence
}

Vulnerability represents a security vulnerability

type VulnerabilityScanner ¶

type VulnerabilityScanner interface {
	Scan(ctx context.Context, target SecurityTarget) ([]Vulnerability, error)
	GetSeverity(vuln Vulnerability) Severity
	GenerateReport(vulns []Vulnerability) SecurityReport
	GetScanType() ScanType
}

Security interfaces

type VulnerabilityType ¶

type VulnerabilityType string

const (
	VulnTypeInjection       VulnerabilityType = "injection"
	VulnTypeAuth            VulnerabilityType = "authentication"
	VulnTypeDataExposure    VulnerabilityType = "data_exposure"
	VulnTypeXSS             VulnerabilityType = "xss"
	VulnTypeCSRF            VulnerabilityType = "csrf"
	VulnTypeInsecureConfig  VulnerabilityType = "insecure_config"
	VulnTypeAccessControl   VulnerabilityType = "access_control"
	VulnTypeCrypto          VulnerabilityType = "cryptographic"
	VulnTypeDeserialization VulnerabilityType = "deserialization"
	VulnTypeLogging         VulnerabilityType = "logging"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL