Documentation
¶
Index ¶
- Variables
- func GetAgenticCategories() map[OWASPAgenticCategory]AgenticCategoryInfo
- type AgenticCategoryCoverage
- type AgenticCategoryInfo
- type AgenticCategoryMapping
- type AgenticComplianceGap
- type AgenticComplianceReport
- type AgenticComplianceSummary
- type AssessmentEngine
- type AssessmentResult
- type CategoryCoverage
- type CategoryInfo
- type Clause
- type ComplianceGap
- type ComplianceMapping
- type ComplianceReport
- type ComplianceSummary
- type Control
- type CoverageLevel
- type Evidence
- type EvidenceStore
- type Finding
- type Gap
- type ISO42001Compliance
- type ISO42001Standard
- type ISO42001Summary
- type ImplementationStatus
- type OWASPAgenticCategory
- type OWASPComplianceReport
- type OWASPLLMCategory
- type OWASPLLMMapping
- type OWASPLLMSubcategory
- type OWASPLLMValidator
- func (v *OWASPLLMValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*OWASPComplianceReport, error)
- func (v *OWASPLLMValidator) GetAllCategories() []CategoryInfo
- func (v *OWASPLLMValidator) GetCategoryInfo(category OWASPLLMCategory) (CategoryInfo, bool)
- func (v *OWASPLLMValidator) ValidateMapping(mapping *ComplianceMapping) (bool, []string, error)
- type Recommendation
- type Requirement
- type SubcategoryInfo
- type TemplateComplianceValidator
- func (v *TemplateComplianceValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*ComplianceReport, error)
- func (v *TemplateComplianceValidator) GetComplianceCoverage(templates []interface{}) (map[OWASPLLMCategory]float64, error)
- func (v *TemplateComplianceValidator) SuggestComplianceMapping(template map[string]interface{}, templatePath string) (*ComplianceMapping, error)
- func (v *TemplateComplianceValidator) ValidateTemplateCompliance(template map[string]interface{}) (bool, []string, error)
- type TemplateSummary
Constants ¶
This section is empty.
Variables ¶
var GeneratedTechniqueToAgenticCategories = map[string][]OWASPAgenticCategory{ "agent_collusion": {InsecureInterAgent, RogueAgents}, "agent_config_rewrite": {MemoryPoisoning, RogueAgents}, "agent_privilege_escalation": {PrivilegeAbuse}, "agent_shell_injection": {ToolMisuse, UnexpectedCodeExecution, CascadingFailures}, "audio_jailbreak": {AgentGoalHijack}, "autonomous_jailbreak": {RogueAgents}, "bad_likert_judge": {AgentGoalHijack, TrustExploitation}, "browser_css_hidden": {AgentGoalHijack}, "browser_html_comment": {AgentGoalHijack}, "content_concretization": {AgentGoalHijack}, "cot_phishing_reasoning": {TrustExploitation}, "crescendo": {AgentGoalHijack}, "deceptive_alignment": {TrustExploitation, RogueAgents}, "delegation_escalation": {PrivilegeAbuse}, "h_cot": {AgentGoalHijack}, "imist_function_transform": {ToolMisuse}, "imist_schema_exploit": {ToolMisuse}, "immersive_world": {AgentGoalHijack, TrustExploitation}, "injecmem": {MemoryPoisoning}, "iterinject": {AgentGoalHijack}, "jbfuzz": {AgentGoalHijack}, "kg_triple_injection": {AgenticSupplyChain, MemoryPoisoning}, "many_shot": {MemoryPoisoning}, "mcp_filesystem_escape": {UnexpectedCodeExecution}, "mcp_sampling_injection": {ToolMisuse, InsecureInterAgent}, "mcp_supply_chain": {PrivilegeAbuse, AgenticSupplyChain}, "mcp_tool_desc_injection": {ToolMisuse}, "mcp_tool_shadow": {ToolMisuse}, "memmorph": {MemoryPoisoning}, "memorygraft": {MemoryPoisoning, RogueAgents}, "minja": {MemoryPoisoning}, "multilingual_audio_translation": {AgentGoalHijack}, "persona_evolve": {AgentGoalHijack, TrustExploitation}, "poisoned_rag_direct": {MemoryPoisoning}, "rce_chain": {UnexpectedCodeExecution}, "reasoning_loop_exploit": {CascadingFailures}, "recursive_spawn_abuse": {CascadingFailures}, "siva": {AgentGoalHijack}, "skeleton_key": {AgentGoalHijack}, "skill_poisoning": {AgenticSupplyChain}, "skill_takeover_chain": {AgenticSupplyChain}, "sleeper": {MemoryPoisoning, RogueAgents}, "symjack": {AgentGoalHijack, UnexpectedCodeExecution}, "toxic_agent_flow": {InsecureInterAgent}, "trustfall": {AgentGoalHijack, UnexpectedCodeExecution}, "vec_embed_semantic_mirror": {MemoryPoisoning}, "vsh": {AgentGoalHijack}, }
GeneratedTechniqueToAgenticCategories is the build-derived counterpart of the hand-written TechniqueToAgenticCategories. v0.9.0 ships both side-by-side; v0.10.0 will switch the lookup to use this map exclusively.
Functions ¶
func GetAgenticCategories ¶ added in v0.8.0
func GetAgenticCategories() map[OWASPAgenticCategory]AgenticCategoryInfo
GetAgenticCategories returns the full list of OWASP Agentic categories
Types ¶
type AgenticCategoryCoverage ¶ added in v0.8.0
type AgenticCategoryCoverage struct {
Category OWASPAgenticCategory `json:"category"`
Name string `json:"name"`
Status string `json:"status"` // "full", "partial", "not_covered"
TechniqueCount int `json:"technique_count"`
TestCaseCount int `json:"test_case_count"`
Techniques []string `json:"techniques"`
}
AgenticCategoryCoverage represents the coverage for an agentic category
type AgenticCategoryInfo ¶ added in v0.8.0
type AgenticCategoryInfo struct {
ID OWASPAgenticCategory
Name string
Description string
LLMTopTenLinks []OWASPLLMCategory // companion LLM Top 10 2025 mappings
ATLASTactics []string
ATLASTechniques []string
MAESTROLayers []string
}
AgenticCategoryInfo contains information about an OWASP Agentic category
func GetAgenticCategoryInfo ¶ added in v0.8.0
func GetAgenticCategoryInfo(cat OWASPAgenticCategory) (AgenticCategoryInfo, bool)
GetAgenticCategoryInfo returns info for a specific category
type AgenticCategoryMapping ¶ added in v0.8.0
type AgenticCategoryMapping struct {
Category OWASPAgenticCategory `json:"category"`
Coverage CoverageLevel `json:"coverage,omitempty"`
}
AgenticCategoryMapping maps an attack technique to Agentic categories
type AgenticComplianceGap ¶ added in v0.8.0
type AgenticComplianceGap struct {
Category OWASPAgenticCategory `json:"category"`
Name string `json:"name"`
Status string `json:"status"`
Recommendation string `json:"recommendation"`
}
AgenticComplianceGap represents a gap in agentic compliance coverage
type AgenticComplianceReport ¶ added in v0.8.0
type AgenticComplianceReport struct {
ReportID string `json:"report_id"`
GeneratedAt string `json:"generated_at"`
Framework string `json:"framework"`
Summary AgenticComplianceSummary `json:"summary"`
Categories []AgenticCategoryCoverage `json:"categories"`
Gaps []AgenticComplianceGap `json:"gaps"`
}
AgenticComplianceReport represents an OWASP Agentic compliance report
type AgenticComplianceSummary ¶ added in v0.8.0
type AgenticComplianceSummary struct {
TotalCategories int `json:"total_categories"`
CategoriesCovered int `json:"categories_covered"`
TotalTechniques int `json:"total_techniques"`
ComplianceScore float64 `json:"compliance_score"`
GapsIdentified int `json:"gaps_identified"`
}
AgenticComplianceSummary provides a summary of agentic compliance status
type AssessmentEngine ¶
type AssessmentEngine interface {
Assess(control *Control, evidence []Evidence) (*AssessmentResult, error)
CalculateCompliance(results []*AssessmentResult) float64
}
AssessmentEngine interface for assessing controls
type AssessmentResult ¶
type AssessmentResult struct {
ControlID string `json:"controlId"`
Status string `json:"status"`
ComplianceScore float64 `json:"complianceScore"`
Findings []Finding `json:"findings"`
Recommendations []string `json:"recommendations"`
AssessmentDate time.Time `json:"assessmentDate"`
NextReviewDate time.Time `json:"nextReviewDate"`
Details map[string]interface{} `json:"details"`
}
AssessmentResult represents the result of a control assessment
type CategoryCoverage ¶
type CategoryCoverage struct {
Category OWASPLLMCategory
Name string
Status string // "full", "partial", "not_covered"
TemplatesCount int
SubcategoriesCovered int
SubcategoriesTotal int
Templates []TemplateSummary
MissingSubcategories []OWASPLLMSubcategory
}
CategoryCoverage represents the coverage for a category
type CategoryInfo ¶
type CategoryInfo struct {
ID OWASPLLMCategory
Name string
Description string
Subcategories []SubcategoryInfo
}
CategoryInfo contains information about an OWASP LLM category
type Clause ¶
type Clause struct {
ID string `json:"id"`
Number string `json:"number"`
Title string `json:"title"`
Description string `json:"description"`
Controls []Control `json:"controls"`
Requirements []Requirement `json:"requirements"`
}
Clause represents a clause in ISO 42001
type ComplianceGap ¶
type ComplianceGap struct {
Category OWASPLLMCategory `json:"category"`
Name string `json:"name"`
Status string `json:"status"`
MissingSubcategories []OWASPLLMSubcategory `json:"missing_subcategories"`
Recommendation string `json:"recommendation"`
}
ComplianceGap represents a gap in compliance coverage
type ComplianceMapping ¶
type ComplianceMapping struct {
OWASPLLM []OWASPLLMMapping `json:"owasp-llm,omitempty"`
Other map[string]interface{} `json:"-"`
}
ComplianceMapping represents the compliance mappings for a template
type ComplianceReport ¶
type ComplianceReport struct {
Standard string `json:"standard"`
AssessmentDate time.Time `json:"assessmentDate"`
Results map[string]*AssessmentResult `json:"results"`
OverallCompliance float64 `json:"overallCompliance"`
Recommendations []Recommendation `json:"recommendations"`
ExecutiveSummary string `json:"executiveSummary"`
}
ComplianceReport represents a compliance assessment report
type ComplianceSummary ¶
type ComplianceSummary struct {
TotalCategories int `json:"total_categories"`
CategoriesCovered int `json:"categories_covered"`
TotalTemplates int `json:"total_templates"`
ComplianceScore float64 `json:"compliance_score"`
GapsIdentified int `json:"gaps_identified"`
}
ComplianceSummary provides a summary of compliance status
type Control ¶
type Control struct {
ID string `json:"id"`
ClauseNumber string `json:"clauseNumber"`
Title string `json:"title"`
Description string `json:"description"`
Type string `json:"type"` // technical, organizational, documentation
Implementation ImplementationStatus `json:"implementation"`
Evidence []Evidence `json:"evidence"`
Gaps []Gap `json:"gaps"`
Recommendations []string `json:"recommendations"`
Metadata map[string]interface{} `json:"metadata"`
}
Control represents a control within a clause
type CoverageLevel ¶
type CoverageLevel string
CoverageLevel represents the level of coverage for a category or subcategory
const ( BasicCoverage CoverageLevel = "basic" ComprehensiveCoverage CoverageLevel = "comprehensive" AdvancedCoverage CoverageLevel = "advanced" )
Coverage levels
type Evidence ¶
type Evidence struct {
ID string `json:"id"`
Type string `json:"type"` // document, log, scan_result, test_result
Title string `json:"title"`
Description string `json:"description"`
Location string `json:"location"`
Date time.Time `json:"date"`
Status string `json:"status"`
Metadata map[string]interface{} `json:"metadata"`
}
Evidence represents evidence for control implementation
type EvidenceStore ¶
type EvidenceStore interface {
Store(evidence Evidence) error
Retrieve(controlID string) ([]Evidence, error)
Search(criteria map[string]interface{}) ([]Evidence, error)
}
EvidenceStore interface for storing and retrieving evidence
type Finding ¶
type Finding struct {
ID string `json:"id"`
Severity string `json:"severity"`
Description string `json:"description"`
Impact string `json:"impact"`
ControlID string `json:"controlId"`
Timestamp time.Time `json:"timestamp"`
}
Finding represents a compliance finding
type Gap ¶
type Gap struct {
ID string `json:"id"`
ControlID string `json:"controlId"`
Description string `json:"description"`
Severity string `json:"severity"` // critical, high, medium, low
DueDate time.Time `json:"dueDate"`
Status string `json:"status"` // open, in_progress, closed
}
Gap represents a compliance gap
type ISO42001Compliance ¶
type ISO42001Compliance struct {
// contains filtered or unexported fields
}
ISO42001Compliance provides ISO 42001 compliance checking
func NewISO42001Compliance ¶
func NewISO42001Compliance() *ISO42001Compliance
NewISO42001Compliance creates a new ISO 42001 compliance checker
func (*ISO42001Compliance) CheckCompliance ¶
func (iso *ISO42001Compliance) CheckCompliance() (*ComplianceReport, error)
CheckCompliance performs a comprehensive compliance check
func (*ISO42001Compliance) ExportReport ¶
func (iso *ISO42001Compliance) ExportReport(report *ComplianceReport, format string) ([]byte, error)
ExportReport exports the compliance report in various formats
type ISO42001Standard ¶
ISO42001Standard represents the ISO/IEC 42001:2023 standard
type ISO42001Summary ¶
type ISO42001Summary struct {
TotalControls int `json:"totalControls"`
CompliantControls int `json:"compliantControls"`
PartialControls int `json:"partialControls"`
NonCompliantControls int `json:"nonCompliantControls"`
CriticalGaps int `json:"criticalGaps"`
HighGaps int `json:"highGaps"`
MediumGaps int `json:"mediumGaps"`
LowGaps int `json:"lowGaps"`
}
ISO42001Summary represents a compliance summary for ISO 42001
type ImplementationStatus ¶
type ImplementationStatus struct {
Status string `json:"status"` // not_implemented, partial, implemented, verified
Percentage float64 `json:"percentage"`
LastAssessed time.Time `json:"lastAssessed"`
AssessedBy string `json:"assessedBy"`
EffectiveDate time.Time `json:"effectiveDate"`
ExpirationDate time.Time `json:"expirationDate,omitempty"`
}
ImplementationStatus represents the status of control implementation
type OWASPAgenticCategory ¶ added in v0.8.0
type OWASPAgenticCategory string
OWASPAgenticCategory represents an OWASP Agentic Top 10 2026 category
const ( AgentGoalHijack OWASPAgenticCategory = "ASI01" ToolMisuse OWASPAgenticCategory = "ASI02" PrivilegeAbuse OWASPAgenticCategory = "ASI03" AgenticSupplyChain OWASPAgenticCategory = "ASI04" UnexpectedCodeExecution OWASPAgenticCategory = "ASI05" MemoryPoisoning OWASPAgenticCategory = "ASI06" InsecureInterAgent OWASPAgenticCategory = "ASI07" CascadingFailures OWASPAgenticCategory = "ASI08" TrustExploitation OWASPAgenticCategory = "ASI09" RogueAgents OWASPAgenticCategory = "ASI10" )
OWASP Top 10 for Agentic Applications 2026 categories
func TechniqueToAgenticCategories ¶ added in v0.8.0
func TechniqueToAgenticCategories(techniqueID string) []OWASPAgenticCategory
TechniqueToAgenticCategories maps a technique ID to its OWASP Agentic categories. This is the Go-side equivalent of the technique_index in the YAML file.
type OWASPComplianceReport ¶
type OWASPComplianceReport struct {
ReportID string `json:"report_id"`
GeneratedAt string `json:"generated_at"`
Framework string `json:"framework"`
Summary ComplianceSummary `json:"summary"`
Categories []CategoryCoverage `json:"categories"`
Gaps []ComplianceGap `json:"gaps"`
}
OWASPComplianceReport represents an OWASP LLM compliance report
type OWASPLLMCategory ¶
type OWASPLLMCategory string
OWASPLLMCategory represents an OWASP LLM Top 10 category
const ( PromptInjection OWASPLLMCategory = "LLM01" InsecureOutputHandling OWASPLLMCategory = "LLM02" TrainingDataPoisoning OWASPLLMCategory = "LLM03" ModelDenialOfService OWASPLLMCategory = "LLM04" SupplyChainVulnerabilities OWASPLLMCategory = "LLM05" SensitiveInfoDisclosure OWASPLLMCategory = "LLM06" InsecurePluginDesign OWASPLLMCategory = "LLM07" ExcessiveAgency OWASPLLMCategory = "LLM08" Overreliance OWASPLLMCategory = "LLM09" ModelTheft OWASPLLMCategory = "LLM10" )
OWASP LLM Top 10 categories
type OWASPLLMMapping ¶
type OWASPLLMMapping struct {
Category OWASPLLMCategory `json:"category"`
Subcategory OWASPLLMSubcategory `json:"subcategory,omitempty"`
Coverage CoverageLevel `json:"coverage,omitempty"`
}
OWASPLLMMapping represents a mapping to an OWASP LLM Top 10 category and subcategory
type OWASPLLMSubcategory ¶
type OWASPLLMSubcategory string
OWASPLLMSubcategory represents a subcategory within an OWASP LLM Top 10 category
const ( // LLM01 subcategories DirectInjection OWASPLLMSubcategory = "direct-injection" IndirectInjection OWASPLLMSubcategory = "indirect-injection" Jailbreaking OWASPLLMSubcategory = "jailbreaking" // LLM02 subcategories XSS OWASPLLMSubcategory = "xss" SSRF OWASPLLMSubcategory = "ssrf" CommandInjection OWASPLLMSubcategory = "command-injection" SQLInjection OWASPLLMSubcategory = "sql-injection" // LLM03 subcategories DataPoisoning OWASPLLMSubcategory = "data-poisoning" BackdoorAttacks OWASPLLMSubcategory = "backdoor-attacks" BiasInjection OWASPLLMSubcategory = "bias-injection" // LLM04 subcategories ResourceExhaustion OWASPLLMSubcategory = "resource-exhaustion" TokenFlooding OWASPLLMSubcategory = "token-flooding" ContextWindowSaturation OWASPLLMSubcategory = "context-window-saturation" // LLM05 subcategories PretrainedModelVulnerabilities OWASPLLMSubcategory = "pretrained-model-vulnerabilities" DependencyRisks OWASPLLMSubcategory = "dependency-risks" IntegrationVulnerabilities OWASPLLMSubcategory = "integration-vulnerabilities" // LLM06 subcategories TrainingDataExtraction OWASPLLMSubcategory = "training-data-extraction" CredentialLeakage OWASPLLMSubcategory = "credential-leakage" // #nosec G101 -- false positive: this is an OWASP LLM Top 10 security category identifier, not a hardcoded credential PIIDisclosure OWASPLLMSubcategory = "pii-disclosure" // LLM07 subcategories PluginEscalation OWASPLLMSubcategory = "plugin-escalation" DataLeakage OWASPLLMSubcategory = "data-leakage" // LLM08 subcategories ScopeExpansion OWASPLLMSubcategory = "scope-expansion" PrivilegeEscalation OWASPLLMSubcategory = "privilege-escalation" // LLM09 subcategories HallucinationAcceptance OWASPLLMSubcategory = "hallucination-acceptance" UnverifiedRecommendations OWASPLLMSubcategory = "unverified-recommendations" CriticalDecisionDelegation OWASPLLMSubcategory = "critical-decision-delegation" // LLM10 subcategories ModelExtraction OWASPLLMSubcategory = "model-extraction" WeightStealing OWASPLLMSubcategory = "weight-stealing" ArchitectureInference OWASPLLMSubcategory = "architecture-inference" )
OWASP LLM Top 10 subcategories
type OWASPLLMValidator ¶
type OWASPLLMValidator struct {
// contains filtered or unexported fields
}
OWASPLLMValidator validates OWASP LLM compliance mappings
func NewDefaultOWASPLLMValidator ¶
func NewDefaultOWASPLLMValidator() (*OWASPLLMValidator, error)
NewDefaultOWASPLLMValidator creates a new OWASP LLM compliance validator with the default schema path
func NewOWASPLLMValidator ¶
func NewOWASPLLMValidator(schemaPath string) (*OWASPLLMValidator, error)
NewOWASPLLMValidator creates a new OWASP LLM compliance validator
func (*OWASPLLMValidator) GenerateComplianceReport ¶
func (v *OWASPLLMValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*OWASPComplianceReport, error)
GenerateComplianceReport generates a compliance report for a set of templates
func (*OWASPLLMValidator) GetAllCategories ¶
func (v *OWASPLLMValidator) GetAllCategories() []CategoryInfo
GetAllCategories returns information about all OWASP LLM categories
func (*OWASPLLMValidator) GetCategoryInfo ¶
func (v *OWASPLLMValidator) GetCategoryInfo(category OWASPLLMCategory) (CategoryInfo, bool)
GetCategoryInfo returns information about an OWASP LLM category
func (*OWASPLLMValidator) ValidateMapping ¶
func (v *OWASPLLMValidator) ValidateMapping(mapping *ComplianceMapping) (bool, []string, error)
ValidateMapping validates an OWASP LLM compliance mapping
type Recommendation ¶
type Recommendation struct {
ID string `json:"id"`
Priority string `json:"priority"`
Description string `json:"description"`
Actions []string `json:"actions"`
Timeline string `json:"timeline"`
}
Recommendation represents a compliance recommendation
type Requirement ¶
type Requirement struct {
ID string `json:"id"`
Description string `json:"description"`
Mandatory bool `json:"mandatory"`
Verifiable bool `json:"verifiable"`
}
Requirement represents a specific requirement
type SubcategoryInfo ¶
type SubcategoryInfo struct {
ID OWASPLLMSubcategory
Name string
Description string
}
SubcategoryInfo contains information about an OWASP LLM subcategory
type TemplateComplianceValidator ¶
type TemplateComplianceValidator struct {
// contains filtered or unexported fields
}
TemplateComplianceValidator validates template compliance mappings
func NewTemplateComplianceValidator ¶
func NewTemplateComplianceValidator() (*TemplateComplianceValidator, error)
NewTemplateComplianceValidator creates a new template compliance validator
func (*TemplateComplianceValidator) GenerateComplianceReport ¶
func (v *TemplateComplianceValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*ComplianceReport, error)
GenerateComplianceReport generates a compliance report for a set of templates
func (*TemplateComplianceValidator) GetComplianceCoverage ¶
func (v *TemplateComplianceValidator) GetComplianceCoverage(templates []interface{}) (map[OWASPLLMCategory]float64, error)
GetComplianceCoverage calculates compliance coverage for a set of templates
func (*TemplateComplianceValidator) SuggestComplianceMapping ¶
func (v *TemplateComplianceValidator) SuggestComplianceMapping(template map[string]interface{}, templatePath string) (*ComplianceMapping, error)
SuggestComplianceMapping suggests compliance mappings for a template based on its content
func (*TemplateComplianceValidator) ValidateTemplateCompliance ¶
func (v *TemplateComplianceValidator) ValidateTemplateCompliance(template map[string]interface{}) (bool, []string, error)
ValidateTemplateCompliance validates a template's compliance mappings
type TemplateSummary ¶
type TemplateSummary struct {
ID string
Name string
Subcategory OWASPLLMSubcategory
Coverage CoverageLevel
}
TemplateSummary provides a summary of a template