Documentation
¶
Overview ¶
Package security provides template security verification mechanisms
Package security provides template security verification mechanisms ¶
Package security provides template security verification mechanisms ¶
Package security provides template security verification mechanisms
Index ¶
- func RunScheduledVerification(ctx context.Context, pipeline *Pipeline, config *PipelineConfig)
- func VerificationResultToTestResult(result *VerificationResult) *common.TestResult
- type ContentValidator
- type DataLeakageCheck
- type DefaultTemplateSecurityReporter
- func (r *DefaultTemplateSecurityReporter) CalculateSummary(results []*VerificationResult) *VerificationSummary
- func (r *DefaultTemplateSecurityReporter) ConvertToTestResults(report *VerificationReport) []*common.TestResult
- func (r *DefaultTemplateSecurityReporter) GenerateReport(results []*VerificationResult) (*VerificationReport, error)
- type InjectionPatternCheck
- type InjectionValidator
- type InputValidationCheck
- type NotificationConfig
- type Pipeline
- type PipelineConfig
- type RegexSafetyCheck
- type ScheduleConfig
- type SecurityIssue
- type SecurityIssueType
- type SyntaxValidator
- type TemplateFormatCheck
- type TemplateInfo
- type TemplateSecurityReporter
- type TemplateVerifier
- type ValidationResult
- type Validator
- type VerificationConfig
- type VerificationOptions
- type VerificationReport
- type VerificationResult
- type VerificationSummary
- type Verifier
- func (v *Verifier) AddValidator(name string, validator Validator) error
- func (v *Verifier) ClearCache()
- func (v *Verifier) Disable()
- func (v *Verifier) Enable()
- func (v *Verifier) GetValidators() []string
- func (v *Verifier) IsEnabled() bool
- func (v *Verifier) RemoveValidator(name string)
- func (v *Verifier) VerifyTemplate(ctx context.Context, templateInfo *TemplateInfo) (*VerifierResult, error)
- type VerifierIssue
- type VerifierResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RunScheduledVerification ¶
func RunScheduledVerification(ctx context.Context, pipeline *Pipeline, config *PipelineConfig)
RunScheduledVerification runs the template security verification pipeline on a schedule
func VerificationResultToTestResult ¶
func VerificationResultToTestResult(result *VerificationResult) *common.TestResult
VerificationResultToTestResult converts a verification result to a test result
Types ¶
type ContentValidator ¶ added in v0.8.0
type ContentValidator struct{}
ContentValidator validates template content
func (*ContentValidator) GetName ¶ added in v0.8.0
func (cv *ContentValidator) GetName() string
func (*ContentValidator) GetVersion ¶ added in v0.8.0
func (cv *ContentValidator) GetVersion() string
func (*ContentValidator) Validate ¶ added in v0.8.0
func (cv *ContentValidator) Validate(ctx context.Context, template []byte) (*ValidationResult, error)
type DataLeakageCheck ¶
type DataLeakageCheck struct{}
DataLeakageCheck checks for potential data leakage in templates
func NewDataLeakageCheck ¶
func NewDataLeakageCheck() *DataLeakageCheck
NewDataLeakageCheck creates a new data leakage check
func (*DataLeakageCheck) Check ¶
func (c *DataLeakageCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for potential data leakage
func (*DataLeakageCheck) Description ¶
func (c *DataLeakageCheck) Description() string
Description returns a description of the check
func (*DataLeakageCheck) Name ¶
func (c *DataLeakageCheck) Name() string
Name returns the name of the check
type DefaultTemplateSecurityReporter ¶
type DefaultTemplateSecurityReporter struct {
}
DefaultTemplateSecurityReporter is the default implementation of TemplateSecurityReporter
func NewDefaultTemplateSecurityReporter ¶
func NewDefaultTemplateSecurityReporter() *DefaultTemplateSecurityReporter
NewDefaultTemplateSecurityReporter creates a new default template security reporter
func (*DefaultTemplateSecurityReporter) CalculateSummary ¶
func (r *DefaultTemplateSecurityReporter) CalculateSummary(results []*VerificationResult) *VerificationSummary
CalculateSummary calculates a summary of verification results
func (*DefaultTemplateSecurityReporter) ConvertToTestResults ¶
func (r *DefaultTemplateSecurityReporter) ConvertToTestResults(report *VerificationReport) []*common.TestResult
ConvertToTestResults converts a verification report to test results
func (*DefaultTemplateSecurityReporter) GenerateReport ¶
func (r *DefaultTemplateSecurityReporter) GenerateReport(results []*VerificationResult) (*VerificationReport, error)
GenerateReport generates a report from verification results
type InjectionPatternCheck ¶
type InjectionPatternCheck struct{}
InjectionPatternCheck checks for potential injection vulnerabilities in templates
func NewInjectionPatternCheck ¶
func NewInjectionPatternCheck() *InjectionPatternCheck
NewInjectionPatternCheck creates a new injection pattern check
func (*InjectionPatternCheck) Check ¶
func (c *InjectionPatternCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for injection vulnerabilities
func (*InjectionPatternCheck) Description ¶
func (c *InjectionPatternCheck) Description() string
Description returns a description of the check
func (*InjectionPatternCheck) Name ¶
func (c *InjectionPatternCheck) Name() string
Name returns the name of the check
type InjectionValidator ¶ added in v0.8.0
type InjectionValidator struct{}
InjectionValidator validates against injection attacks
func (*InjectionValidator) GetName ¶ added in v0.8.0
func (iv *InjectionValidator) GetName() string
func (*InjectionValidator) GetVersion ¶ added in v0.8.0
func (iv *InjectionValidator) GetVersion() string
func (*InjectionValidator) Validate ¶ added in v0.8.0
func (iv *InjectionValidator) Validate(ctx context.Context, template []byte) (*ValidationResult, error)
type InputValidationCheck ¶
type InputValidationCheck struct{}
InputValidationCheck checks for missing input validation in templates
func NewInputValidationCheck ¶
func NewInputValidationCheck() *InputValidationCheck
NewInputValidationCheck creates a new input validation check
func (*InputValidationCheck) Check ¶
func (c *InputValidationCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for missing input validation
func (*InputValidationCheck) Description ¶
func (c *InputValidationCheck) Description() string
Description returns a description of the check
func (*InputValidationCheck) Name ¶
func (c *InputValidationCheck) Name() string
Name returns the name of the check
type NotificationConfig ¶
type NotificationConfig struct {
Enabled bool `json:"enabled"`
EmailRecipients []string `json:"email_recipients,omitempty"`
SlackWebhook string `json:"slack_webhook,omitempty"`
NotifyOnFailure bool `json:"notify_on_failure"`
NotifyOnSuccess bool `json:"notify_on_success"`
}
NotificationConfig represents the configuration for pipeline notifications
type Pipeline ¶
type Pipeline struct {
// contains filtered or unexported fields
}
Pipeline represents a template security verification pipeline
func NewPipeline ¶
func NewPipeline(verifier TemplateVerifier, options *VerificationOptions) *Pipeline
NewPipeline creates a new template security verification pipeline
func (*Pipeline) ConvertToTestResults ¶
func (p *Pipeline) ConvertToTestResults() []*common.TestResult
ConvertToTestResults converts the verification results to test results
func (*Pipeline) GetResults ¶
func (p *Pipeline) GetResults() []*VerificationResult
GetResults returns the verification results
func (*Pipeline) GetSummary ¶
func (p *Pipeline) GetSummary() *VerificationSummary
GetSummary returns the summary of the pipeline results
func (*Pipeline) RunVerification ¶
func (p *Pipeline) RunVerification(ctx context.Context, config *PipelineConfig) error
RunVerification runs the template security verification pipeline
type PipelineConfig ¶
type PipelineConfig struct {
TemplateDirectories []string `json:"template_directories"`
OutputDirectory string `json:"output_directory"`
VerificationOptions *VerificationOptions `json:"verification_options"`
ReportFormats []common.ReportFormat `json:"report_formats"`
NotificationConfig *NotificationConfig `json:"notification_config,omitempty"`
ScheduleConfig *ScheduleConfig `json:"schedule_config,omitempty"`
}
PipelineConfig represents the configuration for a template security pipeline
type RegexSafetyCheck ¶
type RegexSafetyCheck struct{}
RegexSafetyCheck checks for potentially dangerous regex patterns in templates
func NewRegexSafetyCheck ¶
func NewRegexSafetyCheck() *RegexSafetyCheck
NewRegexSafetyCheck creates a new regex safety check
func (*RegexSafetyCheck) Check ¶
func (c *RegexSafetyCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for dangerous regex patterns
func (*RegexSafetyCheck) Description ¶
func (c *RegexSafetyCheck) Description() string
Description returns a description of the check
func (*RegexSafetyCheck) Name ¶
func (c *RegexSafetyCheck) Name() string
Name returns the name of the check
type ScheduleConfig ¶
type ScheduleConfig struct {
Enabled bool `json:"enabled"`
CronSchedule string `json:"cron_schedule,omitempty"`
IntervalHours int `json:"interval_hours,omitempty"`
}
ScheduleConfig represents the configuration for pipeline scheduling
type SecurityIssue ¶
type SecurityIssue struct {
ID string `json:"id"`
Type SecurityIssueType `json:"type"`
Description string `json:"description"`
Location string `json:"location"`
Severity common.SeverityLevel `json:"severity"`
Remediation string `json:"remediation"`
Context string `json:"context,omitempty"`
LineNumber int `json:"line_number,omitempty"`
RawData interface{} `json:"raw_data,omitempty"`
}
SecurityIssue represents a security issue found in a template
type SecurityIssueType ¶
type SecurityIssueType string
SecurityIssueType represents the type of security issue found in a template
const ( InjectionVulnerability SecurityIssueType = "injection_vulnerability" UnsanitizedInput SecurityIssueType = "unsanitized_input" InsecurePattern SecurityIssueType = "insecure_pattern" MissingValidation SecurityIssueType = "missing_validation" OverpermissiveRegex SecurityIssueType = "overpermissive_regex" DataLeakage SecurityIssueType = "data_leakage" TemplateFormatError SecurityIssueType = "template_format_error" )
Security issue types
type SyntaxValidator ¶ added in v0.8.0
type SyntaxValidator struct{}
SyntaxValidator validates template syntax
func (*SyntaxValidator) GetName ¶ added in v0.8.0
func (sv *SyntaxValidator) GetName() string
func (*SyntaxValidator) GetVersion ¶ added in v0.8.0
func (sv *SyntaxValidator) GetVersion() string
func (*SyntaxValidator) Validate ¶ added in v0.8.0
func (sv *SyntaxValidator) Validate(ctx context.Context, template []byte) (*ValidationResult, error)
type TemplateFormatCheck ¶
type TemplateFormatCheck struct{}
TemplateFormatCheck checks for template format issues
func NewTemplateFormatCheck ¶
func NewTemplateFormatCheck() *TemplateFormatCheck
NewTemplateFormatCheck creates a new template format check
func (*TemplateFormatCheck) Check ¶
func (c *TemplateFormatCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for format issues
func (*TemplateFormatCheck) Description ¶
func (c *TemplateFormatCheck) Description() string
Description returns a description of the check
func (*TemplateFormatCheck) Name ¶
func (c *TemplateFormatCheck) Name() string
Name returns the name of the check
type TemplateInfo ¶ added in v0.8.0
type TemplateInfo struct {
Name string `json:"name"`
Content []byte `json:"content"`
Size int64 `json:"size"`
Hash string `json:"hash"`
Extension string `json:"extension"`
Metadata map[string]interface{} `json:"metadata"`
SubmittedAt time.Time `json:"submitted_at"`
}
TemplateInfo holds information about a template being verified
type TemplateSecurityReporter ¶
type TemplateSecurityReporter interface {
// GenerateReport generates a report from verification results
GenerateReport(results []*VerificationResult) (*VerificationReport, error)
// CalculateSummary calculates a summary of verification results
CalculateSummary(results []*VerificationResult) *VerificationSummary
}
TemplateSecurityReporter is the interface for template security reporters
type TemplateVerifier ¶
type TemplateVerifier interface {
// VerifyTemplateFile verifies a template file and returns the verification result
VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)
}
TemplateVerifier interface defines methods for template security verification
func NewTemplateVerifier ¶
func NewTemplateVerifier() TemplateVerifier
NewTemplateVerifier creates a new default TemplateVerifier
type ValidationResult ¶ added in v0.8.0
type ValidationResult struct {
Valid bool `json:"valid"`
Score float64 `json:"score"`
Issues []VerifierIssue `json:"issues"`
Metadata map[string]interface{} `json:"metadata"`
ProcessTime time.Duration `json:"process_time"`
}
ValidationResult represents the result from a single validator
type Validator ¶ added in v0.8.0
type Validator interface {
Validate(ctx context.Context, template []byte) (*ValidationResult, error)
GetName() string
GetVersion() string
}
Validator interface for security validators
type VerificationConfig ¶ added in v0.8.0
type VerificationConfig struct {
EnableCache bool
CacheTimeout time.Duration
MaxTemplateSize int64
AllowedExtensions []string
BlockedPatterns []string
StrictMode bool
ValidationTimeout time.Duration
}
VerificationConfig holds configuration for security verification
type VerificationOptions ¶
type VerificationOptions struct {
StrictMode bool `json:"strict_mode"`
IgnorePatterns []string `json:"ignore_patterns,omitempty"`
CustomChecks []string `json:"custom_checks,omitempty"`
SeverityThreshold common.SeverityLevel `json:"severity_threshold,omitempty"`
IncludeInfo bool `json:"include_info"`
TemplateCategories []string `json:"template_categories,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
VerificationOptions represents options for template security verification
func DefaultVerificationOptions ¶
func DefaultVerificationOptions() *VerificationOptions
DefaultVerificationOptions returns the default verification options
type VerificationReport ¶
type VerificationReport struct {
// Results is the list of verification results
Results []*VerificationResult
// Summary is a summary of the verification results
Summary *VerificationSummary
// GeneratedAt is the timestamp when the report was generated
GeneratedAt time.Time
}
VerificationReport represents a template security verification report
type VerificationResult ¶
type VerificationResult struct {
TemplatePath string `json:"template_path"`
TemplateID string `json:"template_id"`
TemplateName string `json:"template_name"`
Issues []*SecurityIssue `json:"issues"`
Passed bool `json:"passed"`
Score float64 `json:"score"`
MaxScore float64 `json:"max_score"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
VerificationResult represents the result of a template security verification
type VerificationSummary ¶
type VerificationSummary struct {
// TotalTemplates is the total number of templates verified
TotalTemplates int
// PassedTemplates is the number of templates that passed verification
PassedTemplates int
// FailedTemplates is the number of templates that failed verification
FailedTemplates int
// TotalIssues is the total number of issues found
TotalIssues int
// IssuesBySeverity is a map of issues by severity
IssuesBySeverity map[string]int
// IssuesByType is a map of issues by type
IssuesByType map[string]int
// ComplianceStatus is a map of compliance status by standard
ComplianceStatus map[string]bool
// CompliancePercentage is the overall compliance percentage
CompliancePercentage float64
}
VerificationSummary represents a summary of template security verification results
type Verifier ¶ added in v0.8.0
type Verifier struct {
// contains filtered or unexported fields
}
Verifier handles security verification for templates
func NewVerifier ¶ added in v0.8.0
func NewVerifier(config VerificationConfig) *Verifier
NewVerifier creates a new security verifier
func (*Verifier) AddValidator ¶ added in v0.8.0
AddValidator adds a new security validator
func (*Verifier) ClearCache ¶ added in v0.8.0
func (v *Verifier) ClearCache()
ClearCache clears the verification result cache
func (*Verifier) Disable ¶ added in v0.8.0
func (v *Verifier) Disable()
Disable disables the verifier
func (*Verifier) GetValidators ¶ added in v0.8.0
GetValidators returns the list of registered validators
func (*Verifier) RemoveValidator ¶ added in v0.8.0
RemoveValidator removes a security validator
func (*Verifier) VerifyTemplate ¶ added in v0.8.0
func (v *Verifier) VerifyTemplate(ctx context.Context, templateInfo *TemplateInfo) (*VerifierResult, error)
VerifyTemplate verifies the security of a template
type VerifierIssue ¶ added in v0.8.0
type VerifierIssue struct {
Type string `json:"type"`
Severity string `json:"severity"`
Description string `json:"description"`
Location string `json:"location"`
Suggestion string `json:"suggestion"`
Timestamp time.Time `json:"timestamp"`
}
VerifierIssue represents a security issue found during verification (different from SecurityIssue in types.go)
type VerifierResult ¶ added in v0.8.0
type VerifierResult struct {
Valid bool `json:"valid"`
Score float64 `json:"score"`
Issues []VerifierIssue `json:"issues"`
Timestamp time.Time `json:"timestamp"`
TemplateHash string `json:"template_hash"`
ValidationTime time.Duration `json:"validation_time"`
ValidatorResults map[string]interface{} `json:"validator_results"`
}
VerifierResult represents the result of security verification (different from VerificationResult in types.go)