sandbox

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alert

type Alert struct {
	// Timestamp is the time of the alert
	Timestamp time.Time
	// Level is the alert level
	Level AlertLevel
	// Message is the alert message
	Message string
	// TemplateID is the ID of the template that triggered the alert
	TemplateID string
	// Issues are the security issues that triggered the alert
	Issues []*security.SecurityIssue
}

Alert represents a security alert

type AlertLevel

type AlertLevel string

AlertLevel represents the level of an alert

const (
	// AlertLevelInfo is an informational alert
	AlertLevelInfo AlertLevel = "info"
	// AlertLevelWarning is a warning alert
	AlertLevelWarning AlertLevel = "warning"
	// AlertLevelError is an error alert
	AlertLevelError AlertLevel = "error"
	// AlertLevelCritical is a critical alert
	AlertLevelCritical AlertLevel = "critical"
)

type AllowList

type AllowList struct {
	// Functions is a list of allowed functions
	Functions []string
	// Packages is a list of allowed packages
	Packages []string
	// FilePatterns is a list of allowed file patterns
	FilePatterns []string
	// NetworkDomains is a list of allowed network domains
	NetworkDomains []string
	// EnvironmentVariables is a list of allowed environment variables
	EnvironmentVariables []string
}

AllowList defines allowed operations for template execution

func NewAllowList

func NewAllowList() *AllowList

NewAllowList creates a new allow list with default values

type ApprovalStatus

type ApprovalStatus string

ApprovalStatus represents the approval status of a template

const (
	// StatusDraft indicates a template is in draft status
	StatusDraft ApprovalStatus = "draft"
	// StatusPendingReview indicates a template is pending review
	StatusPendingReview ApprovalStatus = "pending_review"
	// StatusApproved indicates a template is approved
	StatusApproved ApprovalStatus = "approved"
	// StatusRejected indicates a template is rejected
	StatusRejected ApprovalStatus = "rejected"
	// StatusDeprecated indicates a template is deprecated
	StatusDeprecated ApprovalStatus = "deprecated"
)

type ApprovalWorkflow

type ApprovalWorkflow struct {
	// contains filtered or unexported fields
}

ApprovalWorkflow manages the template approval workflow

func NewApprovalWorkflow

func NewApprovalWorkflow(validator *TemplateValidator, scorer *TemplateScorer, storageDir string) *ApprovalWorkflow

NewApprovalWorkflow creates a new approval workflow

func (*ApprovalWorkflow) AddApprover

func (w *ApprovalWorkflow) AddApprover(approver string)

AddApprover adds an approver to the workflow

func (*ApprovalWorkflow) AddComment

func (w *ApprovalWorkflow) AddComment(templateID, versionID, user, comment string) error

AddComment adds a comment to a template version

func (*ApprovalWorkflow) ApproveVersion

func (w *ApprovalWorkflow) ApproveVersion(templateID, versionID, user string) error

ApproveVersion approves a template version

func (*ApprovalWorkflow) CreateVersion

func (w *ApprovalWorkflow) CreateVersion(ctx context.Context, template *format.Template, user string) (*TemplateVersion, error)

CreateVersion creates a new version of a template

func (*ApprovalWorkflow) DeprecateVersion

func (w *ApprovalWorkflow) DeprecateVersion(templateID, versionID, user, reason string) error

DeprecateVersion deprecates a template version

func (*ApprovalWorkflow) GetLatestApprovedVersion

func (w *ApprovalWorkflow) GetLatestApprovedVersion(templateID string) (*TemplateVersion, error)

GetLatestApprovedVersion gets the latest approved version of a template

func (*ApprovalWorkflow) GetLatestVersion

func (w *ApprovalWorkflow) GetLatestVersion(templateID string) (*TemplateVersion, error)

GetLatestVersion gets the latest version of a template

func (*ApprovalWorkflow) GetVersion

func (w *ApprovalWorkflow) GetVersion(templateID, versionID string) (*TemplateVersion, error)

GetVersion gets a template version

func (*ApprovalWorkflow) GetVersions

func (w *ApprovalWorkflow) GetVersions(templateID string) ([]*TemplateVersion, error)

GetVersions gets all versions of a template

func (*ApprovalWorkflow) IsApprover

func (w *ApprovalWorkflow) IsApprover(user string) bool

IsApprover checks if a user is an approver

func (*ApprovalWorkflow) RejectVersion

func (w *ApprovalWorkflow) RejectVersion(templateID, versionID, user, reason string) error

RejectVersion rejects a template version

func (*ApprovalWorkflow) SubmitForReview

func (w *ApprovalWorkflow) SubmitForReview(templateID, versionID, user string) error

SubmitForReview submits a template version for review

type ComplexityFactor

type ComplexityFactor struct {
	// contains filtered or unexported fields
}

ComplexityFactor evaluates the risk based on template complexity

func (*ComplexityFactor) Description

func (f *ComplexityFactor) Description() string

Description returns a description of the risk factor

func (*ComplexityFactor) Evaluate

func (f *ComplexityFactor) Evaluate(template *format.Template, issues []*security.SecurityIssue) float64

Evaluate evaluates the risk factor for a template

func (*ComplexityFactor) Name

func (f *ComplexityFactor) Name() string

Name returns the name of the risk factor

func (*ComplexityFactor) Weight

func (f *ComplexityFactor) Weight() float64

Weight returns the weight of the risk factor

type ContainerSandbox

type ContainerSandbox struct {
	DefaultSandbox
	// contains filtered or unexported fields
}

ContainerSandbox is a sandbox implementation that uses containers for isolation

func NewContainerSandbox

func NewContainerSandbox(verifier security.TemplateVerifier, options *SandboxOptions, containerOptions *ContainerSandboxOptions) (*ContainerSandbox, error)

NewContainerSandbox creates a new container-based sandbox

func (*ContainerSandbox) Execute

func (s *ContainerSandbox) Execute(ctx context.Context, template *format.Template, options *SandboxOptions) (*ExecutionResult, error)

Execute executes a template in a container sandbox

type ContainerSandboxOptions

type ContainerSandboxOptions struct {
	ContainerEngine string   // "docker" or "podman"
	ImageName       string   // Container image to use
	NetworkMode     string   // Network mode (none, host, bridge)
	VolumeBinds     []string // Volume bindings
	CleanupTimeout  time.Duration
}

ContainerSandboxOptions contains options specific to container-based sandboxes

func DefaultContainerSandboxOptions

func DefaultContainerSandboxOptions() *ContainerSandboxOptions

DefaultContainerSandboxOptions returns the default container sandbox options

type DefaultSandbox

type DefaultSandbox struct {
	// contains filtered or unexported fields
}

DefaultSandbox is the default implementation of TemplateSandbox

func NewSandbox

func NewSandbox(verifier security.TemplateVerifier, options *SandboxOptions) *DefaultSandbox

NewSandbox creates a new template sandbox

func (*DefaultSandbox) Execute

func (s *DefaultSandbox) Execute(ctx context.Context, template *format.Template, options *SandboxOptions) (*ExecutionResult, error)

Execute executes a template in the sandbox

func (*DefaultSandbox) ExecuteFile

func (s *DefaultSandbox) ExecuteFile(ctx context.Context, templatePath string, options *SandboxOptions) (*ExecutionResult, error)

ExecuteFile executes a template file in the sandbox

func (*DefaultSandbox) GetAllowList

func (s *DefaultSandbox) GetAllowList() *AllowList

GetAllowList returns the allow list for template execution

func (*DefaultSandbox) SetAllowList

func (s *DefaultSandbox) SetAllowList(allowList *AllowList)

SetAllowList sets the allow list for template execution

func (*DefaultSandbox) Validate

func (s *DefaultSandbox) Validate(ctx context.Context, template *format.Template, options *SandboxOptions) ([]*security.SecurityIssue, error)

Validate validates a template against security rules

func (*DefaultSandbox) ValidateFile

func (s *DefaultSandbox) ValidateFile(ctx context.Context, templatePath string, options *SandboxOptions) ([]*security.SecurityIssue, error)

ValidateFile validates a template file against security rules

type DisallowedFunctionsFactor

type DisallowedFunctionsFactor struct {
	// contains filtered or unexported fields
}

DisallowedFunctionsFactor evaluates the risk based on disallowed functions

func (*DisallowedFunctionsFactor) Description

func (f *DisallowedFunctionsFactor) Description() string

Description returns a description of the risk factor

func (*DisallowedFunctionsFactor) Evaluate

func (f *DisallowedFunctionsFactor) Evaluate(template *format.Template, issues []*security.SecurityIssue) float64

Evaluate evaluates the risk factor for a template

func (*DisallowedFunctionsFactor) Name

Name returns the name of the risk factor

func (*DisallowedFunctionsFactor) Weight

func (f *DisallowedFunctionsFactor) Weight() float64

Weight returns the weight of the risk factor

type ExecutionMode

type ExecutionMode string

ExecutionMode defines how templates are executed in the sandbox

const (
	// ModeStrict runs templates with maximum restrictions
	ModeStrict ExecutionMode = "strict"
	// ModeStandard runs templates with standard restrictions
	ModeStandard ExecutionMode = "standard"
	// ModeDevelopment runs templates with minimal restrictions (for development only)
	ModeDevelopment ExecutionMode = "development"
)

type ExecutionResult

type ExecutionResult struct {
	// Success indicates if the execution was successful
	Success bool
	// Output is the output of the execution
	Output string
	// Error is the error message if execution failed
	Error string
	// ExecutionTime is the execution time
	ExecutionTime time.Duration
	// ResourceUsage contains information about resource usage
	ResourceUsage ResourceUsage
	// SecurityIssues contains security issues found during execution
	SecurityIssues []*security.SecurityIssue
}

ExecutionResult represents the result of template execution in the sandbox

type FileSystemAccessFactor

type FileSystemAccessFactor struct {
	// contains filtered or unexported fields
}

FileSystemAccessFactor evaluates the risk based on file system access

func (*FileSystemAccessFactor) Description

func (f *FileSystemAccessFactor) Description() string

Description returns a description of the risk factor

func (*FileSystemAccessFactor) Evaluate

func (f *FileSystemAccessFactor) Evaluate(template *format.Template, issues []*security.SecurityIssue) float64

Evaluate evaluates the risk factor for a template

func (*FileSystemAccessFactor) Name

func (f *FileSystemAccessFactor) Name() string

Name returns the name of the risk factor

func (*FileSystemAccessFactor) Weight

func (f *FileSystemAccessFactor) Weight() float64

Weight returns the weight of the risk factor

type FrameworkOptions

type FrameworkOptions struct {
	// ValidationOptions are the validation options
	ValidationOptions *ValidationOptions
	// SandboxOptions are the sandbox options
	SandboxOptions *SandboxOptions
	// WorkflowStorageDir is the directory for storing workflow data
	WorkflowStorageDir string
	// EnableContainerSandbox enables the container-based sandbox
	EnableContainerSandbox bool
	// ContainerOptions are the container sandbox options
	ContainerOptions *ContainerSandboxOptions
	// EnableLogging enables logging
	EnableLogging bool
	// LogDirectory is the directory for logs
	LogDirectory string
	// EnableMetrics enables metrics collection
	EnableMetrics bool
}

FrameworkOptions contains options for the security framework

func DefaultFrameworkOptions

func DefaultFrameworkOptions() *FrameworkOptions

DefaultFrameworkOptions returns the default framework options

type InputValidationFactor

type InputValidationFactor struct {
	// contains filtered or unexported fields
}

InputValidationFactor evaluates the risk based on input validation

func (*InputValidationFactor) Description

func (f *InputValidationFactor) Description() string

Description returns a description of the risk factor

func (*InputValidationFactor) Evaluate

func (f *InputValidationFactor) Evaluate(template *format.Template, issues []*security.SecurityIssue) float64

Evaluate evaluates the risk factor for a template

func (*InputValidationFactor) Name

func (f *InputValidationFactor) Name() string

Name returns the name of the risk factor

func (*InputValidationFactor) Weight

func (f *InputValidationFactor) Weight() float64

Weight returns the weight of the risk factor

type MetricsCollector

type MetricsCollector struct {
	// contains filtered or unexported fields
}

MetricsCollector collects metrics for the template security framework

func NewMetricsCollector

func NewMetricsCollector() *MetricsCollector

NewMetricsCollector creates a new metrics collector

func (*MetricsCollector) ClearAlerts

func (m *MetricsCollector) ClearAlerts()

ClearAlerts clears all alerts

func (*MetricsCollector) GetAlerts

func (m *MetricsCollector) GetAlerts() []Alert

GetAlerts gets the alerts

func (*MetricsCollector) GetAlertsByLevel

func (m *MetricsCollector) GetAlertsByLevel(level AlertLevel) []Alert

GetAlertsByLevel gets alerts by level

func (*MetricsCollector) GetExecutionMetrics

func (m *MetricsCollector) GetExecutionMetrics() map[string]interface{}

GetExecutionMetrics gets the execution metrics

func (*MetricsCollector) GetValidationMetrics

func (m *MetricsCollector) GetValidationMetrics() map[string]interface{}

GetValidationMetrics gets the validation metrics

func (*MetricsCollector) GetWorkflowMetrics

func (m *MetricsCollector) GetWorkflowMetrics() map[string]interface{}

GetWorkflowMetrics gets the workflow metrics

func (*MetricsCollector) RecordExecution

func (m *MetricsCollector) RecordExecution(result *ExecutionResult, templateID string)

RecordExecution records a template execution

func (*MetricsCollector) RecordValidation

func (m *MetricsCollector) RecordValidation(result *ValidationResult)

RecordValidation records a template validation

func (*MetricsCollector) RecordWorkflowAction

func (m *MetricsCollector) RecordWorkflowAction(action string, version *TemplateVersion)

RecordWorkflowAction records a workflow action

func (*MetricsCollector) ResetMetrics

func (m *MetricsCollector) ResetMetrics()

ResetMetrics resets all metrics

type ResourceLimits

type ResourceLimits struct {
	// MaxCPUTime is the maximum CPU time in seconds
	MaxCPUTime float64
	// MaxMemory is the maximum memory in MB
	MaxMemory int64
	// MaxExecutionTime is the maximum execution time
	MaxExecutionTime time.Duration
	// MaxFileSize is the maximum file size in bytes
	MaxFileSize int64
	// MaxOpenFiles is the maximum number of open files
	MaxOpenFiles int
	// MaxProcesses is the maximum number of processes
	MaxProcesses int
	// NetworkAccess determines if network access is allowed
	NetworkAccess bool
	// FileSystemAccess determines if file system access is allowed
	FileSystemAccess bool
}

ResourceLimits defines resource limits for template execution

func DefaultResourceLimits

func DefaultResourceLimits() ResourceLimits

DefaultResourceLimits returns the default resource limits

type ResourceUsage

type ResourceUsage struct {
	// CPUTime is the CPU time used in seconds
	CPUTime float64
	// MemoryUsage is the memory used in MB
	MemoryUsage int64
	// ExecutionTime is the execution time
	ExecutionTime time.Duration
	// FileOperations is the number of file operations
	FileOperations int
	// NetworkOperations is the number of network operations
	NetworkOperations int
}

ResourceUsage contains information about resource usage during execution

type RiskCategory

type RiskCategory string

RiskCategory represents a category of risk for templates

const (
	// RiskCategoryLow represents low risk templates
	RiskCategoryLow RiskCategory = "low"
	// RiskCategoryMedium represents medium risk templates
	RiskCategoryMedium RiskCategory = "medium"
	// RiskCategoryHigh represents high risk templates
	RiskCategoryHigh RiskCategory = "high"
	// RiskCategoryCritical represents critical risk templates
	RiskCategoryCritical RiskCategory = "critical"
)

type RiskFactor

type RiskFactor struct {
	// Name is the name of the factor
	Name string
	// Description is a description of the factor
	Description string
	// Score is the score contribution of this factor
	Score float64
	// Weight is the weight of this factor in the overall score
	Weight float64
}

RiskFactor represents a factor that contributes to the risk score

type RiskFactorEvaluator

type RiskFactorEvaluator interface {
	// Name returns the name of the risk factor
	Name() string
	// Description returns a description of the risk factor
	Description() string
	// Weight returns the weight of the risk factor
	Weight() float64
	// Evaluate evaluates the risk factor for a template
	Evaluate(template *format.Template, issues []*security.SecurityIssue) float64
}

RiskFactorEvaluator evaluates a specific risk factor

type RiskScore

type RiskScore struct {
	// Score is the numerical risk score (0-100)
	Score float64
	// Category is the risk category
	Category RiskCategory
	// Factors contains the factors that contributed to the score
	Factors []RiskFactor
}

RiskScore represents a risk score for a template

type SandboxOptions

type SandboxOptions struct {
	// Mode is the execution mode
	Mode ExecutionMode
	// ResourceLimits defines resource limits for template execution
	ResourceLimits ResourceLimits
	// AllowedFunctions is a list of allowed functions
	AllowedFunctions []string
	// AllowedPackages is a list of allowed packages
	AllowedPackages []string
	// DisallowedFunctions is a list of disallowed functions
	DisallowedFunctions []string
	// DisallowedPackages is a list of disallowed packages
	DisallowedPackages []string
	// TimeoutDuration is the timeout duration for template execution
	TimeoutDuration time.Duration
	// EnableLogging enables logging of template execution
	EnableLogging bool
	// LogDirectory is the directory for logs
	LogDirectory string
	// ValidationOptions are the options for template validation
	ValidationOptions *security.VerificationOptions
}

SandboxOptions defines options for the template sandbox

func DefaultSandboxOptions

func DefaultSandboxOptions() *SandboxOptions

DefaultSandboxOptions returns the default sandbox options

type SecurityCheck added in v0.8.0

type SecurityCheck interface {
	Check(template *format.Template, options *security.VerificationOptions) []*security.SecurityIssue
	GetName() string
	GetDescription() string
}

SecurityCheck represents a custom security check function

type SecurityFramework

type SecurityFramework struct {
	// contains filtered or unexported fields
}

SecurityFramework provides a comprehensive security framework for templates

func NewSecurityFramework

func NewSecurityFramework(options *FrameworkOptions) (*SecurityFramework, error)

NewSecurityFramework creates a new security framework

func (*SecurityFramework) AddApprover

func (f *SecurityFramework) AddApprover(approver string)

AddApprover adds an approver to the workflow

func (*SecurityFramework) ApproveTemplate

func (f *SecurityFramework) ApproveTemplate(templateID, versionID, user string) error

ApproveTemplate approves a template version

func (*SecurityFramework) ClearAlerts

func (f *SecurityFramework) ClearAlerts()

ClearAlerts clears all alerts from the metrics collector

func (*SecurityFramework) CreateTemplateVersion

func (f *SecurityFramework) CreateTemplateVersion(ctx context.Context, template *format.Template, user string) (*TemplateVersion, error)

CreateTemplateVersion creates a new version of a template

func (*SecurityFramework) ExecuteTemplate

func (f *SecurityFramework) ExecuteTemplate(ctx context.Context, template *format.Template) (*ExecutionResult, error)

ExecuteTemplate executes a template in the sandbox

func (*SecurityFramework) ExecuteTemplateFile

func (f *SecurityFramework) ExecuteTemplateFile(ctx context.Context, templatePath string) (*ExecutionResult, error)

ExecuteTemplateFile executes a template file in the sandbox

func (*SecurityFramework) GetAlerts

func (f *SecurityFramework) GetAlerts() []Alert

GetAlerts returns the alerts from the metrics collector

func (*SecurityFramework) GetAlertsByLevel

func (f *SecurityFramework) GetAlertsByLevel(level AlertLevel) []Alert

GetAlertsByLevel returns alerts by level from the metrics collector

func (*SecurityFramework) GetLatestApprovedTemplateVersion

func (f *SecurityFramework) GetLatestApprovedTemplateVersion(templateID string) (*TemplateVersion, error)

GetLatestApprovedTemplateVersion gets the latest approved version of a template

func (*SecurityFramework) GetLatestTemplateVersion

func (f *SecurityFramework) GetLatestTemplateVersion(templateID string) (*TemplateVersion, error)

GetLatestTemplateVersion gets the latest version of a template

func (*SecurityFramework) GetMetrics

func (f *SecurityFramework) GetMetrics() map[string]interface{}

GetMetrics returns the metrics from the metrics collector

func (*SecurityFramework) GetTemplateVersion

func (f *SecurityFramework) GetTemplateVersion(templateID, versionID string) (*TemplateVersion, error)

GetTemplateVersion gets a template version

func (*SecurityFramework) IsApprover

func (f *SecurityFramework) IsApprover(user string) bool

IsApprover checks if a user is an approver

func (*SecurityFramework) RejectTemplate

func (f *SecurityFramework) RejectTemplate(templateID, versionID, user, reason string) error

RejectTemplate rejects a template version

func (*SecurityFramework) ResetMetrics

func (f *SecurityFramework) ResetMetrics()

ResetMetrics resets all metrics in the metrics collector

func (*SecurityFramework) SubmitTemplateForReview

func (f *SecurityFramework) SubmitTemplateForReview(templateID, versionID, user string) error

SubmitTemplateForReview submits a template version for review

func (*SecurityFramework) ValidateTemplate

func (f *SecurityFramework) ValidateTemplate(ctx context.Context, template *format.Template) (*ValidationResult, error)

ValidateTemplate validates a template

func (*SecurityFramework) ValidateTemplateFile

func (f *SecurityFramework) ValidateTemplateFile(ctx context.Context, templatePath string) (*ValidationResult, error)

ValidateTemplateFile validates a template file

type SecurityIssuesFactor

type SecurityIssuesFactor struct {
	// contains filtered or unexported fields
}

SecurityIssuesFactor evaluates the risk based on security issues

func (*SecurityIssuesFactor) Description

func (f *SecurityIssuesFactor) Description() string

Description returns a description of the risk factor

func (*SecurityIssuesFactor) Evaluate

func (f *SecurityIssuesFactor) Evaluate(template *format.Template, issues []*security.SecurityIssue) float64

Evaluate evaluates the risk factor for a template

func (*SecurityIssuesFactor) Name

func (f *SecurityIssuesFactor) Name() string

Name returns the name of the risk factor

func (*SecurityIssuesFactor) Weight

func (f *SecurityIssuesFactor) Weight() float64

Weight returns the weight of the risk factor

type TemplateSandbox

type TemplateSandbox interface {
	// Execute executes a template in the sandbox
	Execute(ctx context.Context, template *format.Template, options *SandboxOptions) (*ExecutionResult, error)

	// ExecuteFile executes a template file in the sandbox
	ExecuteFile(ctx context.Context, templatePath string, options *SandboxOptions) (*ExecutionResult, error)

	// Validate validates a template against security rules
	Validate(ctx context.Context, template *format.Template, options *SandboxOptions) ([]*security.SecurityIssue, error)

	// ValidateFile validates a template file against security rules
	ValidateFile(ctx context.Context, templatePath string, options *SandboxOptions) ([]*security.SecurityIssue, error)

	// GetAllowList returns the allow list for template execution
	GetAllowList() *AllowList

	// SetAllowList sets the allow list for template execution
	SetAllowList(allowList *AllowList)
}

TemplateSandbox is the interface for template sandboxes

type TemplateScorer

type TemplateScorer struct {
	// contains filtered or unexported fields
}

TemplateScorer is responsible for scoring templates based on risk factors

func NewTemplateScorer

func NewTemplateScorer() *TemplateScorer

NewTemplateScorer creates a new template scorer

func (*TemplateScorer) ScoreTemplate

func (s *TemplateScorer) ScoreTemplate(template *format.Template, issues []*security.SecurityIssue) *RiskScore

ScoreTemplate scores a template based on risk factors

type TemplateValidator

type TemplateValidator struct {
	// contains filtered or unexported fields
}

TemplateValidator is responsible for validating templates

func NewTemplateValidator

func NewTemplateValidator(verifier security.TemplateVerifier, options *ValidationOptions) *TemplateValidator

NewTemplateValidator creates a new template validator

func (*TemplateValidator) Validate

func (v *TemplateValidator) Validate(ctx context.Context, template *format.Template) ([]*security.SecurityIssue, error)

Validate validates a template

func (*TemplateValidator) ValidateFile

func (v *TemplateValidator) ValidateFile(ctx context.Context, templatePath string) ([]*security.SecurityIssue, error)

ValidateFile validates a template file

type TemplateVersion

type TemplateVersion struct {
	// ID is the version ID
	ID string
	// TemplateID is the ID of the template
	TemplateID string
	// Version is the version number
	Version string
	// Content is the template content
	Content string
	// Status is the approval status
	Status ApprovalStatus
	// CreatedAt is the creation time
	CreatedAt time.Time
	// UpdatedAt is the last update time
	UpdatedAt time.Time
	// ApprovedBy is the user who approved the template
	ApprovedBy string
	// ApprovedAt is the approval time
	ApprovedAt time.Time
	// RiskScore is the risk score
	RiskScore *RiskScore
	// SecurityIssues are the security issues found in the template
	SecurityIssues []*security.SecurityIssue
	// Comments are comments on the template
	Comments []string
}

TemplateVersion represents a version of a template

type ValidationLevel

type ValidationLevel string

ValidationLevel defines the level of validation to perform

const (
	// ValidationLevelBasic performs basic validation
	ValidationLevelBasic ValidationLevel = "basic"
	// ValidationLevelStandard performs standard validation
	ValidationLevelStandard ValidationLevel = "standard"
	// ValidationLevelStrict performs strict validation
	ValidationLevelStrict ValidationLevel = "strict"
)

type ValidationOptions

type ValidationOptions struct {
	// Level is the validation level
	Level ValidationLevel
	// CustomChecks is a list of custom checks to perform
	CustomChecks []SecurityCheck
	// IgnorePatterns is a list of patterns to ignore
	IgnorePatterns []*regexp.Regexp
	// AllowedFunctions is a list of allowed functions
	AllowedFunctions []string
	// AllowedPackages is a list of allowed packages
	AllowedPackages []string
	// DisallowedFunctions is a list of disallowed functions
	DisallowedFunctions []string
	// DisallowedPackages is a list of disallowed packages
	DisallowedPackages []string
	// MaxComplexity is the maximum allowed complexity
	MaxComplexity int
	// MaxLineLength is the maximum allowed line length
	MaxLineLength int
	// RequireComments determines if comments are required
	RequireComments bool
	// RequireValidation determines if input validation is required
	RequireValidation bool
	// SecurityOptions are the security verification options
	SecurityOptions *security.VerificationOptions
}

ValidationOptions defines options for template validation

func DefaultValidationOptions

func DefaultValidationOptions() *ValidationOptions

DefaultValidationOptions returns the default validation options

type ValidationResult

type ValidationResult struct {
	// Template is the validated template
	Template *format.Template
	// Issues are the security issues found
	Issues []*security.SecurityIssue
	// RiskScore is the risk score
	RiskScore *RiskScore
	// ValidationTime is the time taken for validation
	ValidationTime time.Duration
	// Timestamp is the time of validation
	Timestamp time.Time
}

ValidationResult represents the result of template validation

func (*ValidationResult) GetIssuesBySeverity

func (r *ValidationResult) GetIssuesBySeverity(severity common.SeverityLevel) []*security.SecurityIssue

GetIssuesBySeverity gets issues by severity

func (*ValidationResult) HasCriticalIssues

func (r *ValidationResult) HasCriticalIssues() bool

HasCriticalIssues checks if the validation result has critical issues

func (*ValidationResult) HasHighIssues

func (r *ValidationResult) HasHighIssues() bool

HasHighIssues checks if the validation result has high severity issues

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL