Documentation
¶
Overview ¶
Package security provides template security verification mechanisms
Package security provides template security verification mechanisms ¶
Package security provides template security verification mechanisms ¶
Package security provides template security verification mechanisms ¶
Package security provides template security verification mechanisms
Index ¶
- func RunScheduledVerification(ctx context.Context, pipeline *Pipeline, config *PipelineConfig)
- func VerificationResultToTestResult(result *VerificationResult) *common.TestResult
- type DataLeakageCheck
- type DefaultTemplateSecurityReporter
- func (r *DefaultTemplateSecurityReporter) CalculateSummary(results []*VerificationResult) *VerificationSummary
- func (r *DefaultTemplateSecurityReporter) ConvertToTestResults(report *VerificationReport) []*common.TestResult
- func (r *DefaultTemplateSecurityReporter) GenerateReport(results []*VerificationResult) (*VerificationReport, error)
- type DefaultTemplateVerifier
- func (v *DefaultTemplateVerifier) GetChecks() map[string]SecurityCheck
- func (v *DefaultTemplateVerifier) RegisterCheck(name string, check SecurityCheck)
- func (v *DefaultTemplateVerifier) VerifyTemplate(ctx context.Context, template *format.Template, options *VerificationOptions) (*VerificationResult, error)
- func (v *DefaultTemplateVerifier) VerifyTemplateDirectory(ctx context.Context, directoryPath string, options *VerificationOptions) ([]*VerificationResult, error)
- func (v *DefaultTemplateVerifier) VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)
- type InjectionPatternCheck
- type InputValidationCheck
- type NotificationConfig
- type Pipeline
- type PipelineConfig
- type RegexSafetyCheck
- type ScheduleConfig
- type SecurityCheck
- type SecurityIssue
- type SecurityIssueType
- type TemplateFormatCheck
- type TemplateSecurityReporter
- type TemplateVerifier
- type VerificationOptions
- type VerificationReport
- type VerificationResult
- type VerificationSummary
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RunScheduledVerification ¶
func RunScheduledVerification(ctx context.Context, pipeline *Pipeline, config *PipelineConfig)
RunScheduledVerification runs the template security verification pipeline on a schedule
func VerificationResultToTestResult ¶
func VerificationResultToTestResult(result *VerificationResult) *common.TestResult
VerificationResultToTestResult converts a verification result to a test result
Types ¶
type DataLeakageCheck ¶
type DataLeakageCheck struct{}
DataLeakageCheck checks for potential data leakage in templates
func NewDataLeakageCheck ¶
func NewDataLeakageCheck() *DataLeakageCheck
NewDataLeakageCheck creates a new data leakage check
func (*DataLeakageCheck) Check ¶
func (c *DataLeakageCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for potential data leakage
func (*DataLeakageCheck) Description ¶
func (c *DataLeakageCheck) Description() string
Description returns a description of the check
func (*DataLeakageCheck) Name ¶
func (c *DataLeakageCheck) Name() string
Name returns the name of the check
type DefaultTemplateSecurityReporter ¶
type DefaultTemplateSecurityReporter struct {
}
DefaultTemplateSecurityReporter is the default implementation of TemplateSecurityReporter
func NewDefaultTemplateSecurityReporter ¶
func NewDefaultTemplateSecurityReporter() *DefaultTemplateSecurityReporter
NewDefaultTemplateSecurityReporter creates a new default template security reporter
func (*DefaultTemplateSecurityReporter) CalculateSummary ¶
func (r *DefaultTemplateSecurityReporter) CalculateSummary(results []*VerificationResult) *VerificationSummary
CalculateSummary calculates a summary of verification results
func (*DefaultTemplateSecurityReporter) ConvertToTestResults ¶
func (r *DefaultTemplateSecurityReporter) ConvertToTestResults(report *VerificationReport) []*common.TestResult
ConvertToTestResults converts a verification report to test results
func (*DefaultTemplateSecurityReporter) GenerateReport ¶
func (r *DefaultTemplateSecurityReporter) GenerateReport(results []*VerificationResult) (*VerificationReport, error)
GenerateReport generates a report from verification results
type DefaultTemplateVerifier ¶
type DefaultTemplateVerifier struct {
// contains filtered or unexported fields
}
DefaultTemplateVerifier is the default implementation of TemplateVerifier
func NewTemplateVerifier ¶
func NewTemplateVerifier() *DefaultTemplateVerifier
NewTemplateVerifier creates a new template verifier with default security checks
func (*DefaultTemplateVerifier) GetChecks ¶
func (v *DefaultTemplateVerifier) GetChecks() map[string]SecurityCheck
GetChecks returns all registered security checks
func (*DefaultTemplateVerifier) RegisterCheck ¶
func (v *DefaultTemplateVerifier) RegisterCheck(name string, check SecurityCheck)
RegisterCheck registers a custom security check
func (*DefaultTemplateVerifier) VerifyTemplate ¶
func (v *DefaultTemplateVerifier) VerifyTemplate(ctx context.Context, template *format.Template, options *VerificationOptions) (*VerificationResult, error)
VerifyTemplate verifies a template for security issues
func (*DefaultTemplateVerifier) VerifyTemplateDirectory ¶
func (v *DefaultTemplateVerifier) VerifyTemplateDirectory(ctx context.Context, directoryPath string, options *VerificationOptions) ([]*VerificationResult, error)
VerifyTemplateDirectory verifies all templates in a directory for security issues
func (*DefaultTemplateVerifier) VerifyTemplateFile ¶
func (v *DefaultTemplateVerifier) VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)
VerifyTemplateFile verifies a template file for security issues
type InjectionPatternCheck ¶
type InjectionPatternCheck struct{}
InjectionPatternCheck checks for potential injection vulnerabilities in templates
func NewInjectionPatternCheck ¶
func NewInjectionPatternCheck() *InjectionPatternCheck
NewInjectionPatternCheck creates a new injection pattern check
func (*InjectionPatternCheck) Check ¶
func (c *InjectionPatternCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for injection vulnerabilities
func (*InjectionPatternCheck) Description ¶
func (c *InjectionPatternCheck) Description() string
Description returns a description of the check
func (*InjectionPatternCheck) Name ¶
func (c *InjectionPatternCheck) Name() string
Name returns the name of the check
type InputValidationCheck ¶
type InputValidationCheck struct{}
InputValidationCheck checks for missing input validation in templates
func NewInputValidationCheck ¶
func NewInputValidationCheck() *InputValidationCheck
NewInputValidationCheck creates a new input validation check
func (*InputValidationCheck) Check ¶
func (c *InputValidationCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for missing input validation
func (*InputValidationCheck) Description ¶
func (c *InputValidationCheck) Description() string
Description returns a description of the check
func (*InputValidationCheck) Name ¶
func (c *InputValidationCheck) Name() string
Name returns the name of the check
type NotificationConfig ¶
type NotificationConfig struct {
Enabled bool `json:"enabled"`
EmailRecipients []string `json:"email_recipients,omitempty"`
SlackWebhook string `json:"slack_webhook,omitempty"`
NotifyOnFailure bool `json:"notify_on_failure"`
NotifyOnSuccess bool `json:"notify_on_success"`
}
NotificationConfig represents the configuration for pipeline notifications
type Pipeline ¶
type Pipeline struct {
// contains filtered or unexported fields
}
Pipeline represents a template security verification pipeline
func NewPipeline ¶
func NewPipeline(verifier TemplateVerifier, options *VerificationOptions) *Pipeline
NewPipeline creates a new template security verification pipeline
func (*Pipeline) ConvertToTestResults ¶
func (p *Pipeline) ConvertToTestResults() []*common.TestResult
ConvertToTestResults converts the verification results to test results
func (*Pipeline) GetResults ¶
func (p *Pipeline) GetResults() []*VerificationResult
GetResults returns the verification results
func (*Pipeline) GetSummary ¶
func (p *Pipeline) GetSummary() *VerificationSummary
GetSummary returns the summary of the pipeline results
func (*Pipeline) RunVerification ¶
func (p *Pipeline) RunVerification(ctx context.Context, config *PipelineConfig) error
RunVerification runs the template security verification pipeline
type PipelineConfig ¶
type PipelineConfig struct {
TemplateDirectories []string `json:"template_directories"`
OutputDirectory string `json:"output_directory"`
VerificationOptions *VerificationOptions `json:"verification_options"`
ReportFormats []common.ReportFormat `json:"report_formats"`
NotificationConfig *NotificationConfig `json:"notification_config,omitempty"`
ScheduleConfig *ScheduleConfig `json:"schedule_config,omitempty"`
}
PipelineConfig represents the configuration for a template security pipeline
type RegexSafetyCheck ¶
type RegexSafetyCheck struct{}
RegexSafetyCheck checks for potentially dangerous regex patterns in templates
func NewRegexSafetyCheck ¶
func NewRegexSafetyCheck() *RegexSafetyCheck
NewRegexSafetyCheck creates a new regex safety check
func (*RegexSafetyCheck) Check ¶
func (c *RegexSafetyCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for dangerous regex patterns
func (*RegexSafetyCheck) Description ¶
func (c *RegexSafetyCheck) Description() string
Description returns a description of the check
func (*RegexSafetyCheck) Name ¶
func (c *RegexSafetyCheck) Name() string
Name returns the name of the check
type ScheduleConfig ¶
type ScheduleConfig struct {
Enabled bool `json:"enabled"`
CronSchedule string `json:"cron_schedule,omitempty"`
IntervalHours int `json:"interval_hours,omitempty"`
}
ScheduleConfig represents the configuration for pipeline scheduling
type SecurityCheck ¶
type SecurityCheck interface {
// Name returns the name of the check
Name() string
// Description returns a description of the check
Description() string
// Check checks a template for security issues
Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
}
SecurityCheck is the interface for template security checks
type SecurityIssue ¶
type SecurityIssue struct {
ID string `json:"id"`
Type SecurityIssueType `json:"type"`
Description string `json:"description"`
Location string `json:"location"`
Severity common.SeverityLevel `json:"severity"`
Remediation string `json:"remediation"`
Context string `json:"context,omitempty"`
LineNumber int `json:"line_number,omitempty"`
RawData interface{} `json:"raw_data,omitempty"`
}
SecurityIssue represents a security issue found in a template
type SecurityIssueType ¶
type SecurityIssueType string
SecurityIssueType represents the type of security issue found in a template
const ( InjectionVulnerability SecurityIssueType = "injection_vulnerability" UnsanitizedInput SecurityIssueType = "unsanitized_input" InsecurePattern SecurityIssueType = "insecure_pattern" MissingValidation SecurityIssueType = "missing_validation" OverpermissiveRegex SecurityIssueType = "overpermissive_regex" DataLeakage SecurityIssueType = "data_leakage" TemplateFormatError SecurityIssueType = "template_format_error" )
Security issue types
type TemplateFormatCheck ¶
type TemplateFormatCheck struct{}
TemplateFormatCheck checks for template format issues
func NewTemplateFormatCheck ¶
func NewTemplateFormatCheck() *TemplateFormatCheck
NewTemplateFormatCheck creates a new template format check
func (*TemplateFormatCheck) Check ¶
func (c *TemplateFormatCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
Check checks a template for format issues
func (*TemplateFormatCheck) Description ¶
func (c *TemplateFormatCheck) Description() string
Description returns a description of the check
func (*TemplateFormatCheck) Name ¶
func (c *TemplateFormatCheck) Name() string
Name returns the name of the check
type TemplateSecurityReporter ¶
type TemplateSecurityReporter interface {
// GenerateReport generates a report from verification results
GenerateReport(results []*VerificationResult) (*VerificationReport, error)
// CalculateSummary calculates a summary of verification results
CalculateSummary(results []*VerificationResult) *VerificationSummary
}
TemplateSecurityReporter is the interface for template security reporters
type TemplateVerifier ¶
type TemplateVerifier interface {
// VerifyTemplate verifies a template for security issues
VerifyTemplate(ctx context.Context, template *format.Template, options *VerificationOptions) (*VerificationResult, error)
// VerifyTemplateFile verifies a template file for security issues
VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)
// VerifyTemplateDirectory verifies all templates in a directory for security issues
VerifyTemplateDirectory(ctx context.Context, directoryPath string, options *VerificationOptions) ([]*VerificationResult, error)
// RegisterCheck registers a custom security check
RegisterCheck(name string, check SecurityCheck)
// GetChecks returns all registered security checks
GetChecks() map[string]SecurityCheck
}
TemplateVerifier is the interface for template security verifiers
type VerificationOptions ¶
type VerificationOptions struct {
StrictMode bool `json:"strict_mode"`
IgnorePatterns []string `json:"ignore_patterns,omitempty"`
CustomChecks []string `json:"custom_checks,omitempty"`
SeverityThreshold common.SeverityLevel `json:"severity_threshold,omitempty"`
IncludeInfo bool `json:"include_info"`
TemplateCategories []string `json:"template_categories,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
VerificationOptions represents options for template security verification
func DefaultVerificationOptions ¶
func DefaultVerificationOptions() *VerificationOptions
DefaultVerificationOptions returns the default verification options
type VerificationReport ¶
type VerificationReport struct {
// Results is the list of verification results
Results []*VerificationResult
// Summary is a summary of the verification results
Summary *VerificationSummary
// GeneratedAt is the timestamp when the report was generated
GeneratedAt time.Time
}
VerificationReport represents a template security verification report
type VerificationResult ¶
type VerificationResult struct {
TemplatePath string `json:"template_path"`
TemplateID string `json:"template_id"`
TemplateName string `json:"template_name"`
Issues []*SecurityIssue `json:"issues"`
Passed bool `json:"passed"`
Score float64 `json:"score"`
MaxScore float64 `json:"max_score"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
VerificationResult represents the result of a template security verification
type VerificationSummary ¶
type VerificationSummary struct {
// TotalTemplates is the total number of templates verified
TotalTemplates int
// PassedTemplates is the number of templates that passed verification
PassedTemplates int
// FailedTemplates is the number of templates that failed verification
FailedTemplates int
// TotalIssues is the total number of issues found
TotalIssues int
// IssuesBySeverity is a map of issues by severity
IssuesBySeverity map[string]int
// IssuesByType is a map of issues by type
IssuesByType map[string]int
// ComplianceStatus is a map of compliance status by standard
ComplianceStatus map[string]bool
// CompliancePercentage is the overall compliance percentage
CompliancePercentage float64
}
VerificationSummary represents a summary of template security verification results