security

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package security provides template security verification mechanisms

Package security provides template security verification mechanisms

Package security provides template security verification mechanisms

Package security provides template security verification mechanisms

Package security provides template security verification mechanisms

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RunScheduledVerification

func RunScheduledVerification(ctx context.Context, pipeline *Pipeline, config *PipelineConfig)

RunScheduledVerification runs the template security verification pipeline on a schedule

func VerificationResultToTestResult

func VerificationResultToTestResult(result *VerificationResult) *common.TestResult

VerificationResultToTestResult converts a verification result to a test result

Types

type DataLeakageCheck

type DataLeakageCheck struct{}

DataLeakageCheck checks for potential data leakage in templates

func NewDataLeakageCheck

func NewDataLeakageCheck() *DataLeakageCheck

NewDataLeakageCheck creates a new data leakage check

func (*DataLeakageCheck) Check

func (c *DataLeakageCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue

Check checks a template for potential data leakage

func (*DataLeakageCheck) Description

func (c *DataLeakageCheck) Description() string

Description returns a description of the check

func (*DataLeakageCheck) Name

func (c *DataLeakageCheck) Name() string

Name returns the name of the check

type DefaultTemplateSecurityReporter

type DefaultTemplateSecurityReporter struct {
}

DefaultTemplateSecurityReporter is the default implementation of TemplateSecurityReporter

func NewDefaultTemplateSecurityReporter

func NewDefaultTemplateSecurityReporter() *DefaultTemplateSecurityReporter

NewDefaultTemplateSecurityReporter creates a new default template security reporter

func (*DefaultTemplateSecurityReporter) CalculateSummary

CalculateSummary calculates a summary of verification results

func (*DefaultTemplateSecurityReporter) ConvertToTestResults

func (r *DefaultTemplateSecurityReporter) ConvertToTestResults(report *VerificationReport) []*common.TestResult

ConvertToTestResults converts a verification report to test results

func (*DefaultTemplateSecurityReporter) GenerateReport

GenerateReport generates a report from verification results

type DefaultTemplateVerifier

type DefaultTemplateVerifier struct {
	// contains filtered or unexported fields
}

DefaultTemplateVerifier is the default implementation of TemplateVerifier

func NewTemplateVerifier

func NewTemplateVerifier() *DefaultTemplateVerifier

NewTemplateVerifier creates a new template verifier with default security checks

func (*DefaultTemplateVerifier) GetChecks

func (v *DefaultTemplateVerifier) GetChecks() map[string]SecurityCheck

GetChecks returns all registered security checks

func (*DefaultTemplateVerifier) RegisterCheck

func (v *DefaultTemplateVerifier) RegisterCheck(name string, check SecurityCheck)

RegisterCheck registers a custom security check

func (*DefaultTemplateVerifier) VerifyTemplate

func (v *DefaultTemplateVerifier) VerifyTemplate(ctx context.Context, template *format.Template, options *VerificationOptions) (*VerificationResult, error)

VerifyTemplate verifies a template for security issues

func (*DefaultTemplateVerifier) VerifyTemplateDirectory

func (v *DefaultTemplateVerifier) VerifyTemplateDirectory(ctx context.Context, directoryPath string, options *VerificationOptions) ([]*VerificationResult, error)

VerifyTemplateDirectory verifies all templates in a directory for security issues

func (*DefaultTemplateVerifier) VerifyTemplateFile

func (v *DefaultTemplateVerifier) VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)

VerifyTemplateFile verifies a template file for security issues

type InjectionPatternCheck

type InjectionPatternCheck struct{}

InjectionPatternCheck checks for potential injection vulnerabilities in templates

func NewInjectionPatternCheck

func NewInjectionPatternCheck() *InjectionPatternCheck

NewInjectionPatternCheck creates a new injection pattern check

func (*InjectionPatternCheck) Check

func (c *InjectionPatternCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue

Check checks a template for injection vulnerabilities

func (*InjectionPatternCheck) Description

func (c *InjectionPatternCheck) Description() string

Description returns a description of the check

func (*InjectionPatternCheck) Name

func (c *InjectionPatternCheck) Name() string

Name returns the name of the check

type InputValidationCheck

type InputValidationCheck struct{}

InputValidationCheck checks for missing input validation in templates

func NewInputValidationCheck

func NewInputValidationCheck() *InputValidationCheck

NewInputValidationCheck creates a new input validation check

func (*InputValidationCheck) Check

func (c *InputValidationCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue

Check checks a template for missing input validation

func (*InputValidationCheck) Description

func (c *InputValidationCheck) Description() string

Description returns a description of the check

func (*InputValidationCheck) Name

func (c *InputValidationCheck) Name() string

Name returns the name of the check

type NotificationConfig

type NotificationConfig struct {
	Enabled         bool     `json:"enabled"`
	EmailRecipients []string `json:"email_recipients,omitempty"`
	SlackWebhook    string   `json:"slack_webhook,omitempty"`
	NotifyOnFailure bool     `json:"notify_on_failure"`
	NotifyOnSuccess bool     `json:"notify_on_success"`
}

NotificationConfig represents the configuration for pipeline notifications

type Pipeline

type Pipeline struct {
	// contains filtered or unexported fields
}

Pipeline represents a template security verification pipeline

func NewPipeline

func NewPipeline(verifier TemplateVerifier, options *VerificationOptions) *Pipeline

NewPipeline creates a new template security verification pipeline

func (*Pipeline) ConvertToTestResults

func (p *Pipeline) ConvertToTestResults() []*common.TestResult

ConvertToTestResults converts the verification results to test results

func (*Pipeline) GetResults

func (p *Pipeline) GetResults() []*VerificationResult

GetResults returns the verification results

func (*Pipeline) GetSummary

func (p *Pipeline) GetSummary() *VerificationSummary

GetSummary returns the summary of the pipeline results

func (*Pipeline) RunVerification

func (p *Pipeline) RunVerification(ctx context.Context, config *PipelineConfig) error

RunVerification runs the template security verification pipeline

type PipelineConfig

type PipelineConfig struct {
	TemplateDirectories []string              `json:"template_directories"`
	OutputDirectory     string                `json:"output_directory"`
	VerificationOptions *VerificationOptions  `json:"verification_options"`
	ReportFormats       []common.ReportFormat `json:"report_formats"`
	NotificationConfig  *NotificationConfig   `json:"notification_config,omitempty"`
	ScheduleConfig      *ScheduleConfig       `json:"schedule_config,omitempty"`
}

PipelineConfig represents the configuration for a template security pipeline

type RegexSafetyCheck

type RegexSafetyCheck struct{}

RegexSafetyCheck checks for potentially dangerous regex patterns in templates

func NewRegexSafetyCheck

func NewRegexSafetyCheck() *RegexSafetyCheck

NewRegexSafetyCheck creates a new regex safety check

func (*RegexSafetyCheck) Check

func (c *RegexSafetyCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue

Check checks a template for dangerous regex patterns

func (*RegexSafetyCheck) Description

func (c *RegexSafetyCheck) Description() string

Description returns a description of the check

func (*RegexSafetyCheck) Name

func (c *RegexSafetyCheck) Name() string

Name returns the name of the check

type ScheduleConfig

type ScheduleConfig struct {
	Enabled       bool   `json:"enabled"`
	CronSchedule  string `json:"cron_schedule,omitempty"`
	IntervalHours int    `json:"interval_hours,omitempty"`
}

ScheduleConfig represents the configuration for pipeline scheduling

type SecurityCheck

type SecurityCheck interface {
	// Name returns the name of the check
	Name() string

	// Description returns a description of the check
	Description() string

	// Check checks a template for security issues
	Check(template *format.Template, options *VerificationOptions) []*SecurityIssue
}

SecurityCheck is the interface for template security checks

type SecurityIssue

type SecurityIssue struct {
	ID          string               `json:"id"`
	Type        SecurityIssueType    `json:"type"`
	Description string               `json:"description"`
	Location    string               `json:"location"`
	Severity    common.SeverityLevel `json:"severity"`
	Remediation string               `json:"remediation"`
	Context     string               `json:"context,omitempty"`
	LineNumber  int                  `json:"line_number,omitempty"`
	RawData     interface{}          `json:"raw_data,omitempty"`
}

SecurityIssue represents a security issue found in a template

type SecurityIssueType

type SecurityIssueType string

SecurityIssueType represents the type of security issue found in a template

const (
	InjectionVulnerability SecurityIssueType = "injection_vulnerability"
	UnsanitizedInput       SecurityIssueType = "unsanitized_input"
	InsecurePattern        SecurityIssueType = "insecure_pattern"
	MissingValidation      SecurityIssueType = "missing_validation"
	OverpermissiveRegex    SecurityIssueType = "overpermissive_regex"
	DataLeakage            SecurityIssueType = "data_leakage"
	TemplateFormatError    SecurityIssueType = "template_format_error"
)

Security issue types

type TemplateFormatCheck

type TemplateFormatCheck struct{}

TemplateFormatCheck checks for template format issues

func NewTemplateFormatCheck

func NewTemplateFormatCheck() *TemplateFormatCheck

NewTemplateFormatCheck creates a new template format check

func (*TemplateFormatCheck) Check

func (c *TemplateFormatCheck) Check(template *format.Template, options *VerificationOptions) []*SecurityIssue

Check checks a template for format issues

func (*TemplateFormatCheck) Description

func (c *TemplateFormatCheck) Description() string

Description returns a description of the check

func (*TemplateFormatCheck) Name

func (c *TemplateFormatCheck) Name() string

Name returns the name of the check

type TemplateSecurityReporter

type TemplateSecurityReporter interface {
	// GenerateReport generates a report from verification results
	GenerateReport(results []*VerificationResult) (*VerificationReport, error)

	// CalculateSummary calculates a summary of verification results
	CalculateSummary(results []*VerificationResult) *VerificationSummary
}

TemplateSecurityReporter is the interface for template security reporters

type TemplateVerifier

type TemplateVerifier interface {
	// VerifyTemplate verifies a template for security issues
	VerifyTemplate(ctx context.Context, template *format.Template, options *VerificationOptions) (*VerificationResult, error)

	// VerifyTemplateFile verifies a template file for security issues
	VerifyTemplateFile(ctx context.Context, templatePath string, options *VerificationOptions) (*VerificationResult, error)

	// VerifyTemplateDirectory verifies all templates in a directory for security issues
	VerifyTemplateDirectory(ctx context.Context, directoryPath string, options *VerificationOptions) ([]*VerificationResult, error)

	// RegisterCheck registers a custom security check
	RegisterCheck(name string, check SecurityCheck)

	// GetChecks returns all registered security checks
	GetChecks() map[string]SecurityCheck
}

TemplateVerifier is the interface for template security verifiers

type VerificationOptions

type VerificationOptions struct {
	StrictMode         bool                   `json:"strict_mode"`
	IgnorePatterns     []string               `json:"ignore_patterns,omitempty"`
	CustomChecks       []string               `json:"custom_checks,omitempty"`
	SeverityThreshold  common.SeverityLevel   `json:"severity_threshold,omitempty"`
	IncludeInfo        bool                   `json:"include_info"`
	TemplateCategories []string               `json:"template_categories,omitempty"`
	Metadata           map[string]interface{} `json:"metadata,omitempty"`
}

VerificationOptions represents options for template security verification

func DefaultVerificationOptions

func DefaultVerificationOptions() *VerificationOptions

DefaultVerificationOptions returns the default verification options

type VerificationReport

type VerificationReport struct {
	// Results is the list of verification results
	Results []*VerificationResult

	// Summary is a summary of the verification results
	Summary *VerificationSummary

	// GeneratedAt is the timestamp when the report was generated
	GeneratedAt time.Time
}

VerificationReport represents a template security verification report

type VerificationResult

type VerificationResult struct {
	TemplatePath string                 `json:"template_path"`
	TemplateID   string                 `json:"template_id"`
	TemplateName string                 `json:"template_name"`
	Issues       []*SecurityIssue       `json:"issues"`
	Passed       bool                   `json:"passed"`
	Score        float64                `json:"score"`
	MaxScore     float64                `json:"max_score"`
	Metadata     map[string]interface{} `json:"metadata,omitempty"`
}

VerificationResult represents the result of a template security verification

type VerificationSummary

type VerificationSummary struct {
	// TotalTemplates is the total number of templates verified
	TotalTemplates int

	// PassedTemplates is the number of templates that passed verification
	PassedTemplates int

	// FailedTemplates is the number of templates that failed verification
	FailedTemplates int

	// TotalIssues is the total number of issues found
	TotalIssues int

	// IssuesBySeverity is a map of issues by severity
	IssuesBySeverity map[string]int

	// IssuesByType is a map of issues by type
	IssuesByType map[string]int

	// ComplianceStatus is a map of compliance status by standard
	ComplianceStatus map[string]bool

	// CompliancePercentage is the overall compliance percentage
	CompliancePercentage float64
}

VerificationSummary represents a summary of template security verification results

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL