reachability

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package reachability provides the test framework for security reachability analysis.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Count 

func Count() int

Count returns the number of registered tests.

func CountByCategory 

func CountByCategory() map[Category]int

CountByCategory returns the count of tests per category.

func IDs 

func IDs() []string

IDs returns all registered test IDs in order.

func Register 

func Register(t Test)

Register adds a test to the global registry.

Types

type BaseTest 

type BaseTest struct {
	// contains filtered or unexported fields
}

BaseTest provides common functionality for tests.

func NewBaseTest 

func NewBaseTest(id, name, description string, category Category) BaseTest

NewBaseTest creates a new BaseTest.

func (BaseTest) Category 

func (t BaseTest) Category() Category

Category returns the test category.

func (BaseTest) Description 

func (t BaseTest) Description() string

Description returns the test description.

func (BaseTest) ID 

func (t BaseTest) ID() string

ID returns the test identifier.

func (BaseTest) Name 

func (t BaseTest) Name() string

Name returns the test name.

type Category 

type Category string

Category represents a test category for reachability analysis. 

const (
	// CategoryReachable tests whether vulnerable code is reachable.
	CategoryReachable Category = "reachable"

	// CategoryExploitable tests whether the vulnerability is exploitable.
	CategoryExploitable Category = "exploitable"

	// CategoryDamage tests the potential damage if exploited.
	CategoryDamage Category = "damage"
)

func AllCategories 

func AllCategories() []Category

AllCategories returns all test categories in order.

func (Category) String 

func (c Category) String() string

String returns the string representation of the category.

func (Category) Weight 

func (c Category) Weight() float64

Weight returns the default weight for scoring.

type CategoryScore 

type CategoryScore struct {
	Category      Category `json:"category"`
	Score         float64  `json:"score"`
	Weight        float64  `json:"weight"`
	WeightedScore float64  `json:"weighted_score"`
	PassCount     int      `json:"pass_count"`
	FailCount     int      `json:"fail_count"`
	Justification string   `json:"justification"`
}

CategoryScore contains the aggregated score for a category.

type Config 

type Config struct {
	// Thresholds for scoring
	MinConfidence    float64 `yaml:"min_confidence"`
	HighSeverityCVSS float64 `yaml:"high_severity_cvss"`
	EPSSHighRisk     float64 `yaml:"epss_high_risk"`

	// Category weights
	CategoryWeights map[Category]float64 `yaml:"category_weights"`

	// Business context
	CriticalPackages []string `yaml:"critical_packages"`
	AuthPackages     []string `yaml:"auth_packages"`
}

Config contains test configuration.

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns the default configuration.

type DeploymentInfo 

type DeploymentInfo struct {
	// Name is the deployment name.
	Name string `json:"name"`

	// ServiceName is the service/application name.
	ServiceName string `json:"service_name,omitempty"`

	// Namespace is the Kubernetes namespace.
	Namespace string `json:"namespace"`

	// Cluster is the Kubernetes cluster name.
	Cluster string `json:"cluster,omitempty"`

	// Environment is the deployment environment (e.g., "production", "staging").
	Environment string `json:"environment"`

	// Status is the deployment status (e.g., "running", "stopped").
	Status string `json:"status"`

	// Replicas is the number of running replicas.
	Replicas int `json:"replicas"`

	// Image is the container image.
	Image string `json:"image"`

	// ImageDeployed indicates if the image is deployed.
	ImageDeployed bool `json:"image_deployed"`

	// ContainerRunning indicates if the container is actively running.
	ContainerRunning bool `json:"container_running"`

	// IsInternetExposed indicates if the deployment is internet-accessible.
	IsInternetExposed bool `json:"is_internet_exposed"`

	// IngressPaths are the exposed HTTP paths.
	IngressPaths []string `json:"ingress_paths,omitempty"`

	// RepositoryURL is the source code repository URL.
	RepositoryURL string `json:"repository_url,omitempty"`

	// Visibility is the repository visibility (public/private).
	Visibility string `json:"visibility,omitempty"`

	// BusinessCriticality is the business criticality level (critical/high/medium/low).
	BusinessCriticality string `json:"business_criticality,omitempty"`
}

DeploymentInfo contains runtime deployment information.

type EvalContext 

type EvalContext struct {
	// Context is the Go context for cancellation and timeouts.
	Context context.Context

	// Graph is the loaded code knowledge graph.
	Graph *graph.Graph

	// Traverser provides graph traversal capabilities.
	Traverser *query.Traverser

	// VulnID is the vulnerability identifier (e.g., "CVE-2021-44228").
	VulnID string

	// VulnInfo contains detailed vulnerability information.
	VulnInfo *VulnerabilityInfo

	// AffectedPackage is the package containing the vulnerability.
	AffectedPackage string

	// AffectedFunction is the specific function containing the vulnerability (if known).
	AffectedFunction string

	// AffectedNodeIDs are the graph node IDs that represent vulnerable code.
	AffectedNodeIDs []string

	// DeploymentInfo contains runtime deployment information (optional).
	DeploymentInfo *DeploymentInfo

	// Deployments contains runtime deployment information (optional).
	Deployments []*DeploymentInfo

	// Config contains test configuration.
	Config *Config
}

EvalContext provides the data needed for test evaluation.

func NewEvalContext 

func NewEvalContext(ctx context.Context, g *graph.Graph, vulnID string) *EvalContext

NewEvalContext creates a new evaluation context.

type RunResult 

type RunResult struct {
	// Results contains individual test results.
	Results []*TestResult `json:"results"`

	// ByCategory groups results by category.
	ByCategory map[Category][]*TestResult `json:"by_category"`

	// CategoryScores contains aggregated scores per category.
	CategoryScores map[Category]*CategoryScore `json:"category_scores"`

	// TotalDuration is the total time taken.
	TotalDuration time.Duration `json:"total_duration"`

	// PassCount is the number of passing tests.
	PassCount int `json:"pass_count"`

	// FailCount is the number of failing tests.
	FailCount int `json:"fail_count"`

	// ErrorCount is the number of tests that errored.
	ErrorCount int `json:"error_count"`
}

RunResult contains the results of running all tests.

func (*RunResult) Decision 

func (r *RunResult) Decision() evaluation.DecisionStatus

Decision determines the overall decision based on results.

func (*RunResult) WeightedScore 

func (r *RunResult) WeightedScore() float64

WeightedScore returns the total weighted score.

type Runner 

type Runner struct {
	// contains filtered or unexported fields
}

Runner orchestrates test execution.

func NewRunner 

func NewRunner() *Runner

NewRunner creates a new test runner with all registered tests.

func NewRunnerForCategories 

func NewRunnerForCategories(categories ...Category) *Runner

NewRunnerForCategories creates a runner for specific categories.

func NewRunnerWithTests 

func NewRunnerWithTests(tests []Test) *Runner

NewRunnerWithTests creates a runner with specific tests.

func (*Runner) Run 

func (r *Runner) Run(ctx *EvalContext) (*RunResult, error)

Run executes all tests and returns the results.

func (*Runner) SetLogger 

func (r *Runner) SetLogger(logger *slog.Logger)

SetLogger sets the logger for the runner.

type Test 

type Test interface {
	// ID returns the unique test identifier (e.g., "REACH-001").
	ID() string

	// Name returns the human-readable test name.
	Name() string

	// Description returns a detailed description of what the test checks.
	Description() string

	// Category returns the test category (reachable, exploitable, damage).
	Category() Category

	// Evaluate runs the test and returns the result.
	Evaluate(ctx *EvalContext) (*TestResult, error)
}

Test defines the interface for a reachability test.

func All 

func All() []Test

All returns all registered tests in registration order.

func ByCategory 

func ByCategory(category Category) []Test

ByCategory returns all tests in a specific category.

func Get 

func Get(id string) (Test, bool)

Get returns a test by ID.

type TestResult 

type TestResult struct {
	// ID is the test identifier.
	ID string `json:"id"`

	// Name is the human-readable test name.
	Name string `json:"name"`

	// Category is the test category.
	Category Category `json:"category"`

	// Pass indicates whether the condition tested is TRUE.
	// For "risk exists" tests: Pass=true means risk exists.
	// For "risk mitigated" tests: Pass=true means risk is mitigated.
	Pass bool `json:"pass"`

	// Confidence is the certainty of the result (0.0-1.0).
	Confidence float64 `json:"confidence"`

	// Severity indicates the security severity based on the result.
	Severity evaluation.Severity `json:"severity"`

	// Evidence provides human-readable explanation of the finding.
	Evidence string `json:"evidence"`

	// Details contains structured additional information.
	Details map[string]any `json:"details,omitempty"`

	// Duration is how long the test took to run.
	Duration time.Duration `json:"duration"`

	// Error contains any error message if the test failed to execute.
	Error string `json:"error,omitempty"`
}

TestResult holds the outcome of a reachability test.

func (*TestResult) ToFinding 

func (r *TestResult) ToFinding() *evaluation.Finding

ToFinding converts the test result to a structured-evaluation Finding.

type VulnerabilityInfo 

type VulnerabilityInfo struct {
	// ID is the primary identifier (e.g., "CVE-2021-44228").
	ID string `json:"id"`

	// Aliases are alternative identifiers (e.g., "GHSA-xxx").
	Aliases []string `json:"aliases,omitempty"`

	// Summary is a brief description.
	Summary string `json:"summary"`

	// Description is the detailed description.
	Description string `json:"description"`

	// Severity is the severity level.
	Severity string `json:"severity"`

	// CVSSScore is the CVSS score (0.0-10.0).
	CVSSScore float64 `json:"cvss_score"`

	// CVSSVector is the CVSS vector string.
	CVSSVector string `json:"cvss_vector,omitempty"`

	// EPSSScore is the EPSS probability (0.0-1.0).
	EPSSScore float64 `json:"epss_score"`

	// IsKnownExploited indicates if in CISA KEV.
	IsKnownExploited bool `json:"is_known_exploited"`

	// InCISAKEV indicates if in CISA Known Exploited Vulnerabilities catalog.
	InCISAKEV bool `json:"in_cisa_kev"`

	// AffectedPackages lists affected package identifiers (purls).
	AffectedPackages []string `json:"affected_packages"`

	// AffectedVersions maps package to affected version ranges.
	AffectedVersions map[string]string `json:"affected_versions,omitempty"`

	// FixedVersions maps package to fixed versions.
	FixedVersions map[string]string `json:"fixed_versions,omitempty"`

	// References are URLs for more information.
	References []string `json:"references,omitempty"`

	// PublicExploits lists known public exploits.
	PublicExploits []string `json:"public_exploits,omitempty"`

	// Community Buzz fields
	ExploitDBID       string `json:"exploitdb_id,omitempty"`
	HasPublicPoC      bool   `json:"has_public_poc"`
	TwitterMentions   int    `json:"twitter_mentions"`
	GitHubPoCStstars  int    `json:"github_poc_stars"`
	SecurityBlogPosts int    `json:"security_blog_posts"`

	// Patching history fields
	PatchIterations           int      `json:"patch_iterations"`
	PatchBypasses             int      `json:"patch_bypasses"`
	RelatedCVEs               []string `json:"related_cves,omitempty"`
	HasIncompleteFixIndicator bool     `json:"has_incomplete_fix_indicator"`

	// Exploit availability fields
	MetasploitModule string `json:"metasploit_module,omitempty"`
	GitHubPoCCount   int    `json:"github_poc_count"`
	NucleiTemplate   bool   `json:"nuclei_template"`

	// AI analysis fields
	AIAnalysisPerformed   bool    `json:"ai_analysis_performed"`
	AIExploitabilityScore float64 `json:"ai_exploitability_score"`
	AIConfidence          float64 `json:"ai_confidence"`
	AIReasoning           string  `json:"ai_reasoning,omitempty"`
}

VulnerabilityInfo contains information about a vulnerability.

Source Files

View all Source files

Directories

Path Synopsis
Package damage implements damage assessment tests.
 Package damage implements damage assessment tests.
Package exploitable implements exploitability tests.
 Package exploitable implements exploitability tests.
Package reachable implements reachability tests.
 Package reachable implements reachability tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.