config

package
v0.4.5-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package config provides configuration parsing and variable handling.

Package config provides configuration parsing and variable handling.

Package config provides configuration parsing and variable handling.

Package config provides configuration parsing and variable handling.

Package config provides infrastructure for loading profile configurations. This package handles YAML parsing, file I/O, variable substitution, and profile inheritance.

Package config provides configuration parsing and variable handling.

Package config provides configuration parsing and variable handling.

Index

Constants

View Source 
const MaxFileSize = 1024 * 1024 // 1MB

MaxFileSize is the maximum size of a file that can be read via --set-file. This prevents accidentally reading huge files.

Variables

View Source 
var ValidKeyPattern = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_.]*$`)

ValidKeyPattern defines valid variable key format. Keys must start with a letter or underscore, followed by letters, digits, underscores, or dots.

Functions

func DetectValueType 

func DetectValueType(s string) interface{}

DetectValueType attempts to detect the type of a string value. Uses conservative rules to avoid surprises:

  • Integer: ^-?[1-9][0-9]*$ or ^0$
  • Float: ^-?[0-9]+\.[0-9]+$
  • Boolean: only literal "true" or "false"
  • Everything else: string

func FindUnusedVars 

func FindUnusedVars(cliVars map[string]interface{}, content string) []string

FindUnusedVars compares CLI variable keys against variables referenced in content. Returns a list of CLI variable keys that were set but not referenced. This helps users catch typos and misconfiguration.

func FindUnusedVarsInProfile 

func FindUnusedVarsInProfile(cliVars map[string]interface{}, profileContent []byte) []string

FindUnusedVarsInProfile scans a profile's string content for variable references. The profile should be serialized to YAML or the raw YAML content.

func MergeCLIVars 

func MergeCLIVars(profileVars, cliVars map[string]interface{}) map[string]interface{}

MergeCLIVars merges CLI variables into profile variables. CLI variables override profile variables at the same path. This implements the merge semantics from the data model:

  • Scalar override: CLI value replaces profile value at same path
  • Nested creation: Missing intermediate maps are NOT created (use SetNestedValue if needed)
  • Type coercion: CLI type wins regardless of profile type
  • Security: CLI values are literal strings, never re-parsed as templates

func ParseMultipleCLIVars 

func ParseMultipleCLIVars(inputs []string) (map[string]interface{}, error)

ParseMultipleCLIVars parses multiple key=value strings and returns a nested map. Later values for the same key override earlier ones ("last wins" semantics).

func ParseSetEnv 

func ParseSetEnv(input string) (string, interface{}, error)

ParseSetEnv parses a --set-env argument (key=ENV_VAR) and returns the key and value.

func ParseSetFile 

func ParseSetFile(input string) (string, interface{}, error)

ParseSetFile parses a --set-file argument (key=path) and returns the key and value.

func ReadValueFromEnv 

func ReadValueFromEnv(envVar string) (string, error)

ReadValueFromEnv reads a value from an environment variable for --set-env. Returns error if the environment variable is not set.

func ReadValueFromFile 

func ReadValueFromFile(path string) (string, error)

ReadValueFromFile reads a value from a file for --set-file. The file content is trimmed of trailing newlines. Returns error if file doesn't exist or exceeds size limit.

func SetNestedValue 

func SetNestedValue(m map[string]interface{}, path string, value interface{}) error

SetNestedValue sets a value at a dot-notated path in a nested map structure. Creates intermediate maps as needed. Overwrites existing values. Example: SetNestedValue(m, "a.b.c", 42) sets m["a"]["b"]["c"] = 42

Types

type CLIVarSource 

type CLIVarSource int

CLIVarSource indicates the source of a CLI variable value. 

const (
	// CLIVarSourceFlag indicates a value from --set key=value.
	CLIVarSourceFlag CLIVarSource = iota
	// CLIVarSourceFile indicates a value from --set-file key=filepath.
	CLIVarSourceFile
	// CLIVarSourceEnv indicates a value from --set-env key=ENV_VAR.
	CLIVarSourceEnv
)

func (CLIVarSource) String 

func (s CLIVarSource) String() string

String returns a human-readable name for the source.

type CLIVariable 

type CLIVariable struct {
	// Key is the variable path using dot notation (e.g., "paths.config").
	Key string
	// Value is the typed value (string, int64, float64, or bool).
	Value interface{}
	// RawValue is the original string value from the CLI.
	RawValue string
	// Source indicates where the value came from.
	Source CLIVarSource
}

CLIVariable represents a parsed CLI variable with its source and type information.

type Control 

type Control struct {
	ID            string        `yaml:"id"`
	Name          string        `yaml:"name"`
	Description   string        `yaml:"description,omitempty"`
	Severity      string        `yaml:"severity,omitempty"`
	Owner         string        `yaml:"owner,omitempty"`
	RetryBackoff  string        `yaml:"retry_backoff,omitempty"`
	DependsOn     []string      `yaml:"depends_on,omitempty"`
	Observations  []Observation `yaml:"observations"`
	Tags          []string      `yaml:"tags,omitempty"`
	Timeout       time.Duration `yaml:"timeout,omitempty"`
	Retries       int           `yaml:"retries,omitempty"`
	RetryDelay    time.Duration `yaml:"retry_delay,omitempty"`
	RetryMaxDelay time.Duration `yaml:"retry_max_delay,omitempty"`
}

Control represents a control in YAML.

func (*Control) ToEntity 

func (c *Control) ToEntity() entities.Control

ToEntity converts the control to a domain entity.

type Controls 

type Controls struct {
	Defaults *Defaults `yaml:"defaults,omitempty"`
	Items    []Control `yaml:"items"`
}

Controls represents the controls section in YAML.

func (*Controls) ToEntity 

func (c *Controls) ToEntity() entities.ControlsSection

ToEntity converts the controls section to a domain entity.

type Defaults 

type Defaults struct {
	Severity      string        `yaml:"severity,omitempty"`
	Owner         string        `yaml:"owner,omitempty"`
	RetryBackoff  string        `yaml:"retry_backoff,omitempty"`
	Tags          []string      `yaml:"tags,omitempty"`
	Timeout       time.Duration `yaml:"timeout,omitempty"`
	Retries       int           `yaml:"retries,omitempty"`
	RetryDelay    time.Duration `yaml:"retry_delay,omitempty"`
	RetryMaxDelay time.Duration `yaml:"retry_max_delay,omitempty"`
}

Defaults represents the defaults section in YAML.

func (*Defaults) ToEntity 

func (d *Defaults) ToEntity() entities.ControlDefaults

ToEntity converts the defaults to a domain entity.

type LoopConfig 

type LoopConfig struct {
	Items string `yaml:"items"`        // Variable path, e.g., "{{ .vars.services }}"
	As    string `yaml:"as,omitempty"` // Optional custom variable name
}

LoopConfig represents the loop configuration in YAML.

type Metadata 

type Metadata struct {
	Name        string `yaml:"name"`
	Version     string `yaml:"version"`
	Description string `yaml:"description,omitempty"`
}

Metadata represents the metadata section in YAML.

func (*Metadata) ToEntity 

func (m *Metadata) ToEntity() entities.ProfileMetadata

ToEntity converts the metadata to a domain entity.

type Observation 

type Observation struct {
	Loop   *LoopConfig            `yaml:"loop,omitempty"`
	Plugin string                 `yaml:"plugin"`
	Config map[string]interface{} `yaml:"config,omitempty"`
	Expect []string               `yaml:"expect,omitempty"`
}

Observation represents an observation in YAML.

func (*Observation) ToEntity 

func (o *Observation) ToEntity() entities.ObservationDefinition

ToEntity converts the observation to a domain entity.

type ParseCLIVarResult 

type ParseCLIVarResult struct {
	Key      string
	Value    interface{}
	RawValue string
}

ParseCLIVarResult contains the result of parsing a CLI variable string.

func ParseCLIVar 

func ParseCLIVar(input string) (ParseCLIVarResult, error)

ParseCLIVar parses a key=value string from --set flag. Returns the parsed key and typed value. Type detection is conservative:

  • Integers: 0, 42, -7, 1000 (no leading zeros except for 0 itself)
  • Floats: 3.14, -0.5 (must have both integer and decimal parts)
  • Booleans: only literal "true" and "false" (case-sensitive)
  • Everything else: string (including 007, 1.0.0, etc.)

type Profile 

type Profile struct {
	Metadata Metadata               `yaml:"profile"`
	Plugins  []string               `yaml:"plugins,omitempty"`
	Vars     map[string]interface{} `yaml:"vars,omitempty"`
	Config   *ProfileConfig         `yaml:"config,omitempty"` // NEW: Profile-level configuration
	Controls Controls               `yaml:"controls"`
	Extends  []string               `yaml:"extends,omitempty"`
}

Profile represents the YAML structure of a profile.

func (*Profile) ToEntity 

func (p *Profile) ToEntity() entities.Profile

ToEntity converts the config representation to a domain Profile entity.

type ProfileConfig 

type ProfileConfig struct {
	Limits *system.LimitsConfig `yaml:"limits,omitempty"` // Profile-specific limit overrides
}

ProfileConfig represents profile-level configuration that can override system defaults.

type ProfileLoader 

type ProfileLoader struct {
	// contains filtered or unexported fields
}

ProfileLoader handles loading profiles from YAML files with inheritance support.

Inheritance Resolution:

  • Profiles can specify parent profiles via the `extends` field
  • Parents are loaded recursively and merged left-to-right
  • Circular dependencies are detected and rejected
  • Relative paths are resolved from the extending profile's directory

Cycle Detection Note

This loader detects cycles in PROFILE INHERITANCE (extends field). This is different from Profile.CheckForCycles() which detects cycles in CONTROL DEPENDENCIES (depends_on field within a single profile).

This is different from Profile.CheckForCycles() which detects cycles in CONTROL DEPENDENCIES (depends_on field within a single profile).

func NewProfileLoader 

func NewProfileLoader(opts ...ProfileLoaderOption) *ProfileLoader

NewProfileLoader creates a new profile loader with optional configuration.

func (*ProfileLoader) LoadProfile 

func (l *ProfileLoader) LoadProfile(path string) (*entities.Profile, error)

LoadProfile loads a profile and resolves all inheritance. This is the main entry point for profile loading.

func (*ProfileLoader) LoadProfileFromReader 

func (l *ProfileLoader) LoadProfileFromReader(r io.Reader) (*entities.Profile, error)

LoadProfileFromReader loads a profile from an io.Reader. Note: This does NOT resolve inheritance, only parses YAML.

type ProfileLoaderOption 

type ProfileLoaderOption func(*ProfileLoader)

ProfileLoaderOption defines a functional option for configuring ProfileLoader.

func WithFilesystem 

func WithFilesystem(fs fs.FS) ProfileLoaderOption

WithFilesystem configures the loader to use the provided filesystem. This is primarily used for testing or when loading profiles from non-standard locations (e.g., embedded files).

type ResolvedLimits 

type ResolvedLimits struct {
	// Evidence & Data Limits
	MaxEvidenceSize      int
	MaxHTTPResponseSize  int
	MaxCommandOutputSize int
	MaxSARIFArtifactSize int

	// Expression Evaluation Limits
	MaxExpressionLength int
	MaxASTNodes         int

	// Network & HTTP Limits
	MaxHTTPRedirects int
	HTTPTimeout      time.Duration
	HTTPIdleTimeout  time.Duration

	// Concurrency Limits
	MaxConcurrentControls     int
	MaxConcurrentObservations int
}

ResolvedLimits contains the final, resolved limit values after merging all sources. All fields are non-pointer primitive types for easy access throughout the codebase.

func BuildLimits 

func BuildLimits(systemLimits, profileLimits *system.LimitsConfig) (*ResolvedLimits, error)

BuildLimits merges limits from code defaults, system config, and profile config. Precedence: profile > system > defaults Validates all limits against absolute maximums.

type RuntimeConfig 

type RuntimeConfig struct {
	Limits                    *ResolvedLimits
	SecurityLevel             string
	WasmMemoryLimitMB         int
	MaxEvidenceSizeBytes      int
	MaxConcurrentControls     int
	MaxConcurrentObservations int
}

RuntimeConfig aggregates all runtime configuration. This is a value object that flows through the system.

func FromSystemAndProfileConfig 

func FromSystemAndProfileConfig(sys *system.Config, profileLimits *system.LimitsConfig) (*RuntimeConfig, error)

FromSystemAndProfileConfig creates RuntimeConfig from both system and profile config. This merges limits with proper precedence: defaults → system → profile.

func FromSystemConfig 

func FromSystemConfig(sys *system.Config) *RuntimeConfig

FromSystemConfig creates RuntimeConfig from system config. This is the legacy constructor for backward compatibility.

type VariableSubstitutor 

type VariableSubstitutor struct {
	// contains filtered or unexported fields
}

VariableSubstitutor performs variable substitution in profiles.

func NewVariableSubstitutor 

func NewVariableSubstitutor(resolver ports.SecretResolver) *VariableSubstitutor

NewVariableSubstitutor creates a new variable substitutor.

func (*VariableSubstitutor) Substitute 

func (s *VariableSubstitutor) Substitute(profile *entities.Profile) error

Substitute performs simple variable substitution in a profile. It replaces {{ .vars.key }} patterns with values from the profile's vars map. Supports nested paths like {{ .vars.paths.config }}. Returns an error if a referenced variable is not found. Modifies the profile in place.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.