Documentation
¶
Index ¶
- Constants
- func NewMalwareAnalyzer(config MalwareAnalyzerConfig) (*malwareAnalyzer, error)
- func ThreatInstanceID(id jsonreportspec.ReportThreat_ReportThreatId, ...) string
- type Analyzer
- func NewCelFilterAnalyzer(fl string, failOnMatch bool) (Analyzer, error)
- func NewCelFilterSuiteAnalyzer(path string, failOnMatch bool) (Analyzer, error)
- func NewExceptionsGenerator(config ExceptionsGeneratorConfig) (Analyzer, error)
- func NewJsonDumperAnalyzer(dir string) (Analyzer, error)
- func NewLockfilePoisoningAnalyzer(config LockfilePoisoningAnalyzerConfig) (Analyzer, error)
- type AnalyzerEvent
- type AnalyzerEventHandler
- type AnalyzerEventType
- type ExceptionsGeneratorConfig
- type LockfilePoisoningAnalyzerConfig
- type MalwareAnalyzerConfig
Constants ¶
View Source
const ( ET_FilterExpressionMatched = AnalyzerEventType("ev_pkg_filter_match") ET_SuspiciousPackage = AnalyzerEventType("ev_suspicious_package") ET_AnalyzerFailOnError = AnalyzerEventType("ev_fail_on_error") // Following event types must set the Threat field ET_LockfilePoisoningSignal = AnalyzerEventType("ev_lockfile_poisoning") )
Variables ¶
This section is empty.
Functions ¶
func NewMalwareAnalyzer ¶ added in v1.9.0
func NewMalwareAnalyzer(config MalwareAnalyzerConfig) (*malwareAnalyzer, error)
func ThreatInstanceID ¶ added in v1.12.0
func ThreatInstanceID(id jsonreportspec.ReportThreat_ReportThreatId, st jsonreportspec.ReportThreat_SubjectType, s string, ) string
ThreatInstanceID generates a unique identifier for a threat instance
Types ¶
type Analyzer ¶
type Analyzer interface {
Name() string
Analyze(manifest *models.PackageManifest,
handler AnalyzerEventHandler) error
Finish() error
}
Contract for an analyzer
func NewCelFilterAnalyzer ¶
func NewExceptionsGenerator ¶
func NewExceptionsGenerator(config ExceptionsGeneratorConfig) (Analyzer, error)
func NewJsonDumperAnalyzer ¶
func NewLockfilePoisoningAnalyzer ¶ added in v1.5.0
func NewLockfilePoisoningAnalyzer(config LockfilePoisoningAnalyzerConfig) (Analyzer, error)
type AnalyzerEvent ¶
type AnalyzerEvent struct {
// Analyzer generating this event
Source string
// Type of the event
Type AnalyzerEventType
// Message / Error / Filter
Message interface{}
Filter *filtersuite.Filter
Threat *jsonreportspec.ReportThreat
Err error
// Entities on which event was generated
Manifest *models.PackageManifest
Package *models.Package
}
func (*AnalyzerEvent) IsFailOnError ¶
func (ev *AnalyzerEvent) IsFailOnError() bool
func (*AnalyzerEvent) IsFilterMatch ¶
func (ev *AnalyzerEvent) IsFilterMatch() bool
func (*AnalyzerEvent) IsLockfilePoisoningSignal ¶ added in v1.5.0
func (ev *AnalyzerEvent) IsLockfilePoisoningSignal() bool
type AnalyzerEventHandler ¶
type AnalyzerEventHandler func(event *AnalyzerEvent) error
Callback to receive events from analyzer
type AnalyzerEventType ¶
type AnalyzerEventType string
type LockfilePoisoningAnalyzerConfig ¶ added in v1.5.0
type MalwareAnalyzerConfig ¶ added in v1.9.0
type MalwareAnalyzerConfig struct {
// Flag to trust automated analysis results without needing
// a verification record
TrustAutomatedAnalysis bool
// Fail fast on malware detection
FailFast bool
// Minimum confidence level for malicious package analysis result to fail fast
// Should be HIGH, MEDIUM or LOW
MinimumConfidence string
// contains filtered or unexported fields
}
func DefaultMalwareAnalyzerConfig ¶ added in v1.9.0
func DefaultMalwareAnalyzerConfig() MalwareAnalyzerConfig
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.