security

package
v0.59.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ActionAllow = "allow"
	ActionWarn  = "warn"
	ActionBlock = "block"
)

Security actions

Variables

This section is empty.

Functions

func CheckDomainAccess 

func CheckDomainAccess(domain string) error

CheckDomainAccess checks domain access via global manager

func CheckFileAccess 

func CheckFileAccess(filePath string) error

CheckFileAccess checks file access via global manager

func FormatSecurityBlockError added in v0.35.4 

func FormatSecurityBlockError(secErr *SecurityError) error

FormatSecurityBlockError creates a standardised security block error message

func FormatSecurityBlockErrorFromResult added in v0.35.4 

func FormatSecurityBlockErrorFromResult(result *SecurityResult) error

FormatSecurityBlockErrorFromResult creates a standardised security block error from a SecurityResult

func FormatSecurityWarningPrefix added in v0.35.4 

func FormatSecurityWarningPrefix(result *SecurityResult) string

FormatSecurityWarningPrefix creates a standardised security warning prefix for content

func GenerateCacheKey 

func GenerateCacheKey(content string, sourceURL string) string

GenerateCacheKey generates a cache key from content and source

func GenerateDefaultConfig 

func GenerateDefaultConfig() string

GenerateDefaultConfig generates the default security configuration

func GenerateSecurityID 

func GenerateSecurityID(action string) string

GenerateSecurityID generates a unique security event ID

func HandleSecurityWarning 

func HandleSecurityWarning(result *SecurityResult, logger *logrus.Logger) string

HandleSecurityWarning provides standardised security warning handling across all tools It logs the warning and returns a formatted security notice string for inclusion in responses

func InitGlobalSecurityManager 

func InitGlobalSecurityManager() error

InitGlobalSecurityManager initialises the global security manager

func IsEnabled 

func IsEnabled() bool

IsEnabled returns whether the global security system is enabled

func LogAccessControlBlock 

func LogAccessControlBlock(eventType, source, tool string)

LogAccessControlBlock logs access control blocks

func LogSecurityEvent 

func LogSecurityEvent(securityID, action string, analysis *ThreatAnalysis, source, tool string)

Global logging function

Types

type AccessControl 

type AccessControl struct {
	DenyFiles   []string `yaml:"deny_files"`
	DenyDomains []string `yaml:"deny_domains"`
}

AccessControl defines file and domain access restrictions

type AllowlistPatterns 

type AllowlistPatterns struct {
	FilePaths []string `yaml:"file_paths"`
	Domains   []string `yaml:"domains"`
	Commands  []string `yaml:"commands"`
}

AllowlistPatterns contains patterns that are permanently allowed

type ArgumentType 

type ArgumentType string

ArgumentType enum for command arguments 

const (
	ArgumentTypeURL      ArgumentType = "url"
	ArgumentTypeFile     ArgumentType = "file"
	ArgumentTypeFlag     ArgumentType = "flag"
	ArgumentTypeVariable ArgumentType = "variable"
	ArgumentTypeString   ArgumentType = "string"
)

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

Cache provides in-memory security analysis caching

func (*Cache) Clear 

func (c *Cache) Clear()

Clear removes all entries from the cache

func (*Cache) Get 

func (c *Cache) Get(key string) (*SecurityResult, bool)

Get retrieves a cached security result

func (*Cache) GetWithGeneration 

func (c *Cache) GetWithGeneration(content string, source SourceContext, generator func() (*SecurityResult, error)) (*SecurityResult, error)

GetWithGeneration retrieves or generates a cached result

func (*Cache) Set 

func (c *Cache) Set(key string, result *SecurityResult)

Set stores a security result in the cache

func (*Cache) Size 

func (c *Cache) Size() int

Size returns the current number of cached entries

func (*Cache) StartCleanup 

func (c *Cache) StartCleanup()

StartCleanup starts the periodic cache cleanup routine

type CacheEntry 

type CacheEntry struct {
	Result  *SecurityResult
	Created time.Time
}

CacheEntry represents a cached security analysis result

type CommandArgument 

type CommandArgument struct {
	Value           string       `json:"value"`
	Type            ArgumentType `json:"type"`
	EntropyScore    float64      `json:"entropy_score"`
	ContainsSecrets bool         `json:"contains_secrets"`
	IsVariable      bool         `json:"is_variable"`
	TrustScore      float64      `json:"trust_score"`
}

CommandArgument represents a command argument with analysis

type ContainsMatcher 

type ContainsMatcher struct {
	// contains filtered or unexported fields
}

ContainsMatcher matches substrings with intelligent home directory expansion

func NewContainsMatcher 

func NewContainsMatcher(pattern string) *ContainsMatcher

func (*ContainsMatcher) Match 

func (m *ContainsMatcher) Match(content string) bool

func (*ContainsMatcher) String 

func (m *ContainsMatcher) String() string

type DenyListChecker 

type DenyListChecker struct {
	// contains filtered or unexported fields
}

DenyListChecker enforces file and domain access controls

func (*DenyListChecker) GetDenyLists 

func (d *DenyListChecker) GetDenyLists() (files, domains []string)

GetDenyLists returns current deny list patterns

func (*DenyListChecker) IsDomainBlocked 

func (d *DenyListChecker) IsDomainBlocked(domain string) bool

IsDomainBlocked checks if a domain is blocked by deny rules

func (*DenyListChecker) IsFileBlocked 

func (d *DenyListChecker) IsFileBlocked(filePath string) bool

IsFileBlocked checks if a file path is blocked by deny rules

func (*DenyListChecker) UpdateDenyLists 

func (d *DenyListChecker) UpdateDenyLists(files, domains []string) error

UpdateDenyLists updates the deny lists with new patterns

type Destination 

type Destination struct {
	URL             string              `json:"url"`
	Host            string              `json:"host"`
	IPAddress       string              `json:"ip_address,omitempty"`
	ReputationScore float64             `json:"reputation_score"`
	Category        DestinationCategory `json:"category"`
}

Destination represents a command's target destination

type DestinationCategory 

type DestinationCategory string

DestinationCategory enum for destination trust levels 

const (
	DestinationOfficial   DestinationCategory = "official"
	DestinationCDN        DestinationCategory = "cdn"
	DestinationCommunity  DestinationCategory = "community"
	DestinationUnknown    DestinationCategory = "unknown"
	DestinationSuspicious DestinationCategory = "suspicious"
)

type EntropyMatcher 

type EntropyMatcher struct {
	// contains filtered or unexported fields
}

EntropyMatcher matches content based on entropy

func NewEntropyMatcher 

func NewEntropyMatcher(threshold float64) *EntropyMatcher

func NewEntropyMatcherWithMaxSize 

func NewEntropyMatcherWithMaxSize(threshold float64, maxSize int) *EntropyMatcher

func (*EntropyMatcher) Match 

func (m *EntropyMatcher) Match(content string) bool

func (*EntropyMatcher) String 

func (m *EntropyMatcher) String() string

type FilePathMatcher 

type FilePathMatcher struct {
	// contains filtered or unexported fields
}

FilePathMatcher matches file paths with expansion

func NewFilePathMatcher 

func NewFilePathMatcher(pattern string) *FilePathMatcher

func (*FilePathMatcher) Match 

func (m *FilePathMatcher) Match(content string) bool

func (*FilePathMatcher) String 

func (m *FilePathMatcher) String() string

type FileWatcher 

type FileWatcher struct {
}

FileWatcher monitors rule file changes

type GlobMatcher 

type GlobMatcher struct {
	// contains filtered or unexported fields
}

GlobMatcher matches using glob patterns

func NewGlobMatcher 

func NewGlobMatcher(pattern string) *GlobMatcher

func (*GlobMatcher) Match 

func (m *GlobMatcher) Match(content string) bool

func (*GlobMatcher) String 

func (m *GlobMatcher) String() string

type LiteralMatcher 

type LiteralMatcher struct {
	// contains filtered or unexported fields
}

LiteralMatcher matches exact strings

func NewLiteralMatcher 

func NewLiteralMatcher(pattern string) *LiteralMatcher

func (*LiteralMatcher) Match 

func (m *LiteralMatcher) Match(content string) bool

func (*LiteralMatcher) String 

func (m *LiteralMatcher) String() string

type Operations 

type Operations struct {
	// contains filtered or unexported fields
}

Operations provides simplified security-aware operations for tools

func NewOperations 

func NewOperations(toolName string) *Operations

NewOperations creates a new Operations instance for a specific tool

func (*Operations) SafeFileRead 

func (o *Operations) SafeFileRead(path string) (*SafeFileContent, error)

SafeFileRead performs a secure file read with content integrity preservation

func (*Operations) SafeFileWrite 

func (o *Operations) SafeFileWrite(path string, content []byte) error

SafeFileWrite performs a secure file write with access control

func (*Operations) SafeHTTPGet 

func (o *Operations) SafeHTTPGet(ctx context.Context, urlStr string) (*SafeHTTPResponse, error)

SafeHTTPGet performs a secure HTTP GET with content integrity preservation

func (*Operations) SafeHTTPGetWithHeaders added in v0.34.0 

func (o *Operations) SafeHTTPGetWithHeaders(ctx context.Context, urlStr string, headers map[string]string) (*SafeHTTPResponse, error)

SafeHTTPGetWithHeaders performs a secure HTTP GET with custom headers

func (*Operations) SafeHTTPPost 

func (o *Operations) SafeHTTPPost(ctx context.Context, urlStr string, body io.Reader) (*SafeHTTPResponse, error)

SafeHTTPPost performs a secure HTTP POST with content integrity preservation

func (*Operations) SafeHTTPPostWithHeaders added in v0.34.0 

func (o *Operations) SafeHTTPPostWithHeaders(ctx context.Context, urlStr string, body io.Reader, headers map[string]string) (*SafeHTTPResponse, error)

SafeHTTPPostWithHeaders performs a secure HTTP POST with custom headers

type OverrideConfig 

type OverrideConfig struct {
	Version   string                      `yaml:"version"`
	Metadata  OverrideMetadata            `yaml:"metadata"`
	Overrides map[string]SecurityOverride `yaml:"overrides"`
	Allowlist AllowlistPatterns           `yaml:"allowlist_patterns"`
}

OverrideConfig represents the override configuration file

type OverrideManager 

type OverrideManager struct {
	// contains filtered or unexported fields
}

OverrideManager handles security overrides and audit trail

func NewOverrideManager 

func NewOverrideManager(overridesPath, logPath string) (*OverrideManager, error)

NewOverrideManager creates a new override manager

func (*OverrideManager) CleanupOldOverrides 

func (o *OverrideManager) CleanupOldOverrides(maxAge time.Duration) error

CleanupOldOverrides removes overrides older than specified duration

func (*OverrideManager) ExportOverrides 

func (o *OverrideManager) ExportOverrides() ([]byte, error)

ExportOverrides exports overrides to a different format

func (*OverrideManager) FindSecurityLogEntry 

func (o *OverrideManager) FindSecurityLogEntry(securityID string) (*SecurityLogEntry, error)

FindSecurityLogEntry finds a security log entry by ID

func (*OverrideManager) GetOverrideStats 

func (o *OverrideManager) GetOverrideStats() map[string]any

GetOverrideStats returns statistics about overrides

func (*OverrideManager) IsOverridden 

func (o *OverrideManager) IsOverridden(securityID string, pattern string, source string) bool

IsOverridden checks if a security ID or pattern is overridden

func (*OverrideManager) LogSecurityEvent 

func (o *OverrideManager) LogSecurityEvent(securityID, action string, analysis *ThreatAnalysis, source, tool string) error

LogSecurityEvent logs a security event

func (*OverrideManager) SaveOverride 

func (o *OverrideManager) SaveOverride(override SecurityOverride, securityID string) error

SaveOverride saves a new security override

type OverrideMetadata 

type OverrideMetadata struct {
	Description string `yaml:"description"`
	Note        string `yaml:"note"`
}

OverrideMetadata contains override file metadata

type ParsedCommand 

type ParsedCommand struct {
	Raw         string            `json:"raw"`
	Executable  string            `json:"executable"`
	Arguments   []CommandArgument `json:"arguments"`
	Destination *Destination      `json:"destination,omitempty"`
	Pipes       []PipeOperation   `json:"pipes,omitempty"`
}

ParsedCommand represents a detected shell command

type PatternConfig 

type PatternConfig struct {
	// Simple patterns (no escaping needed)
	Literal    string `yaml:"literal,omitempty"`     // Exact match
	Contains   string `yaml:"contains,omitempty"`    // Contains substring
	StartsWith string `yaml:"starts_with,omitempty"` // Prefix match
	EndsWith   string `yaml:"ends_with,omitempty"`   // Suffix match

	// Special semantic patterns
	FilePath string  `yaml:"file_path,omitempty"` // File path patterns
	URL      string  `yaml:"url,omitempty"`       // URL patterns
	Entropy  float64 `yaml:"entropy,omitempty"`   // Entropy threshold

	// Advanced patterns
	Regex string `yaml:"regex,omitempty"` // Raw regex
	Glob  string `yaml:"glob,omitempty"`  // Glob patterns
}

PatternConfig represents different types of pattern matching

type PatternLibrary 

type PatternLibrary struct {
	Patterns map[string]string `yaml:"patterns"`
}

PatternLibrary holds reusable patterns

type PatternMatcher 

type PatternMatcher interface {
	Match(content string) bool
	String() string
}

PatternMatcher interface for different pattern matching strategies

type PipeOperation 

type PipeOperation struct {
	Source      string `json:"source"`
	Target      string `json:"target"`
	IsShell     bool   `json:"is_shell"`
	IsDangerous bool   `json:"is_dangerous"`
}

PipeOperation represents a shell pipe operation

type PrefixMatcher 

type PrefixMatcher struct {
	// contains filtered or unexported fields
}

PrefixMatcher matches string prefixes

func NewPrefixMatcher 

func NewPrefixMatcher(pattern string) *PrefixMatcher

func (*PrefixMatcher) Match 

func (m *PrefixMatcher) Match(content string) bool

func (*PrefixMatcher) String 

func (m *PrefixMatcher) String() string

type RegexMatcher 

type RegexMatcher struct {
	// contains filtered or unexported fields
}

RegexMatcher matches using regular expressions with timeout protection

func NewRegexMatcher 

func NewRegexMatcher(pattern string) (*RegexMatcher, error)

func NewRegexMatcherWithTimeout 

func NewRegexMatcherWithTimeout(pattern string, timeout time.Duration) (*RegexMatcher, error)

func (*RegexMatcher) Match 

func (m *RegexMatcher) Match(content string) bool

func (*RegexMatcher) MatchWithTimeout 

func (m *RegexMatcher) MatchWithTimeout(content string, timeout time.Duration) bool

func (*RegexMatcher) String 

func (m *RegexMatcher) String() string

type Rule 

type Rule struct {
	Description string          `yaml:"description"`
	Patterns    []PatternConfig `yaml:"patterns"`
	Action      string          `yaml:"action"` // "block", "warn_high", "warn", "notify", "ignore"
	Severity    string          `yaml:"severity,omitempty"`
	Exceptions  []string        `yaml:"exceptions,omitempty"`
	Logic       string          `yaml:"logic,omitempty"` // "any" or "all"
	Options     map[string]any  `yaml:"options,omitempty"`
}

Rule represents a security rule with patterns and actions

type RuleInfo 

type RuleInfo struct {
	Name     string
	Rule     Rule
	Priority int
}

RuleInfo holds rule information for priority-based processing

type RuleMetadata 

type RuleMetadata struct {
	Description string `yaml:"description"`
	Created     string `yaml:"created"`
	Note        string `yaml:"note"`
}

RuleMetadata contains rule file metadata

type SafeFileContent 

type SafeFileContent struct {
	Content        []byte          // EXACT file bytes - never modified
	Path           string          // Resolved path
	Info           os.FileInfo     // Original file info
	SecurityResult *SecurityResult // nil if safe, populated if warn
}

SafeFileContent contains file data with security metadata

type SafeHTTPResponse 

type SafeHTTPResponse struct {
	Content        []byte          // EXACT original bytes - never modified
	ContentType    string          // Original content type
	StatusCode     int             // Original status code
	Headers        http.Header     // Original headers
	SecurityResult *SecurityResult // nil if safe, populated if warn
}

SafeHTTPResponse contains HTTP response data with security metadata

type SecurityAdvisor 

type SecurityAdvisor struct {
	// contains filtered or unexported fields
}

SecurityAdvisor provides threat analysis and security advice

func (*SecurityAdvisor) AnalyseContent 

func (a *SecurityAdvisor) AnalyseContent(content string, source SourceContext) (*SecurityResult, error)

AnalyseContent performs Intent-Context-Destination analysis on content

type SecurityConfig 

type SecurityConfig struct {
	Enabled                bool          `json:"enabled"`
	RulesPath              string        `json:"rules_path"`
	LogPath                string        `json:"log_path"`
	AutoReload             bool          `json:"auto_reload"`
	MaxScanSize            int           `json:"max_scan_size"`
	ThreatThreshold        float64       `json:"threat_threshold"`
	EnableDestinationCheck bool          `json:"enable_destination_check"`
	EnableSecretDetection  bool          `json:"enable_secret_detection"`
	CacheEnabled           bool          `json:"cache_enabled"`
	CacheMaxAge            time.Duration `json:"cache_max_age"`
	CacheMaxSize           int           `json:"cache_max_size"`
	EnableNotifications    bool          `json:"enable_notifications"`
	EnableBase64Scanning   bool          `json:"enable_base64_scanning"`
	MaxBase64DecodedSize   int           `json:"max_base64_decoded_size"`
	TrustedDomains         []string      `json:"trusted_domains"`
	SuspiciousDomains      []string      `json:"suspicious_domains"`
	DenyFiles              []string      `json:"deny_files"`
	DenyDomains            []string      `json:"deny_domains"`
}

SecurityConfig holds all security configuration

type SecurityError 

type SecurityError struct {
	ID      string
	Message string
	Action  string
}

SecurityError represents a security-related error

func (*SecurityError) Error 

func (e *SecurityError) Error() string

func (*SecurityError) GetSecurityID 

func (e *SecurityError) GetSecurityID() string

GetSecurityID returns the security ID for override purposes

type SecurityLogEntry 

type SecurityLogEntry struct {
	ID        string          `json:"id"`
	Timestamp string          `json:"timestamp"`
	Tool      string          `json:"tool"`
	Source    string          `json:"source"`
	Type      string          `json:"type"`
	Action    string          `json:"action"`
	Analysis  *ThreatAnalysis `json:"analysis"`
}

SecurityLogEntry represents a logged security event

type SecurityManager 

type SecurityManager struct {
	// contains filtered or unexported fields
}

SecurityManager is the main security coordinator 

var (
	GlobalSecurityManager *SecurityManager
)

Global security manager instance

func NewSecurityManager 

func NewSecurityManager() (*SecurityManager, error)

func NewSecurityManagerWithRules 

func NewSecurityManagerWithRules(rules *SecurityRules) (*SecurityManager, error)

NewSecurityManager creates a new security manager instance NewSecurityManagerWithRules creates a security manager with provided rules (for testing)

func (*SecurityManager) AnalyseContent 

func (m *SecurityManager) AnalyseContent(content string, source SourceContext) (*SecurityResult, error)

AnalyseContent performs security analysis on content

func (*SecurityManager) AnalyseContentWithContext added in v0.56.0 

func (m *SecurityManager) AnalyseContentWithContext(ctx context.Context, content string, source SourceContext) (*SecurityResult, error)

AnalyseContentWithContext performs security analysis on content with tracing support

func (*SecurityManager) CheckDomainAccess 

func (m *SecurityManager) CheckDomainAccess(domain string) error

CheckDomainAccess verifies if domain access is allowed

func (*SecurityManager) CheckFileAccess 

func (m *SecurityManager) CheckFileAccess(filePath string) error

CheckFileAccess verifies if file access is allowed

func (*SecurityManager) GetOverrideManager 

func (m *SecurityManager) GetOverrideManager() *OverrideManager

GetOverrideManager returns the override manager for the security system

func (*SecurityManager) IsEnabled 

func (m *SecurityManager) IsEnabled() bool

IsEnabled returns whether the security system is enabled

type SecurityOverride 

type SecurityOverride struct {
	Type            string    `yaml:"type"`   // "warn", "block", etc.
	Action          string    `yaml:"action"` // "bypass", "allowlist"
	Justification   string    `yaml:"justification"`
	CreatedAt       time.Time `yaml:"created_at"`
	CreatedBy       string    `yaml:"created_by"`
	OriginalPattern string    `yaml:"original_pattern"`
	OriginalSource  string    `yaml:"original_source"`
}

SecurityOverride represents a security override decision

type SecurityResult 

type SecurityResult struct {
	Safe      bool            `json:"safe"`
	Action    string          `json:"action"` // "allow", "warn", "block"
	Message   string          `json:"message"`
	ID        string          `json:"id"`
	Analysis  *ThreatAnalysis `json:"analysis,omitempty"`
	Timestamp time.Time       `json:"timestamp"`
}

SecurityResult contains the outcome of security analysis

func AnalyseContent 

func AnalyseContent(content string, source SourceContext) (*SecurityResult, error)

AnalyseContent analyses content via global manager

type SecurityRules 

type SecurityRules struct {
	Version        string          `yaml:"version"`
	Metadata       RuleMetadata    `yaml:"metadata"`
	Settings       Settings        `yaml:"settings"`
	TrustedDomains []string        `yaml:"trusted_domains"`
	AccessControl  AccessControl   `yaml:"access_control"`
	Rules          map[string]Rule `yaml:"rules"`
	AdvancedRules  map[string]Rule `yaml:"advanced_rules,omitempty"`
}

SecurityRules represents the complete YAML rule configuration

func ValidateSecurityConfig 

func ValidateSecurityConfig(configData []byte) (*SecurityRules, error)

ValidateSecurityConfig validates a security configuration

type Settings 

type Settings struct {
	Enabled               bool    `yaml:"enabled"`
	DefaultAction         string  `yaml:"default_action"`
	AutoReload            bool    `yaml:"auto_reload"`
	CaseSensitive         bool    `yaml:"case_sensitive"`
	EnableNotifications   bool    `yaml:"enable_notifications"`
	MaxContentSize        int     `yaml:"max_content_size"`        // Maximum content size to scan (KB)
	MaxEntropySize        int     `yaml:"max_entropy_size"`        // Maximum content size for entropy analysis (KB)
	SizeExceededBehaviour string  `yaml:"size_exceeded_behaviour"` // Behaviour when size limits exceeded: "allow", "warn", "block"
	LogPath               string  `yaml:"log_path"`                // Custom log file path
	MaxScanSize           int     `yaml:"max_scan_size"`           // Maximum content size to scan (KB)
	ThreatThreshold       float64 `yaml:"threat_threshold"`        // Threat detection threshold
	CacheEnabled          bool    `yaml:"cache_enabled"`           // Enable security result caching
	CacheMaxAge           string  `yaml:"cache_max_age"`           // Maximum cache age (duration string)
	CacheMaxSize          int     `yaml:"cache_max_size"`          // Maximum cache entries
	EnableBase64Scanning  bool    `yaml:"enable_base64_scanning"`  // Enable base64 content decoding and analysis
	MaxBase64DecodedSize  int     `yaml:"max_base64_decoded_size"` // Maximum size of decoded base64 content (KB)
}

Settings contains global rule settings

type ShellParser 

type ShellParser struct {
}

ShellParser handles shell command parsing

type SourceContext 

type SourceContext struct {
	URL         string `json:"url"`
	Domain      string `json:"domain"`
	ContentType string `json:"content_type"`
	Tool        string `json:"tool"`
}

SourceContext provides context about content source

type SourceTrust 

type SourceTrust struct {
	// contains filtered or unexported fields
}

SourceTrust manages domain trust scoring and categorisation

func (*SourceTrust) GetTrustScore 

func (s *SourceTrust) GetTrustScore(domain string) float64

GetTrustScore returns a trust score for a domain

type SuffixMatcher 

type SuffixMatcher struct {
	// contains filtered or unexported fields
}

SuffixMatcher matches string suffixes

func NewSuffixMatcher 

func NewSuffixMatcher(pattern string) *SuffixMatcher

func (*SuffixMatcher) Match 

func (m *SuffixMatcher) Match(content string) bool

func (*SuffixMatcher) String 

func (m *SuffixMatcher) String() string

type ThreatAnalyser 

type ThreatAnalyser struct {
	// contains filtered or unexported fields
}

ThreatAnalyser performs Intent-Context-Destination analysis

func (*ThreatAnalyser) AnalyseContent 

func (t *ThreatAnalyser) AnalyseContent(content string, source SourceContext, ruleEngine *YAMLRuleEngine) *ThreatAnalysis

AnalyseContent performs threat analysis on content

type ThreatAnalysis 

type ThreatAnalysis struct {
	Commands    []ParsedCommand `json:"commands"`
	SourceTrust float64         `json:"source_trust"`
	RiskScore   float64         `json:"risk_score"`
	Context     string          `json:"context"`
	RiskFactors []string        `json:"risk_factors"`
}

ThreatAnalysis contains detailed threat assessment

type URLMatcher 

type URLMatcher struct {
	// contains filtered or unexported fields
}

URLMatcher matches URLs

func NewURLMatcher 

func NewURLMatcher(pattern string) *URLMatcher

func (*URLMatcher) Match 

func (m *URLMatcher) Match(content string) bool

func (*URLMatcher) String 

func (m *URLMatcher) String() string

type YAMLRuleEngine 

type YAMLRuleEngine struct {
	// contains filtered or unexported fields
}

YAMLRuleEngine manages YAML-based security rules

func NewYAMLRuleEngine 

func NewYAMLRuleEngine(rulesPath string) (*YAMLRuleEngine, error)

NewYAMLRuleEngine creates a new YAML rule engine

func (*YAMLRuleEngine) EvaluateContent 

func (r *YAMLRuleEngine) EvaluateContent(content string, source SourceContext) (*SecurityResult, error)

EvaluateContent evaluates content against all rules

func (*YAMLRuleEngine) EvaluateContentWithConfig 

func (r *YAMLRuleEngine) EvaluateContentWithConfig(content string, source SourceContext, config *SecurityConfig) (*SecurityResult, error)

EvaluateContentWithConfig evaluates content against all rules with optional config for base64 processing

func (*YAMLRuleEngine) LoadRules 

func (r *YAMLRuleEngine) LoadRules() error

LoadRules loads rules from the YAML file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.