entities

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: GPL-2.0, GPL-2.0-only Imports: 0 Imported by: 0

Documentation

Overview

Package entities defines the domain data structures for SCANOSS crypto-finder.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CryptographicAsset 

type CryptographicAsset struct {
	// MatchType indicates the detection method used
	// Values: "semgrep", "cbom_toolkit", "keyword_search"
	MatchType string `json:"match_type"`

	// StartLine is the first line number where the asset was detected
	StartLine int `json:"start_line"`

	// EndLine is the last line number where the asset was detected
	EndLine int `json:"end_line"`

	// Match is the actual code snippet that was matched
	Match string `json:"match"`

	// Rule contains information about the detection rule that triggered this finding
	Rule RuleInfo `json:"rule"`

	// Status represents the current state of this finding
	// Values: "pending", "identified", "dismissed", "reviewed"
	Status string `json:"status"`

	// Metadata contains metadata extracted from the cryptographic asset
	// such as key length, algorithm, etc.
	Metadata map[string]string `json:"metadata"`
}

CryptographicAsset represents a single detected cryptographic element.

type Finding 

type Finding struct {
	// FilePath is the path to the file containing cryptographic assets
	FilePath string `json:"file_path"`

	// Language is the programming language of the file (e.g., "java", "python", "go")
	Language string `json:"language"`

	// CryptographicAssets contains all cryptographic materials found in this file
	CryptographicAssets []CryptographicAsset `json:"cryptographic_assets"`

	// TimestampUTC is the ISO 8601 timestamp when this file was scanned
	TimestampUTC string `json:"timestamp_utc"`
}

Finding represents all cryptographic assets discovered in a single file. Each file that contains cryptographic material will have one Finding entry.

type InterimReport 

type InterimReport struct {
	// Version of the interim report schema (e.g., "1.0")
	Version string `json:"version"`

	// Tool contains information about the scanner that generated this report
	Tool ToolInfo `json:"tool"`

	// Findings contains all detected cryptographic assets grouped by file
	Findings []Finding `json:"findings"`
}

InterimReport is the standardized output format for all scanners. This format provides a unified representation of cryptographic findings that can be consumed by the SCANOSS ecosystem and other downstream tools.

type MetavarInfo 

type MetavarInfo struct {
	Start struct {
		Line   int `json:"line"`
		Col    int `json:"col"`
		Offset int `json:"offset"`
	} `json:"start"`
	End struct {
		Line   int `json:"line"`
		Col    int `json:"col"`
		Offset int `json:"offset"`
	} `json:"end"`
	AbstractContent string                  `json:"abstract_content"`
	PropagatedValue *MetavarPropagatedValue `json:"propagated_value"`
}

MetavarInfo holds information about a captured metavariables.

type MetavarPropagatedValue 

type MetavarPropagatedValue struct {
	SvalueStart struct {
		Line   int `json:"line"`
		Col    int `json:"col"`
		Offset int `json:"offset"`
	} `json:"svalue_start"`
	SvalueEnd struct {
		Line   int `json:"line"`
		Col    int `json:"col"`
		Offset int `json:"offset"`
	} `json:"svalue_end"`
	SvalueAbstractContent string `json:"svalue_abstract_content"`
}

MetavarPropagatedValue contains propagated values for metavariables.

type RuleInfo 

type RuleInfo struct {
	// ID is the unique identifier for the rule
	// Example: "<language>.crypto.<library>.<operation>-<specifics>"
	ID string `json:"id"`

	// Message is a human-readable description of what was detected
	Message string `json:"message"`

	// Severity indicates the importance level of the finding
	// Values: "WARNING", "ERROR", "INFO"
	Severity string `json:"severity"`

	// Version is the ruleset version when known (e.g., "latest", "v1.0.1")
	Version string `json:"version,omitempty"`
}

RuleInfo contains information about the detection rule that identified the cryptographic asset.

type SemgrepError 

type SemgrepError struct {
	Code    int                `json:"code,omitempty"`  // Error code
	Type    any                `json:"type"`            // Error type (string or [string, locations])
	Level   string             `json:"level"`           // Error level
	Message string             `json:"message"`         // Error message
	Path    string             `json:"path"`            // File path (if applicable)
	Spans   []SemgrepErrorSpan `json:"spans,omitempty"` // Error spans
}

SemgrepError represents an error from Semgrep execution.

type SemgrepErrorSpan 

type SemgrepErrorSpan struct {
	File  string          `json:"file"`
	Start SemgrepLocation `json:"start"`
	End   SemgrepLocation `json:"end"`
}

SemgrepErrorSpan represents a location span in a Semgrep error.

type SemgrepExtra 

type SemgrepExtra struct {
	Message  string                 `json:"message"`  // Human-readable message
	Metadata SemgrepMetadata        `json:"metadata"` // Rule metadata
	Metavars map[string]MetavarInfo `json:"metavars"` // Metavariables
	Severity string                 `json:"severity"` // Severity level
	Lines    string                 `json:"lines"`    // Matched code snippet
}

SemgrepExtra contains additional metadata from Semgrep rules.

type SemgrepLocation 

type SemgrepLocation struct {
	Line   int `json:"line"`   // Line number (1-indexed)
	Col    int `json:"col"`    // Column number (1-indexed)
	Offset int `json:"offset"` // Byte offset
}

SemgrepLocation represents a position in the source code.

type SemgrepMetadata 

type SemgrepMetadata struct {
	Category       string         `json:"category,omitempty"`
	Subcategory    string         `json:"subcategory,omitempty"`
	Confidence     string         `json:"confidence,omitempty"`
	Likelihood     string         `json:"likelihood,omitempty"`
	Impact         string         `json:"impact,omitempty"`
	CWE            any            `json:"cwe,omitempty"`
	Crypto         map[string]any `json:"crypto,omitempty"`
	Owasp          []string       `json:"owasp,omitempty"`
	References     []string       `json:"references,omitempty"`
	Recommendation string         `json:"recommendation,omitempty"`
}

SemgrepMetadata contains metadata from Semgrep rules.

type SemgrepOutput 

type SemgrepOutput struct {
	Results []SemgrepResult `json:"results"`
	Errors  []SemgrepError  `json:"errors"`
}

SemgrepOutput represents the JSON output structure from Semgrep.

type SemgrepResult 

type SemgrepResult struct {
	CheckID  string          `json:"check_id"` // Rule ID
	Path     string          `json:"path"`     // File path
	Start    SemgrepLocation `json:"start"`    // Start location
	End      SemgrepLocation `json:"end"`      // End location
	Extra    SemgrepExtra    `json:"extra"`    // Additional metadata
	Message  string          `json:"message"`  // Rule message
	Severity string          `json:"severity"` // WARNING, ERROR, INFO
}

SemgrepResult represents a single finding from Semgrep.

type ToolInfo 

type ToolInfo struct {
	// Name of the scanner tool (e.g., "crypto-finder", "cbom-toolkit", etc)
	Name string `json:"name"`

	// Version of the scanner tool (e.g., "1.45.0")
	Version string `json:"version"`
}

ToolInfo contains metadata about the scanner that produced the report.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.