Documentation
¶
Overview ¶
Package entities defines the domain data structures for SCANOSS crypto-finder.
Index ¶
Constants ¶
const InterimFormatVersion = "1.1"
InterimFormatVersion is the current version of the interim report schema.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CryptographicAsset ¶
type CryptographicAsset struct {
// MatchType indicates the detection method used
// Values: "semgrep", "cbom_toolkit", "keyword_search"
MatchType string `json:"match_type"`
// StartLine is the first line number where the asset was detected
StartLine int `json:"start_line"`
// EndLine is the last line number where the asset was detected
EndLine int `json:"end_line"`
// Match is the actual code snippet that was matched
Match string `json:"match"`
// Rules contains information about all detection rules that triggered this finding
// This allows multiple rules to detect the same cryptographic asset
Rules []RuleInfo `json:"rules"`
// Status represents the current state of this finding
// Values: "pending", "identified", "dismissed", "reviewed"
Status string `json:"status"`
// Metadata contains metadata extracted from the cryptographic asset
// such as key length, algorithm, etc.
Metadata map[string]string `json:"metadata"`
// OID is the Object Identifier for the cryptographic algorithm.
// Sources: NIST CSOR, PKCS#1, ANSI X9.62, etc.
// Example: "2.16.840.1.101.3.4.1.2" for AES-128-CBC
OID string `json:"oid,omitempty"`
}
CryptographicAsset represents a single detected cryptographic element.
func (*CryptographicAsset) GetKey ¶ added in v0.2.0
func (c *CryptographicAsset) GetKey() string
GetKey generates a unique key for deduplication based on asset type and identifying metadata. Assets with the same key are considered the same cryptographic entity and will be merged. The key is constructed using asset-type-specific identifying fields:
- algorithm: algorithmName if available, otherwise algorithmFamily + mode + padding, otherwise algorithmFamily
- related-crypto-material: materialType
- protocol: protocolType
- certificate: certificateSerialNumber (or location-based fallback when missing)
This method provides a single source of truth for asset identity across the codebase, used by both the deduplicator (per-file) and aggregator (cross-file).
func (*CryptographicAsset) UnmarshalJSON ¶ added in v0.1.5
func (c *CryptographicAsset) UnmarshalJSON(data []byte) error
UnmarshalJSON provides backward compatibility for the old "rule" field format. It handles both:
- Old format: {"rule": {...}} -> converted to {"rules": [{...}]}
- New format: {"rules": [{...}, {...}]}.
type Finding ¶
type Finding struct {
// FilePath is the path to the file containing cryptographic assets
FilePath string `json:"file_path"`
// Language is the programming language of the file (e.g., "java", "python", "go")
Language string `json:"language"`
// CryptographicAssets contains all cryptographic materials found in this file
CryptographicAssets []CryptographicAsset `json:"cryptographic_assets"`
}
Finding represents all cryptographic assets discovered in a single file. Each file that contains cryptographic material will have one Finding entry.
type InterimReport ¶
type InterimReport struct {
// Version of the interim report schema (e.g., "1.0")
Version string `json:"version"`
// Tool contains information about the scanner that generated this report
Tool ToolInfo `json:"tool"`
// Findings contains all detected cryptographic assets grouped by file
Findings []Finding `json:"findings"`
}
InterimReport is the standardized output format for all scanners. This format provides a unified representation of cryptographic findings that can be consumed by the SCANOSS ecosystem and other downstream tools.
func (*InterimReport) SortAssets ¶ added in v0.2.1
func (r *InterimReport) SortAssets()
SortAssets sorts CryptographicAssets within each Finding by StartLine. This ensures assets within the same file appear in line order.
func (*InterimReport) SortFindings ¶ added in v0.2.1
func (r *InterimReport) SortFindings()
SortFindings sorts the Findings array by FilePath (lexicographically). This ensures deterministic output regardless of scan order.
type MetavarInfo ¶
type MetavarInfo struct {
Start struct {
Line int `json:"line"`
Col int `json:"col"`
Offset int `json:"offset"`
} `json:"start"`
End struct {
Line int `json:"line"`
Col int `json:"col"`
Offset int `json:"offset"`
} `json:"end"`
AbstractContent string `json:"abstract_content"`
PropagatedValue *MetavarPropagatedValue `json:"propagated_value"`
}
MetavarInfo holds information about a captured metavariables.
type MetavarPropagatedValue ¶
type MetavarPropagatedValue struct {
SvalueStart struct {
Line int `json:"line"`
Col int `json:"col"`
Offset int `json:"offset"`
} `json:"svalue_start"`
SvalueEnd struct {
Line int `json:"line"`
Col int `json:"col"`
Offset int `json:"offset"`
} `json:"svalue_end"`
SvalueAbstractContent string `json:"svalue_abstract_content"`
}
MetavarPropagatedValue contains propagated values for metavariables.
type RuleInfo ¶
type RuleInfo struct {
// ID is the unique identifier for the rule
// Example: "<language>.crypto.<library>.<operation>-<specifics>"
ID string `json:"id"`
// Message is a human-readable description of what was detected
Message string `json:"message"`
// Severity indicates the importance level of the finding
// Values: "WARNING", "ERROR", "INFO"
Severity string `json:"severity"`
// Version is the ruleset version when known (e.g., "latest", "v1.0.1")
Version string `json:"version,omitempty"`
}
RuleInfo contains information about the detection rule that identified the cryptographic asset.
type SemgrepError ¶
type SemgrepError struct {
Code int `json:"code,omitempty"` // Error code
Type any `json:"type"` // Error type (string or [string, locations])
Level string `json:"level"` // Error level
Message string `json:"message"` // Error message
Path string `json:"path"` // File path (if applicable)
Spans []SemgrepErrorSpan `json:"spans,omitempty"` // Error spans
}
SemgrepError represents an error from Semgrep execution.
type SemgrepErrorSpan ¶
type SemgrepErrorSpan struct {
File string `json:"file"`
Start SemgrepLocation `json:"start"`
End SemgrepLocation `json:"end"`
}
SemgrepErrorSpan represents a location span in a Semgrep error.
type SemgrepExtra ¶
type SemgrepExtra struct {
Message string `json:"message"` // Human-readable message
Metadata SemgrepMetadata `json:"metadata"` // Rule metadata
Metavars map[string]MetavarInfo `json:"metavars"` // Metavariables
Severity string `json:"severity"` // Severity level
Lines string `json:"lines"` // Matched code snippet
}
SemgrepExtra contains additional metadata from Semgrep rules.
type SemgrepLocation ¶
type SemgrepLocation struct {
Line int `json:"line"` // Line number (1-indexed)
Col int `json:"col"` // Column number (1-indexed)
Offset int `json:"offset"` // Byte offset
}
SemgrepLocation represents a position in the source code.
type SemgrepMetadata ¶
type SemgrepMetadata struct {
Category string `json:"category,omitempty"`
Subcategory string `json:"subcategory,omitempty"`
Confidence string `json:"confidence,omitempty"`
Likelihood string `json:"likelihood,omitempty"`
Impact string `json:"impact,omitempty"`
CWE any `json:"cwe,omitempty"`
Crypto map[string]any `json:"crypto,omitempty"`
Owasp []string `json:"owasp,omitempty"`
References []string `json:"references,omitempty"`
Recommendation string `json:"recommendation,omitempty"`
}
SemgrepMetadata contains metadata from Semgrep rules.
type SemgrepOutput ¶
type SemgrepOutput struct {
Results []SemgrepResult `json:"results"`
Errors []SemgrepError `json:"errors"`
}
SemgrepOutput represents the JSON output structure from Semgrep.
type SemgrepResult ¶
type SemgrepResult struct {
CheckID string `json:"check_id"` // Rule ID
Path string `json:"path"` // File path
Start SemgrepLocation `json:"start"` // Start location
End SemgrepLocation `json:"end"` // End location
Extra SemgrepExtra `json:"extra"` // Additional metadata
Message string `json:"message"` // Rule message
Severity string `json:"severity"` // WARNING, ERROR, INFO
}
SemgrepResult represents a single finding from Semgrep.
Source Files