output

package
v0.0.0-...-28d9919 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2025 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSVHeaders 

func CSVHeaders() []string

CSVHeaders returns the CSV column headers.

func ParseFailOn 

func ParseFailOn(value string) []string

ParseFailOn parses the comma-separated --fail-on flag value into a slice of severities. Empty strings and whitespace are trimmed. Returns empty slice for empty input.

func ValidateSeverities 

func ValidateSeverities(severities []string) error

ValidateSeverities checks that all provided severities are valid. Valid severities are: critical, high, medium, low, info (case-insensitive). Returns InvalidSeverityError for the first invalid severity encountered.

Types

type CSVFormatter 

type CSVFormatter struct {
	// contains filtered or unexported fields
}

CSVFormatter formats enriched detections as CSV.

func NewCSVFormatter 

func NewCSVFormatter(opts *OutputOptions) *CSVFormatter

NewCSVFormatter creates a CSV formatter.

func NewCSVFormatterWithWriter 

func NewCSVFormatterWithWriter(w io.Writer, opts *OutputOptions) *CSVFormatter

NewCSVFormatterWithWriter creates a formatter with custom writer (for testing).

func (*CSVFormatter) Format 

func (f *CSVFormatter) Format(detections []*dsl.EnrichedDetection) error

Format outputs all detections as CSV.

type Enricher 

type Enricher struct {
	// contains filtered or unexported fields
}

Enricher adds context and metadata to detections.

func NewEnricher 

func NewEnricher(cg *core.CallGraph, opts *OutputOptions) *Enricher

NewEnricher creates an enricher with the given callgraph and options.

func (*Enricher) EnrichAll 

func (e *Enricher) EnrichAll(detections []dsl.DataflowDetection, rule dsl.RuleIR) ([]*dsl.EnrichedDetection, error)

EnrichAll enriches multiple detections.

func (*Enricher) EnrichDetection 

func (e *Enricher) EnrichDetection(detection dsl.DataflowDetection, rule dsl.RuleIR) (*dsl.EnrichedDetection, error)

EnrichDetection transforms a raw detection into an enriched detection.

type ExitCode 

type ExitCode int

ExitCode represents the exit code for the CLI. 

const (
	// ExitCodeSuccess indicates successful execution with no findings or no --fail-on match.
	ExitCodeSuccess ExitCode = 0

	// ExitCodeFindings indicates findings match --fail-on severities.
	ExitCodeFindings ExitCode = 1

	// ExitCodeError indicates configuration or execution error.
	ExitCodeError ExitCode = 2
)

func DetermineExitCode 

func DetermineExitCode(detections []*dsl.EnrichedDetection, failOn []string, hadErrors bool) ExitCode

DetermineExitCode calculates the appropriate exit code based on detections, fail-on severities, and whether errors occurred during execution.

Exit code precedence: 1. ExitCodeError (2) - if hadErrors is true. 2. ExitCodeFindings (1) - if any detections match fail-on severities. 3. ExitCodeSuccess (0) - otherwise (no findings or no --fail-on match).

type InvalidSeverityError 

type InvalidSeverityError struct {
	Severity string
	Valid    []string
}

InvalidSeverityError is returned when an invalid severity is provided.

func (*InvalidSeverityError) Error 

func (e *InvalidSeverityError) Error() string

type JSONDetection 

type JSONDetection struct {
	Type            string         `json:"type"`
	Scope           string         `json:"scope,omitempty"`
	ConfidenceScore float64        `json:"confidence_score"` //nolint:tagliatelle
	Source          *JSONTaintNode `json:"source,omitempty"`
	Sink            *JSONTaintNode `json:"sink,omitempty"`
}

JSONDetection contains detection method info.

type JSONFormatter 

type JSONFormatter struct {
	// contains filtered or unexported fields
}

JSONFormatter formats enriched detections as JSON.

func NewJSONFormatter 

func NewJSONFormatter(opts *OutputOptions) *JSONFormatter

NewJSONFormatter creates a JSON formatter.

func NewJSONFormatterWithWriter 

func NewJSONFormatterWithWriter(w io.Writer, opts *OutputOptions) *JSONFormatter

NewJSONFormatterWithWriter creates a formatter with custom writer (for testing).

func (*JSONFormatter) Format 

func (f *JSONFormatter) Format(detections []*dsl.EnrichedDetection, summary *Summary, scanInfo ScanInfo) error

Format outputs all detections as JSON.

type JSONLocation 

type JSONLocation struct {
	File     string       `json:"file"`
	Line     int          `json:"line"`
	Column   int          `json:"column,omitempty"`
	Function string       `json:"function,omitempty"`
	Snippet  *JSONSnippet `json:"snippet,omitempty"`
}

JSONLocation contains finding location.

type JSONMetadata 

type JSONMetadata struct {
	CWE        []string `json:"cwe,omitempty"`
	OWASP      []string `json:"owasp,omitempty"`
	References []string `json:"references,omitempty"`
}

JSONMetadata contains rule metadata.

type JSONOutput 

type JSONOutput struct {
	Tool    JSONTool     `json:"tool"`
	Scan    JSONScan     `json:"scan"`
	Results []JSONResult `json:"results"`
	Summary JSONSummary  `json:"summary"`
	Errors  []string     `json:"errors,omitempty"`
}

JSONOutput represents the complete JSON output structure.

type JSONResult 

type JSONResult struct {
	RuleID     string        `json:"rule_id"`   //nolint:tagliatelle
	RuleName   string        `json:"rule_name"` //nolint:tagliatelle
	Message    string        `json:"message"`
	Severity   string        `json:"severity"`
	Confidence string        `json:"confidence"`
	Location   JSONLocation  `json:"location"`
	Detection  JSONDetection `json:"detection"`
	Metadata   JSONMetadata  `json:"metadata"`
}

JSONResult represents a single finding.

type JSONScan 

type JSONScan struct {
	Target        string  `json:"target"`
	Timestamp     string  `json:"timestamp"`
	Duration      float64 `json:"duration"`
	RulesExecuted int     `json:"rules_executed"` //nolint:tagliatelle
}

JSONScan contains scan metadata.

type JSONSnippet 

type JSONSnippet struct {
	StartLine int      `json:"start_line"` //nolint:tagliatelle
	EndLine   int      `json:"end_line"`   //nolint:tagliatelle
	Lines     []string `json:"lines"`
}

JSONSnippet contains code context.

type JSONSummary 

type JSONSummary struct {
	Total           int            `json:"total"`
	BySeverity      map[string]int `json:"by_severity"`       //nolint:tagliatelle
	ByDetectionType map[string]int `json:"by_detection_type"` //nolint:tagliatelle
}

JSONSummary contains aggregated statistics.

type JSONTaintNode 

type JSONTaintNode struct {
	Line     int    `json:"line"`
	Variable string `json:"variable,omitempty"`
	Call     string `json:"call,omitempty"`
}

JSONTaintNode represents source or sink in taint flow.

type JSONTool 

type JSONTool struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	URL     string `json:"url"`
}

JSONTool contains tool metadata.

type Logger 

type Logger struct {
	// contains filtered or unexported fields
}

Logger provides structured logging with verbosity control.

func NewLogger 

func NewLogger(verbosity VerbosityLevel) *Logger

NewLogger creates a logger with the specified verbosity. Output goes to stderr to keep stdout clean for results.

func NewLoggerWithWriter 

func NewLoggerWithWriter(verbosity VerbosityLevel, w io.Writer) *Logger

NewLoggerWithWriter creates a logger with custom output writer. Primarily used for testing.

func (*Logger) Debug 

func (l *Logger) Debug(format string, args ...interface{})

Debug logs debug diagnostics (shown only in debug mode). Includes elapsed time prefix for performance analysis.

func (*Logger) Error 

func (l *Logger) Error(format string, args ...interface{})

Error logs errors (always shown).

func (*Logger) GetAllTimings 

func (l *Logger) GetAllTimings() map[string]time.Duration

GetAllTimings returns all recorded timings.

func (*Logger) GetTiming 

func (l *Logger) GetTiming(name string) time.Duration

GetTiming returns the duration for a named operation.

func (*Logger) IsDebug 

func (l *Logger) IsDebug() bool

IsDebug returns true if debug mode is enabled.

func (*Logger) IsVerbose 

func (l *Logger) IsVerbose() bool

IsVerbose returns true if verbose or debug mode is enabled.

func (*Logger) PrintTimingSummary 

func (l *Logger) PrintTimingSummary()

PrintTimingSummary prints all timings (verbose mode only).

func (*Logger) Progress 

func (l *Logger) Progress(format string, args ...interface{})

Progress logs progress messages (shown in verbose and debug modes). Use for high-level progress like "Building code graph...".

func (*Logger) StartTiming 

func (l *Logger) StartTiming(name string) func()

StartTiming begins timing a named operation.

func (*Logger) Statistic 

func (l *Logger) Statistic(format string, args ...interface{})

Statistic logs statistics (shown in verbose and debug modes). Use for counts and metrics like "Code graph built: 1234 nodes".

func (*Logger) Verbosity 

func (l *Logger) Verbosity() VerbosityLevel

Verbosity returns the current verbosity level.

func (*Logger) Warning 

func (l *Logger) Warning(format string, args ...interface{})

Warning logs warnings (always shown).

type OutputFormat 

type OutputFormat string

OutputFormat specifies the output format. 

const (
	FormatText  OutputFormat = "text"
	FormatJSON  OutputFormat = "json"
	FormatCSV   OutputFormat = "csv"
	FormatSARIF OutputFormat = "sarif"
)

type OutputOptions 

type OutputOptions struct {
	Verbosity    VerbosityLevel
	Format       OutputFormat
	FailOn       []string // Severities to fail on (empty = never fail)
	ProjectRoot  string   // Project root for relative paths
	ContextLines int      // Lines of context around findings (default 3)
}

OutputOptions configures output behavior.

func NewDefaultOptions 

func NewDefaultOptions() *OutputOptions

NewDefaultOptions returns options with sensible defaults.

func (*OutputOptions) ShouldShowDebug 

func (o *OutputOptions) ShouldShowDebug() bool

ShouldShowDebug returns true if debug output should be displayed.

func (*OutputOptions) ShouldShowStatistics 

func (o *OutputOptions) ShouldShowStatistics() bool

ShouldShowStatistics returns true if statistics should be displayed.

type SARIFFormatter 

type SARIFFormatter struct {
	// contains filtered or unexported fields
}

SARIFFormatter formats enriched detections as SARIF 2.1.0.

func NewSARIFFormatter 

func NewSARIFFormatter(opts *OutputOptions) *SARIFFormatter

NewSARIFFormatter creates a SARIF formatter.

func NewSARIFFormatterWithWriter 

func NewSARIFFormatterWithWriter(w io.Writer, opts *OutputOptions) *SARIFFormatter

NewSARIFFormatterWithWriter creates a formatter with custom writer (for testing).

func (*SARIFFormatter) Format 

func (f *SARIFFormatter) Format(detections []*dsl.EnrichedDetection, scanInfo ScanInfo) error

Format outputs all detections as SARIF.

type ScanInfo 

type ScanInfo struct {
	Target        string
	Duration      time.Duration
	RulesExecuted int
	Errors        []string
}

ScanInfo contains metadata about the scan.

type Summary 

type Summary struct {
	TotalFindings   int
	RulesExecuted   int
	BySeverity      map[string]int
	ByDetectionType map[string]int
	FilesScanned    int
	Duration        string
}

Summary holds aggregated statistics.

func BuildSummary 

func BuildSummary(detections []*dsl.EnrichedDetection, rulesExecuted int) *Summary

BuildSummary creates summary from detections.

type TextFormatter 

type TextFormatter struct {
	// contains filtered or unexported fields
}

TextFormatter formats enriched detections as human-readable text.

func NewTextFormatter 

func NewTextFormatter(opts *OutputOptions, logger *Logger) *TextFormatter

NewTextFormatter creates a text formatter.

func NewTextFormatterWithWriter 

func NewTextFormatterWithWriter(w io.Writer, opts *OutputOptions, logger *Logger) *TextFormatter

NewTextFormatterWithWriter creates a formatter with custom writer (for testing).

func (*TextFormatter) Format 

func (f *TextFormatter) Format(detections []*dsl.EnrichedDetection, summary *Summary) error

Format outputs all detections as formatted text.

type VerbosityLevel 

type VerbosityLevel int

VerbosityLevel controls output detail. 

const (
	// VerbosityDefault shows clean results only (no progress, no statistics).
	VerbosityDefault VerbosityLevel = iota
	// VerbosityVerbose adds statistics and summary info.
	VerbosityVerbose
	// VerbosityDebug adds timestamps and diagnostic messages.
	VerbosityDebug
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.