util

package
v1.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. More about the os-release: https://www.linux.org/docs/man5/os-release.html

Index

Constants

This section is empty.

Variables

View Source 
var Path = "/etc/os-release"

Path contains the default path to the os-release file

Functions

func CheckDirtyFragMitigation added in v1.16.0 

func CheckDirtyFragMitigation() (bool, []string)

CheckDirtyFragMitigation checks if the dirtyfrag mitigation file exists at /etc/modprobe.d/dirtyfrag.conf and contains the expected content.

func CheckEscalationConditions added in v1.16.0 

func CheckEscalationConditions() (bool, string, []string)

CheckEscalationConditions verifies Phase 2 conditions for privilege escalation. Returns (escalationPossible, targetBinary, details).

func DateConversion 

func DateConversion(data string) (string, error)

DateConversion takes a date string input and converts it to RFC3339 format. It attempts to parse the input date string using multiple common date formats and returns the formatted date as a string.

Parameters:

  • data: A string representing a date in any common format

Returns:

  • string: The date formatted in RFC3339 format (2006-01-02T15:04:05Z07:00)
  • error: An error if the date parsing fails, nil otherwise

func GetHostname 

func GetHostname() (string, error)

GetHostname returns the system hostname by executing the hostname command. It uses the /usr/bin/hostname command to obtain the hostname and returns it as a string. Returns an error if the hostname command execution fails.

func GetKernelVersion added in v1.16.0 

func GetKernelVersion() string

GetKernelVersion returns the running kernel version string from uname.

func GetMachineId 

func GetMachineId() (string, error)

GetMachineId retrieves the unique machine identifier from the '/etc/machine-id' file. This identifier is typically used to distinguish the host machine in a network.

Returns:

  • string: The machine ID as a trimmed string
  • error: An error if reading the machine-id file fails

func NeedsRestarting added in v1.5.0 

func NeedsRestarting() (bool, string)

NeedsRestarting checks if the system needs to be restarted by executing the '/usr/bin/needs-restarting' command. This command is typically available on Red Hat-based systems to determine if any running processes are using files that have been updated/deleted.

Returns:

  • bool: true if system needs restarting, false otherwise
  • string: the complete output message from needs-restarting command

The function parses the command output looking for the specific phrase "Reboot should not be necessary". If this phrase is found, it indicates no restart is needed.

func PackageBinary 

func PackageBinary() string

PackageBinary determines and verifies the appropriate package manager binary (yum or dnf) based on the Linux distribution version. It reads /etc/os-release to check if the system is running RHEL/CentOS 8 or 9, in which case it selects 'dnf' instead of the default 'yum'.

The function also verifies if the selected package manager is installed in the system. If the binary is not found, it exits with an error message.

Returns:

  • string: The name of the package manager binary ("yum" or "dnf")

The function will exit with status code 1 if the required package manager is not installed.

func ParseOSRelease added in v1.2.0 

func ParseOSRelease() error

ParseOSRelease parses the os-release file pointing to by Path. The fields are saved into the Release global variable.

func SetAuthentication added in v1.7.0 

func SetAuthentication(request *resty.Request)

SetAuthentication configures authentication for an API request. It prioritizes API key authentication over basic authentication. If an API key is configured in the server.api_key setting, it sets the X-API-Key header. Otherwise, if username and password are configured, it uses basic authentication.

Parameters:

  • request: A resty.Request instance to configure with authentication headers

func SplitPackageName 

func SplitPackageName(packageName string) (name, version, release, epoch, arch string)

SplitPackageName splits a RPM package name into its components. It takes a package name string as input and returns the following components:

  • name: The name of the package
  • version: The version number
  • release: The release number
  • epoch: The epoch number (empty string if not present)
  • arch: The architecture

The function expects package names in the following format: [name]-[version]-[release].[arch].rpm or [name]-[epoch]:[version]-[release].[arch].rpm

The .rpm suffix is optional and will be trimmed if present. If epoch is not present in the package name, an empty string is returned for that component.

Types

type CopyFailResult added in v1.15.0 

type CopyFailResult struct {
	Vulnerable          bool   // true if kernel page cache write bug exists (Phase 1)
	EscalationConfirmed bool   // true if all privilege escalation conditions are met (Phase 2)
	Description         string // human-readable summary of findings
	Details             string // step-by-step test results
	SetuidTarget        string // which setuid binary was tested (if any)
}

CopyFailResult represents the result of CVE-2026-31431 (Copy Fail) detection.

func CheckCopyFail added in v1.15.0 

func CheckCopyFail() CopyFailResult

CheckCopyFail performs a safe, non-destructive test for CVE-2026-31431.

Phase 1: Tests if the kernel allows a controlled page cache write by exercising the AF_ALG + authencesn + splice chain against a temporary file.

Phase 2 (only if Phase 1 succeeds): Verifies that privilege escalation conditions are met (setuid-root binaries exist, readable, and splice-able) without writing to any system file.

type DirtyFragResult added in v1.16.0 

type DirtyFragResult struct {
	Vulnerable  bool   // true if system is likely vulnerable
	Description string // human-readable summary
}

DirtyFragResult represents the result of Dirty Frag vulnerability detection.

func CheckDirtyFrag added in v1.16.0 

func CheckDirtyFrag() DirtyFragResult

CheckDirtyFrag performs a non-destructive detection of the Dirty Frag vulnerability.

Dirty Frag exploits a bug in the Linux XFRM ESP-in-UDP subsystem that allows writing arbitrary data into the kernel page cache of read-only files via the seq_hi field of ESP Extended Sequence Number (ESN) processing.

Detection is based on pre-conditions:

  1. XFRM/ESP modules (esp4, esp6, rxrpc) must be loaded or loadable
  2. Kernel must not contain the fix commit f4c50a4034e6
  3. Mitigation file /etc/modprobe.d/dirtyfrag.conf must not be present

type FragnesiaResult added in v1.16.0 

type FragnesiaResult struct {
	Vulnerable  bool   // true if system is likely vulnerable
	Description string // human-readable summary
}

FragnesiaResult represents the result of Fragnesia vulnerability detection.

func CheckFragnesia added in v1.16.0 

func CheckFragnesia() FragnesiaResult

CheckFragnesia performs a non-destructive detection of the Fragnesia vulnerability.

Fragnesia exploits a logic bug in the Linux XFRM ESP-in-TCP subsystem where skb_try_coalesce() loses the SKBFL_SHARED_FRAG marker when transferring paged frags. This allows ESP to decrypt in-place over page-cache-backed frags, enabling arbitrary byte writes via AES-GCM keystream XOR.

The fix is the patch "net: skbuff: preserve shared-frag marker during coalescing" submitted 2026-05-13 to netdev.

Detection is based on pre-conditions:

  1. XFRM/ESP modules (esp4, esp6, rxrpc) must be loaded or loadable
  2. Kernel must not contain the coalescing fix
  3. Mitigation file /etc/modprobe.d/dirtyfrag.conf must not be present (same mitigation as Dirty Frag — rmmod esp4 esp6 rxrpc)

type OSRelease added in v1.2.0 

type OSRelease struct {
	Name             string
	Version          string
	ID               string
	IDLike           string
	PrettyName       string
	VersionID        string
	HomeURL          string
	DocumentationURL string
	SupportURL       string
	BugReportURL     string
	PrivacyPolicyURL string
	VersionCodename  string
	UbuntuCodename   string
	ANSIColor        string
	CPEName          string
	BuildID          string
	Variant          string
	VariantID        string
}
var Release OSRelease

type XFRMModuleStatus added in v1.16.0 

type XFRMModuleStatus struct {
	ESP4Loaded  bool
	ESP6Loaded  bool
	RxRPCLoaded bool
	AnyLoaded   bool
}

XFRMModuleStatus holds the result of checking XFRM/ESP kernel modules.

func CheckXFRMModules added in v1.16.0 

func CheckXFRMModules() (XFRMModuleStatus, []string)

CheckXFRMModules checks if the esp4, esp6 and rxrpc kernel modules are loaded. It reads /proc/modules and also checks /sys/module/ for each module.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.