secrets

package
v1.7.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
	HexChars    = "1234567890abcdefABCDEF"
)

Variables

View Source 
var (
	SecretsQueryMetadata map[string]string
)

Functions

func AllowRuleMatches added in v1.7.4 

func AllowRuleMatches(s string, allowRules []AllowRule) [][]int

AllowRuleMatches return all the allow rules matches for the secret queries

func CheckEntropyInterval 

func CheckEntropyInterval(entropy Entropy, token string) (isEntropyInInterval bool, entropyLevel float64)

CheckEntropyInterval - verifies if a given token's entropy is within expected bounds

func IsAllowRule added in v1.7.1 

func IsAllowRule(s string, query *RegexQuery, allowRules []AllowRule) bool

IsAllowRule check if string matches any of the allow rules for the secret queries

Types

type AllowRule 

type AllowRule struct {
	Description string `json:"description"`
	RegexStr    string `json:"regex"`
	Regex       *regexp.Regexp
}

func CompileRegex added in v1.7.1 

func CompileRegex(allowRules []AllowRule) ([]AllowRule, error)

CompileRegex compiles the regex allow rules

type Entropy 

type Entropy struct {
	Group int     `json:"group"`
	Min   float64 `json:"min"`
	Max   float64 `json:"max"`
}

type Inspector 

type Inspector struct {
	SecretTracker []SecretTracker
	// contains filtered or unexported fields
}

func NewInspector 

func NewInspector(
	ctx context.Context,
	excludeResults map[string]bool,
	tracker engine.Tracker,
	queryFilter *source.QueryInspectorParameters,
	disableSecretsQuery bool,
	executionTimeout int,
	regexRulesContent string,
	isCustomSecretsRegexes bool,
) (*Inspector, error)

func (*Inspector) GetQueriesLength 

func (c *Inspector) GetQueriesLength() int

func (*Inspector) Inspect 

func (c *Inspector) Inspect(ctx context.Context, basePaths []string,
	files model.FileMetadatas, currentQuery chan<- int64) ([]model.Vulnerability, error)

Inspect inspects the source code for passwords & secrets and returns the list of vulnerabilities

type MultilineResult 

type MultilineResult struct {
	DetectLineGroup int `json:"detectLineGroup"`
}

type RegexQuery 

type RegexQuery struct {
	ID          string          `json:"id"`
	Name        string          `json:"name"`
	Multiline   MultilineResult `json:"multiline"`
	RegexStr    string          `json:"regex"`
	SpecialMask string          `json:"specialMask"`
	Entropies   []Entropy       `json:"entropies"`
	AllowRules  []AllowRule     `json:"allowRules"`
	Regex       *regexp.Regexp
}

type RegexRuleStruct 

type RegexRuleStruct struct {
	Rules      []RegexQuery `json:"rules"`
	AllowRules []AllowRule  `json:"allowRules"`
}

type RuleMatch 

type RuleMatch struct {
	File     string
	RuleName string
	Matches  []string
	Line     int
	Entropy  float64
}

type SecretTracker added in v1.6.3 

type SecretTracker struct {
	ResolvedFilePath string
	Line             int
	OriginalContent  string
	MaskedContent    string
}

SecretTracker is Struct created to keep track of the secrets found in the inspector it used for masking all the secrets in the vulnerability preview in the different report formats

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.