types

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2026 License: MIT Imports: 1 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EventConnect  = "connect"
	EventSendto   = "sendto"
	EventSendmsg  = "sendmsg"
	EventSendmmsg = "sendmmsg"
	EventBind     = "bind"
	EventListen   = "listen"
	EventAccept   = "accept"
	EventExecve   = "execve"
	EventOpenat   = "openat"
	EventRename   = "rename"
	EventPtrace   = "ptrace"
)

Syscall event types.

View Source 
const (
	CategoryC2               = "c2_communication"
	CategoryDataExfil        = "data_exfiltration"
	CategoryCredentialAccess = "credential_access"
	CategoryCodeExecution    = "code_execution"
	CategoryBinaryHijack     = "binary_hijacking"
	CategoryBackdoor         = "backdoor"
	CategoryPersistence      = "persistence"
	CategoryDNSTunnel        = "dns_tunneling"
	CategoryEvasion          = "evasion"
)

Attack categories.

View Source 
const (
	PhaseInstall = "install"
	PhaseImport  = "import"
)

Scan phases.

View Source 
const (
	VerdictClean        = "clean"
	VerdictSuspicious   = "suspicious"
	VerdictInconclusive = "inconclusive"
)

Verdict constants.

View Source 
const (
	EcosystemPyPI = "pypi"
	EcosystemNpm  = "npm"
)

Ecosystem constants.

Variables

This section is empty.

Functions

This section is empty.

Types

type Report 

type Report struct {
	Timestamp      time.Time       `json:"timestamp"`
	Package        string          `json:"package"`
	Version        string          `json:"version,omitempty"`
	Ecosystem      string          `json:"ecosystem"`
	Verdict        string          `json:"verdict"`
	ProbeMethod    string          `json:"probe_method"`
	Summary        *ReportSummary  `json:"summary,omitempty"`
	Events         []SyscallEvent  `json:"events"`
	StaticFindings []StaticFinding `json:"static_findings,omitempty"`
	LostSamples    uint64          `json:"lost_samples,omitempty"`
}

Report is the final scan output.

type ReportSummary added in v0.4.0 

type ReportSummary struct {
	RiskLevel   string   `json:"risk_level"`
	Categories  []string `json:"categories,omitempty"`
	Description string   `json:"description"`
	Remediation string   `json:"remediation,omitempty"`
}

ReportSummary provides a human-readable overview of the scan findings.

type StaticFinding 

type StaticFinding struct {
	File    string `json:"file"`
	Line    int    `json:"line"`
	Rule    string `json:"rule"`
	Snippet string `json:"snippet"`
}

StaticFinding represents a suspicious pattern found by static analysis.

type SyscallEvent 

type SyscallEvent struct {
	Timestamp time.Time `json:"timestamp"`
	Comm      string    `json:"comm"`
	DstAddr   string    `json:"dst_addr,omitempty"`
	Cmdline   string    `json:"cmdline,omitempty"`
	FilePath  string    `json:"file_path,omitempty"`
	OpenFlags string    `json:"open_flags,omitempty"`
	SrcPath   string    `json:"src_path,omitempty"`
	DstPath   string    `json:"dst_path,omitempty"`
	DNSQuery  string    `json:"dns_query,omitempty"`
	Syscall   string    `json:"syscall"`
	Category  string    `json:"category,omitempty"`
	Reason    string    `json:"reason,omitempty"`
	Phase     string    `json:"phase,omitempty"`
	PID       uint32    `json:"pid"`
	Family    uint16    `json:"family,omitempty"`
	DstPort   uint16    `json:"dst_port,omitempty"`
}

SyscallEvent represents a suspicious syscall captured by the probe.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.