Documentation
¶
Overview ¶
Package security provides secret redaction and file hashing for skeptic.
Index ¶
- func CheckWorldWritableArtifacts(paths []string) []string
- func IsLikelyHash(value string) bool
- func NormalizeSHA256(raw string) (string, error)
- func ParseEd25519PrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
- func ParseEd25519PublicKeyPEM(data []byte) (ed25519.PublicKey, error)
- func RedactSensitiveText(input string) string
- func SHA256FileHex(path string) (string, error)
- func SanitizeMatch(value string, redactSecrets bool) string
- func VerifySelfIntegrity(binaryPath, expectedHash string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckWorldWritableArtifacts ¶
CheckWorldWritableArtifacts scans paths for world-writable sensitive files. Returns paths that are world-writable.
func IsLikelyHash ¶
IsLikelyHash reports whether value is exactly 40 or 64 characters of hexadecimal, matching common SHA-1 and SHA-256 digest lengths so they are not redacted as opaque secrets.
func NormalizeSHA256 ¶
NormalizeSHA256 trims whitespace, strips an optional "sha256:" prefix, and validates that raw is 64 lowercase hexadecimal characters, returning the normalized form.
func ParseEd25519PrivateKeyPEM ¶
func ParseEd25519PrivateKeyPEM(data []byte) (ed25519.PrivateKey, error)
ParseEd25519PrivateKeyPEM extracts an Ed25519 private key from PKCS8 PEM data.
func ParseEd25519PublicKeyPEM ¶
ParseEd25519PublicKeyPEM extracts an Ed25519 public key from PKIX PEM data.
func RedactSensitiveText ¶
RedactSensitiveText replaces secret-like substrings in input with fixed placeholders.
func SHA256FileHex ¶
SHA256FileHex returns the lowercase hex-encoded SHA-256 digest of the file at path.
func SanitizeMatch ¶
SanitizeMatch redacts secrets from finding match text when configured.
func VerifySelfIntegrity ¶
VerifySelfIntegrity computes the SHA256 of binaryPath and compares to expectedHash. Returns nil if they match, an error otherwise.
Types ¶
This section is empty.
Source Files