security

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 26, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package security provides comprehensive security validation and sanitization for all user inputs and template processing operations.

Package security provides comprehensive security management for the Open Source Project Generator.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetSanitizationSummary 

func GetSanitizationSummary(results map[string]*SanitizationResult) map[string]interface{}

GetSanitizationSummary returns a summary of sanitization results

func GetTemplateSecuritySummary 

func GetTemplateSecuritySummary(results map[string]*TemplateValidationResult) map[string]interface{}

GetSecuritySummary returns a summary of template security scan results

func NewSecurityManager 

func NewSecurityManager(workspaceDir string) interfaces.SecurityManager

NewSecurityManager creates a new security manager with all components

Types

type BackupInfo 

type BackupInfo struct {
	OriginalPath string    `json:"original_path"`
	BackupPath   string    `json:"backup_path"`
	Timestamp    time.Time `json:"timestamp"`
	Size         int64     `json:"size"`
}

BackupInfo contains information about a backup

type BackupManager 

type BackupManager struct {
	// contains filtered or unexported fields
}

BackupManager handles file backup operations for safety

func NewBackupManager 

func NewBackupManager(backupDir string) *BackupManager

NewBackupManager creates a new backup manager

func (*BackupManager) BackupDirectory 

func (bm *BackupManager) BackupDirectory(dirPath string) (map[string]*BackupResult, error)

BackupDirectory creates backups of all files in a directory

func (*BackupManager) BackupFile 

func (bm *BackupManager) BackupFile(filePath string) (*BackupResult, error)

BackupFile creates a backup of the specified file

func (*BackupManager) CleanupAllBackups 

func (bm *BackupManager) CleanupAllBackups() error

CleanupAllBackups removes all backup files

func (*BackupManager) GetBackupDirectory 

func (bm *BackupManager) GetBackupDirectory() string

GetBackupDirectory returns the backup directory path

func (*BackupManager) GetBackupStats 

func (bm *BackupManager) GetBackupStats() (map[string]interface{}, error)

GetBackupStats returns statistics about backups

func (*BackupManager) IsEnabled 

func (bm *BackupManager) IsEnabled() bool

IsEnabled returns whether backup functionality is enabled

func (*BackupManager) ListBackups 

func (bm *BackupManager) ListBackups(originalPath string) ([]BackupInfo, error)

ListBackups returns a list of available backups for a file

func (*BackupManager) RestoreFile 

func (bm *BackupManager) RestoreFile(originalPath string, backupTimestamp time.Time) (*BackupResult, error)

RestoreFile restores a file from backup

func (*BackupManager) SetEnabled 

func (bm *BackupManager) SetEnabled(enabled bool)

SetEnabled enables or disables backup functionality

func (*BackupManager) SetMaxBackups 

func (bm *BackupManager) SetMaxBackups(max int)

SetMaxBackups sets the maximum number of backups to keep

type BackupResult 

type BackupResult struct {
	OriginalPath string    `json:"original_path"`
	BackupPath   string    `json:"backup_path"`
	Success      bool      `json:"success"`
	Error        string    `json:"error,omitempty"`
	Timestamp    time.Time `json:"timestamp"`
	FileSize     int64     `json:"file_size"`
	Checksum     string    `json:"checksum,omitempty"`
}

BackupResult contains information about a backup operation

type ConfirmationHistory 

type ConfirmationHistory struct {
	// contains filtered or unexported fields
}

ConfirmationHistory tracks confirmation history for auditing

func NewConfirmationHistory 

func NewConfirmationHistory() *ConfirmationHistory

NewConfirmationHistory creates a new confirmation history tracker

func (*ConfirmationHistory) Clear 

func (ch *ConfirmationHistory) Clear()

Clear clears the confirmation history

func (*ConfirmationHistory) GetHistory 

func (ch *ConfirmationHistory) GetHistory() []ConfirmationHistoryEntry

GetHistory returns all confirmation history entries

func (*ConfirmationHistory) GetRecentHistory 

func (ch *ConfirmationHistory) GetRecentHistory(limit int) []ConfirmationHistoryEntry

GetRecentHistory returns recent confirmation history entries

func (*ConfirmationHistory) Record 

func (ch *ConfirmationHistory) Record(request *ConfirmationRequest, result *ConfirmationResult)

Record records a confirmation in the history

type ConfirmationHistoryEntry 

type ConfirmationHistoryEntry struct {
	Request   *ConfirmationRequest `json:"request"`
	Result    *ConfirmationResult  `json:"result"`
	Timestamp time.Time            `json:"timestamp"`
}

ConfirmationHistoryEntry represents a single confirmation in history

type ConfirmationManager 

type ConfirmationManager struct {
	// contains filtered or unexported fields
}

ConfirmationManager handles user confirmation prompts for dangerous operations

func NewConfirmationManager 

func NewConfirmationManager() *ConfirmationManager

NewConfirmationManager creates a new confirmation manager

func (*ConfirmationManager) Confirm 

func (cm *ConfirmationManager) Confirm(request *ConfirmationRequest) (*ConfirmationResult, error)

Confirm prompts the user for confirmation

func (*ConfirmationManager) ConfirmBulkOperation 

func (cm *ConfirmationManager) ConfirmBulkOperation(operationType string, itemCount int, details []string) (*ConfirmationResult, error)

ConfirmBulkOperation prompts for confirmation before bulk operations

func (*ConfirmationManager) ConfirmDirectoryDelete 

func (cm *ConfirmationManager) ConfirmDirectoryDelete(dirPath string, fileCount int, totalSize int64) (*ConfirmationResult, error)

ConfirmDirectoryDelete prompts for confirmation before deleting a directory

func (*ConfirmationManager) ConfirmFileOverwrite 

func (cm *ConfirmationManager) ConfirmFileOverwrite(filePath string, fileSize int64) (*ConfirmationResult, error)

ConfirmFileOverwrite prompts for confirmation before overwriting a file

func (*ConfirmationManager) ConfirmSecurityRisk 

func (cm *ConfirmationManager) ConfirmSecurityRisk(riskDescription string, riskLevel string, details []string) (*ConfirmationResult, error)

ConfirmSecurityRisk prompts for confirmation when security risks are detected

func (*ConfirmationManager) ConfirmWithDryRun 

func (cm *ConfirmationManager) ConfirmWithDryRun(dryRunSummary map[string]interface{}) (*ConfirmationResult, error)

ConfirmWithDryRun prompts for confirmation after showing dry-run results

func (*ConfirmationManager) IsNonInteractive 

func (cm *ConfirmationManager) IsNonInteractive() bool

IsNonInteractive returns whether running in non-interactive mode

func (*ConfirmationManager) SetDefaultAnswer 

func (cm *ConfirmationManager) SetDefaultAnswer(defaultAnswer bool)

SetDefaultAnswer sets the default answer for non-interactive mode

func (*ConfirmationManager) SetNonInteractive 

func (cm *ConfirmationManager) SetNonInteractive(nonInteractive bool)

SetNonInteractive sets whether to run in non-interactive mode

func (*ConfirmationManager) SetTimeout 

func (cm *ConfirmationManager) SetTimeout(timeout time.Duration)

SetTimeout sets the timeout for confirmation prompts

type ConfirmationRequest 

type ConfirmationRequest struct {
	Message         string                 `json:"message"`
	Details         []string               `json:"details,omitempty"`
	Impact          string                 `json:"impact"` // "safe", "warning", "destructive"
	DefaultAnswer   bool                   `json:"default_answer"`
	RequireExplicit bool                   `json:"require_explicit"` // Require explicit "yes" for dangerous operations
	Metadata        map[string]interface{} `json:"metadata,omitempty"`
}

ConfirmationRequest represents a confirmation request

type ConfirmationResult 

type ConfirmationResult struct {
	Confirmed      bool      `json:"confirmed"`
	UserInput      string    `json:"user_input"`
	Timestamp      time.Time `json:"timestamp"`
	NonInteractive bool      `json:"non_interactive"`
	TimedOut       bool      `json:"timed_out"`
	DefaultUsed    bool      `json:"default_used"`
}

ConfirmationResult represents the result of a confirmation request

type DryRunManager 

type DryRunManager struct {
	// contains filtered or unexported fields
}

DryRunManager handles dry-run operations for previewing changes

func NewDryRunManager 

func NewDryRunManager() *DryRunManager

NewDryRunManager creates a new dry-run manager

func (*DryRunManager) Clear 

func (drm *DryRunManager) Clear()

Clear clears all recorded operations

func (*DryRunManager) GenerateReport 

func (drm *DryRunManager) GenerateReport(format string) (string, error)

GenerateReport generates a detailed report of planned operations

func (*DryRunManager) GetOperations 

func (drm *DryRunManager) GetOperations() []DryRunOperation

GetOperations returns all recorded operations

func (*DryRunManager) GetOperationsByImpact 

func (drm *DryRunManager) GetOperationsByImpact(impact string) []DryRunOperation

GetOperationsByImpact returns operations filtered by impact level

func (*DryRunManager) GetSummary 

func (drm *DryRunManager) GetSummary() map[string]interface{}

GetSummary returns a summary of all planned operations

func (*DryRunManager) HasDestructiveOperations 

func (drm *DryRunManager) HasDestructiveOperations() bool

HasDestructiveOperations returns true if there are any destructive operations

func (*DryRunManager) HasWarningOperations 

func (drm *DryRunManager) HasWarningOperations() bool

HasWarningOperations returns true if there are any warning operations

func (*DryRunManager) IsEnabled 

func (drm *DryRunManager) IsEnabled() bool

IsEnabled returns whether dry-run mode is enabled

func (*DryRunManager) RecordCustomOperation 

func (drm *DryRunManager) RecordCustomOperation(operationType, description, path string, details map[string]interface{}, impact string)

RecordCustomOperation records a custom operation

func (*DryRunManager) RecordDirectoryCreate 

func (drm *DryRunManager) RecordDirectoryCreate(path string)

RecordDirectoryCreate records a planned directory creation operation

func (*DryRunManager) RecordDirectoryDelete 

func (drm *DryRunManager) RecordDirectoryDelete(path string)

RecordDirectoryDelete records a planned directory deletion operation

func (*DryRunManager) RecordFileCopy 

func (drm *DryRunManager) RecordFileCopy(srcPath, dstPath string, overwrite bool)

RecordFileCopy records a planned file copy operation

func (*DryRunManager) RecordFileDelete 

func (drm *DryRunManager) RecordFileDelete(path string)

RecordFileDelete records a planned file deletion operation

func (*DryRunManager) RecordFileWrite 

func (drm *DryRunManager) RecordFileWrite(path string, data []byte, overwrite bool)

RecordFileWrite records a planned file write operation

func (*DryRunManager) RecordTemplateProcess 

func (drm *DryRunManager) RecordTemplateProcess(templatePath, outputPath string, variables map[string]interface{})

RecordTemplateProcess records a planned template processing operation

func (*DryRunManager) SetEnabled 

func (drm *DryRunManager) SetEnabled(enabled bool)

SetEnabled enables or disables dry-run mode

type DryRunOperation 

type DryRunOperation struct {
	Type        string                 `json:"type"`
	Description string                 `json:"description"`
	Path        string                 `json:"path"`
	Details     map[string]interface{} `json:"details"`
	Timestamp   time.Time              `json:"timestamp"`
	Impact      string                 `json:"impact"` // "safe", "warning", "destructive"
	Size        int64                  `json:"size,omitempty"`
}

DryRunOperation represents a planned operation in dry-run mode

type FileOperationResult 

type FileOperationResult struct {
	Success      bool      `json:"success"`
	FilePath     string    `json:"file_path"`
	Operation    string    `json:"operation"`
	BytesWritten int64     `json:"bytes_written,omitempty"`
	BytesRead    int64     `json:"bytes_read,omitempty"`
	Checksum     string    `json:"checksum,omitempty"`
	Permissions  string    `json:"permissions,omitempty"`
	Error        string    `json:"error,omitempty"`
	Warnings     []string  `json:"warnings,omitempty"`
	Timestamp    time.Time `json:"timestamp"`
}

FileOperationResult contains the result of a secure file operation

type InputSanitizer 

type InputSanitizer struct {
	// contains filtered or unexported fields
}

InputSanitizer provides comprehensive input sanitization and validation

func NewInputSanitizer 

func NewInputSanitizer() *InputSanitizer

NewInputSanitizer creates a new input sanitizer with secure defaults

func (*InputSanitizer) SanitizeEmail 

func (s *InputSanitizer) SanitizeEmail(email string, fieldName string) *SanitizationResult

SanitizeEmail performs email sanitization and validation

func (*InputSanitizer) SanitizeFilePath 

func (s *InputSanitizer) SanitizeFilePath(path string, fieldName string) *SanitizationResult

SanitizeFilePath performs comprehensive file path sanitization

func (*InputSanitizer) SanitizeProjectName 

func (s *InputSanitizer) SanitizeProjectName(name string) *SanitizationResult

SanitizeProjectName performs specialized sanitization for project names

func (*InputSanitizer) SanitizeString 

func (s *InputSanitizer) SanitizeString(input string, fieldName string) *SanitizationResult

SanitizeString performs comprehensive string sanitization

func (*InputSanitizer) SanitizeURL 

func (s *InputSanitizer) SanitizeURL(urlStr string, fieldName string) *SanitizationResult

SanitizeURL performs URL sanitization and validation

func (*InputSanitizer) ValidateAndSanitizeMap 

func (s *InputSanitizer) ValidateAndSanitizeMap(data map[string]interface{}, prefix string) map[string]*SanitizationResult

ValidateAndSanitizeMap sanitizes all string values in a map

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager implements the SecurityManager interface

func (*Manager) BackupDirectory 

func (m *Manager) BackupDirectory(dirPath string) (map[string]*interfaces.BackupResult, error)

func (*Manager) BackupFile 

func (m *Manager) BackupFile(filePath string) (*interfaces.BackupResult, error)

func (*Manager) ConfirmBulkOperation 

func (m *Manager) ConfirmBulkOperation(operationType string, itemCount int, details []string) (*interfaces.ConfirmationResult, error)

func (*Manager) ConfirmDirectoryDelete 

func (m *Manager) ConfirmDirectoryDelete(dirPath string, fileCount int, totalSize int64) (*interfaces.ConfirmationResult, error)

func (*Manager) ConfirmFileOverwrite 

func (m *Manager) ConfirmFileOverwrite(filePath string, fileSize int64) (*interfaces.ConfirmationResult, error)

func (*Manager) ConfirmSecurityRisk 

func (m *Manager) ConfirmSecurityRisk(riskDescription string, riskLevel string, details []string) (*interfaces.ConfirmationResult, error)

func (*Manager) ConfirmWithDryRun 

func (m *Manager) ConfirmWithDryRun(dryRunSummary map[string]interface{}) (*interfaces.ConfirmationResult, error)

func (*Manager) GenerateDryRunReport 

func (m *Manager) GenerateDryRunReport(format string) (string, error)

func (*Manager) GetDryRunOperations 

func (m *Manager) GetDryRunOperations() []interfaces.DryRunOperation

func (*Manager) GetDryRunSummary 

func (m *Manager) GetDryRunSummary() map[string]interface{}

func (*Manager) GetFilePermissions 

func (m *Manager) GetFilePermissions(path string) (map[string]interface{}, error)

func (*Manager) GetSecurityConfig 

func (m *Manager) GetSecurityConfig() map[string]interface{}

func (*Manager) IsBackupEnabled 

func (m *Manager) IsBackupEnabled() bool

func (*Manager) IsDryRunMode 

func (m *Manager) IsDryRunMode() bool

func (*Manager) IsNonInteractive 

func (m *Manager) IsNonInteractive() bool

func (*Manager) ListBackups 

func (m *Manager) ListBackups(originalPath string) ([]interfaces.BackupInfo, error)

func (*Manager) RecordDirectoryCreate 

func (m *Manager) RecordDirectoryCreate(path string)

func (*Manager) RecordDirectoryDelete 

func (m *Manager) RecordDirectoryDelete(path string)

func (*Manager) RecordFileCopy 

func (m *Manager) RecordFileCopy(srcPath, dstPath string, overwrite bool)

func (*Manager) RecordFileDelete 

func (m *Manager) RecordFileDelete(path string)

func (*Manager) RecordFileWrite 

func (m *Manager) RecordFileWrite(path string, data []byte, overwrite bool)

func (*Manager) RecordTemplateProcess 

func (m *Manager) RecordTemplateProcess(templatePath, outputPath string, variables map[string]interface{})

func (*Manager) RestoreFile 

func (m *Manager) RestoreFile(originalPath string, backupTimestamp time.Time) (*interfaces.BackupResult, error)

func (*Manager) SanitizeEmail 

func (m *Manager) SanitizeEmail(email string, fieldName string) *interfaces.SanitizationResult

func (*Manager) SanitizeFilePath 

func (m *Manager) SanitizeFilePath(path string, fieldName string) *interfaces.SanitizationResult

func (*Manager) SanitizeProjectName 

func (m *Manager) SanitizeProjectName(name string) *interfaces.SanitizationResult

func (*Manager) SanitizeString 

func (m *Manager) SanitizeString(input string, fieldName string) *interfaces.SanitizationResult

func (*Manager) SanitizeURL 

func (m *Manager) SanitizeURL(urlStr string, fieldName string) *interfaces.SanitizationResult

func (*Manager) ScanTemplateDirectory 

func (m *Manager) ScanTemplateDirectory(dirPath string) (map[string]*interfaces.TemplateSecurityResult, error)

func (*Manager) SecureCopyFile 

func (m *Manager) SecureCopyFile(srcPath, dstPath string) (*interfaces.FileOperationResult, error)

func (*Manager) SecureCreateDirectory 

func (m *Manager) SecureCreateDirectory(path string, perm os.FileMode) (*interfaces.FileOperationResult, error)

func (*Manager) SecureReadFile 

func (m *Manager) SecureReadFile(path string) (*interfaces.FileOperationResult, []byte, error)

func (*Manager) SecureWriteFile 

func (m *Manager) SecureWriteFile(path string, data []byte, perm os.FileMode) (*interfaces.FileOperationResult, error)

func (*Manager) SetBackupEnabled 

func (m *Manager) SetBackupEnabled(enabled bool)

func (*Manager) SetDryRunMode 

func (m *Manager) SetDryRunMode(enabled bool)

func (*Manager) SetNonInteractive 

func (m *Manager) SetNonInteractive(nonInteractive bool)

func (*Manager) SetSecurityConfig 

func (m *Manager) SetSecurityConfig(config map[string]interface{}) error

func (*Manager) ValidateAndSanitizeMap 

func (m *Manager) ValidateAndSanitizeMap(data map[string]interface{}, prefix string) map[string]*interfaces.SanitizationResult

func (*Manager) ValidateFilePath 

func (m *Manager) ValidateFilePath(path string, operation string) error

func (*Manager) ValidateTemplateContent 

func (m *Manager) ValidateTemplateContent(content string, filePath string) *interfaces.TemplateSecurityResult

func (*Manager) ValidateTemplateFile 

func (m *Manager) ValidateTemplateFile(filePath string) (*interfaces.TemplateSecurityResult, error)

type SanitizationResult 

type SanitizationResult struct {
	Original    string   `json:"original"`
	Sanitized   string   `json:"sanitized"`
	IsValid     bool     `json:"is_valid"`
	Errors      []string `json:"errors"`
	Warnings    []string `json:"warnings"`
	WasModified bool     `json:"was_modified"`
}

SanitizationResult contains the result of input sanitization

type SecureFileOperations 

type SecureFileOperations struct {
	// contains filtered or unexported fields
}

SecureFileOperations provides secure file system operations with validation

func NewSecureFileOperations 

func NewSecureFileOperations(allowedBasePaths []string) *SecureFileOperations

NewSecureFileOperations creates a new secure file operations manager

func (*SecureFileOperations) GetFilePermissions 

func (sfo *SecureFileOperations) GetFilePermissions(path string) (map[string]interface{}, error)

GetFilePermissions returns detailed file permission information

func (*SecureFileOperations) SecureCopyFile 

func (sfo *SecureFileOperations) SecureCopyFile(srcPath, dstPath string) (*FileOperationResult, error)

SecureCopyFile copies a file with security validation

func (*SecureFileOperations) SecureCreateDirectory 

func (sfo *SecureFileOperations) SecureCreateDirectory(path string, perm os.FileMode) (*FileOperationResult, error)

SecureCreateDirectory creates a directory with security validation

func (*SecureFileOperations) SecureReadFile 

func (sfo *SecureFileOperations) SecureReadFile(path string) (*FileOperationResult, []byte, error)

SecureReadFile reads a file with security validation

func (*SecureFileOperations) SecureRemoveFile 

func (sfo *SecureFileOperations) SecureRemoveFile(path string) (*FileOperationResult, error)

SecureRemoveFile removes a file with security validation

func (*SecureFileOperations) SecureWriteFile 

func (sfo *SecureFileOperations) SecureWriteFile(path string, data []byte, perm os.FileMode) (*FileOperationResult, error)

SecureWriteFile writes a file with security validation

func (*SecureFileOperations) SetSecurityConfig 

func (sfo *SecureFileOperations) SetSecurityConfig(config map[string]interface{}) error

SetSecurityConfig updates security configuration

func (*SecureFileOperations) ValidateFileIntegrity 

func (sfo *SecureFileOperations) ValidateFileIntegrity(path string, expectedChecksum string) (*FileOperationResult, error)

ValidateFileIntegrity validates file integrity using checksums

func (*SecureFileOperations) ValidateFilePath 

func (sfo *SecureFileOperations) ValidateFilePath(path string, operation string) error

ValidateFilePath performs comprehensive file path validation

type TemplateSecurityConfig 

type TemplateSecurityConfig struct {
	MaxTemplateSize       int64                  `json:"max_template_size"`
	AllowedFunctions      []string               `json:"allowed_functions"`
	BlockedPatterns       []string               `json:"blocked_patterns"`
	SandboxMode           bool                   `json:"sandbox_mode"`
	AllowExternalIncludes bool                   `json:"allow_external_includes"`
	CustomFunctions       map[string]interface{} `json:"-"` // Not serializable
}

TemplateSecurityConfig allows customization of security settings

type TemplateSecurityManager 

type TemplateSecurityManager struct {
	// contains filtered or unexported fields
}

TemplateSecurityManager provides secure template processing capabilities

func NewTemplateSecurityManager 

func NewTemplateSecurityManager() *TemplateSecurityManager

NewTemplateSecurityManager creates a new template security manager

func (*TemplateSecurityManager) ApplySecurityConfig 

func (tsm *TemplateSecurityManager) ApplySecurityConfig(config *TemplateSecurityConfig) error

ApplySecurityConfig applies custom security configuration

func (*TemplateSecurityManager) CreateSecureTemplate 

func (tsm *TemplateSecurityManager) CreateSecureTemplate(name, content string) (*template.Template, error)

CreateSecureTemplate creates a template with security restrictions

func (*TemplateSecurityManager) ProcessTemplateSecurely 

func (tsm *TemplateSecurityManager) ProcessTemplateSecurely(tmpl *template.Template, data interface{}, outputPath string) error

ProcessTemplateSecurely processes a template with security restrictions

func (*TemplateSecurityManager) ScanTemplateDirectory 

func (tsm *TemplateSecurityManager) ScanTemplateDirectory(dirPath string) (map[string]*TemplateValidationResult, error)

ScanTemplateDirectory recursively scans a directory for template security issues

func (*TemplateSecurityManager) ValidateTemplateContent 

func (tsm *TemplateSecurityManager) ValidateTemplateContent(content string, filePath string) *TemplateValidationResult

ValidateTemplateContent validates template content for security issues

func (*TemplateSecurityManager) ValidateTemplateFile 

func (tsm *TemplateSecurityManager) ValidateTemplateFile(filePath string) (*TemplateValidationResult, error)

ValidateTemplateFile validates a template file for security issues

type TemplateValidationResult 

type TemplateValidationResult struct {
	IsSecure        bool     `json:"is_secure"`
	SecurityIssues  []string `json:"security_issues"`
	Warnings        []string `json:"warnings"`
	BlockedPatterns []string `json:"blocked_patterns"`
	FilePath        string   `json:"file_path"`
	FileSize        int64    `json:"file_size"`
}

TemplateValidationResult contains the result of template security validation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.