security

package
v1.98.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditLogger 

type AuditLogger interface {
	LogAudit(label1, val1, label2, val2 string)
	SetLogFile(path string)
}

AuditLogger defines the interface for security logging.

type Auditor 

type Auditor struct {
	// contains filtered or unexported fields
}

Auditor handles security logging.

func NewAuditor 

func NewAuditor() *Auditor

NewAuditor creates a new Auditor.

func (*Auditor) LogAudit 

func (a *Auditor) LogAudit(label1, val1, label2, val2 string)

LogAudit writes a two-line audit entry to the commands log file.

func (*Auditor) SetLogFile 

func (a *Auditor) SetLogFile(path string)

SetLogFile sets the path for logging executed commands.

type InteractionHandler 

type InteractionHandler struct {
	// contains filtered or unexported fields
}

InteractionHandler manages terminal locking and user prompts.

func NewInteractionHandler 

func NewInteractionHandler(r io.Reader, auditor *Auditor) *InteractionHandler

NewInteractionHandler creates a new InteractionHandler.

func (*InteractionHandler) ConfirmAction 

func (h *InteractionHandler) ConfirmAction(ctx context.Context, action, target, detail string, bypass bool) (bool, error)

ConfirmAction prompts the user for confirmation.

func (*InteractionHandler) ReadLine 

func (h *InteractionHandler) ReadLine(ctx context.Context) (string, error)

ReadLine reads a line of input.

func (*InteractionHandler) ReadSingleKey 

func (h *InteractionHandler) ReadSingleKey(ctx context.Context) (string, error)

ReadSingleKey waits for a single key press.

func (*InteractionHandler) SetReader 

func (h *InteractionHandler) SetReader(r io.Reader)

SetReader updates the input reader.

func (*InteractionHandler) TerminalLock 

func (h *InteractionHandler) TerminalLock()

TerminalLock locks the terminal for exclusive access.

func (*InteractionHandler) TerminalUnlock 

func (h *InteractionHandler) TerminalUnlock()

TerminalUnlock unlocks the terminal.

type PathPolicy 

type PathPolicy struct {
	// contains filtered or unexported fields
}

PathPolicy manages allowed boundaries and validates paths.

func NewPathPolicy 

func NewPathPolicy() *PathPolicy

NewPathPolicy creates a new PathPolicy.

func (*PathPolicy) GetPaths 

func (p *PathPolicy) GetPaths(writable bool) []string

GetPaths returns a copy of the registered paths.

func (*PathPolicy) LoadPaths 

func (p *PathPolicy) LoadPaths(writable bool) error

LoadPaths reads paths from the config file.

func (*PathPolicy) RegisterPath 

func (p *PathPolicy) RegisterPath(path string, writable bool)

RegisterPath adds a path to the allowed boundaries.

func (*PathPolicy) RemovePath 

func (p *PathPolicy) RemovePath(path string, writable bool) error

RemovePath removes a path from the allowed boundaries.

func (*PathPolicy) SavePaths 

func (p *PathPolicy) SavePaths(ctx context.Context, writable bool) error

SavePaths writes paths to the config file.

func (*PathPolicy) SetConfigFile 

func (p *PathPolicy) SetConfigFile(path string, writable bool)

SetConfigFile sets the persistence file for paths.

func (*PathPolicy) ValidatePath 

func (p *PathPolicy) ValidatePath(path string, writable bool) (string, error)

ValidatePath checks if a path is allowed. If writable=true, it checks CWD, Temp, and SafePaths. If writable=false, it ALSO checks ReadOnlyPaths.

type SecurityManager 

type SecurityManager struct {
	Policy      *PathPolicy
	Interaction *InteractionHandler
	Auditor     AuditLogger
	// contains filtered or unexported fields
}

SecurityManager coordinates path validation, user interaction, and auditing.

func NewSecurityManager 

func NewSecurityManager(input io.Reader) *SecurityManager

NewSecurityManager creates a new SecurityManager.

func (*SecurityManager) Authorize 

func (sm *SecurityManager) Authorize(ctx context.Context, label, detail, reason string, isSafe bool) (bool, error)

Authorize prompts the user for authorization of a specific command or action.

func (*SecurityManager) ConfirmDestructiveAction 

func (sm *SecurityManager) ConfirmDestructiveAction(ctx context.Context, action, target, detail string) (bool, error)

ConfirmDestructiveAction prompts the user for confirmation.

func (*SecurityManager) GetReadOnlyPaths 

func (sm *SecurityManager) GetReadOnlyPaths() []string

GetReadOnlyPaths returns read-only paths.

func (*SecurityManager) GetSafePaths 

func (sm *SecurityManager) GetSafePaths() []string

GetSafePaths returns safe paths.

func (*SecurityManager) IsBypassActive 

func (sm *SecurityManager) IsBypassActive() bool

IsBypassActive returns the current state of bypass_confirmation.

func (*SecurityManager) IsCommandAllowed 

func (sm *SecurityManager) IsCommandAllowed(command string) bool

IsCommandAllowed checks if a base command is allowed for execution.

func (*SecurityManager) IsPathSafe 

func (sm *SecurityManager) IsPathSafe(path string) (string, error)

IsPathSafe checks if a path is safe.

func (*SecurityManager) IsPathWritable 

func (sm *SecurityManager) IsPathWritable(path string) (string, error)

IsPathWritable checks if a path is writable.

func (*SecurityManager) LoadBypassState 

func (sm *SecurityManager) LoadBypassState()

LoadBypassState reads the persistent bypass state from disk.

func (*SecurityManager) LoadReadOnlyPaths 

func (sm *SecurityManager) LoadReadOnlyPaths() error

LoadReadOnlyPaths loads read-only paths.

func (*SecurityManager) LoadSafePaths 

func (sm *SecurityManager) LoadSafePaths() error

LoadSafePaths loads safe paths.

func (*SecurityManager) LogAudit 

func (sm *SecurityManager) LogAudit(label1, val1, label2, val2 string)

LogAudit writes an audit entry.

func (*SecurityManager) ReadLine 

func (sm *SecurityManager) ReadLine(ctx context.Context) (string, error)

ReadLine reads a line.

func (*SecurityManager) ReadSingleKey 

func (sm *SecurityManager) ReadSingleKey(ctx context.Context) (string, error)

ReadSingleKey reads a single key.

func (*SecurityManager) RegisterReadOnlyPath 

func (sm *SecurityManager) RegisterReadOnlyPath(path string)

RegisterReadOnlyPath registers a read-only path.

func (*SecurityManager) RegisterSafePath 

func (sm *SecurityManager) RegisterSafePath(path string)

RegisterSafePath registers a safe path.

func (*SecurityManager) RemoveReadOnlyPath 

func (sm *SecurityManager) RemoveReadOnlyPath(path string) error

RemoveReadOnlyPath removes a read-only path.

func (*SecurityManager) RemoveSafePath 

func (sm *SecurityManager) RemoveSafePath(path string) error

RemoveSafePath removes a safe path.

func (*SecurityManager) SaveBypassState 

func (sm *SecurityManager) SaveBypassState(ctx context.Context)

SaveBypassState writes the persistent bypass state to disk.

func (*SecurityManager) SaveReadOnlyPaths 

func (sm *SecurityManager) SaveReadOnlyPaths(ctx context.Context) error

SaveReadOnlyPaths saves read-only paths.

func (*SecurityManager) SaveSafePaths 

func (sm *SecurityManager) SaveSafePaths(ctx context.Context) error

SaveSafePaths saves safe paths.

func (*SecurityManager) SetBypassActive 

func (sm *SecurityManager) SetBypassActive(active bool)

SetBypassActive sets the bypass state.

func (*SecurityManager) SetBypassFile 

func (sm *SecurityManager) SetBypassFile(path string)

SetBypassFile sets the file where persistent bypass state is stored.

func (*SecurityManager) SetCommandsLogFile 

func (sm *SecurityManager) SetCommandsLogFile(path string)

SetCommandsLogFile sets the commands log file.

func (*SecurityManager) SetInputReader 

func (sm *SecurityManager) SetInputReader(r io.Reader)

SetInputReader sets the input reader.

func (*SecurityManager) SetReadOnlyPathsFile 

func (sm *SecurityManager) SetReadOnlyPathsFile(path string)

SetReadOnlyPathsFile sets the read-only paths file.

func (*SecurityManager) SetSafePathsFile 

func (sm *SecurityManager) SetSafePathsFile(path string)

SetSafePathsFile sets the safe paths file.

func (*SecurityManager) TerminalLock 

func (sm *SecurityManager) TerminalLock()

TerminalLock locks the terminal.

func (*SecurityManager) TerminalUnlock 

func (sm *SecurityManager) TerminalUnlock()

TerminalUnlock unlocks the terminal.

type SecurityProvider 

type SecurityProvider interface {
	IsPathSafe(path string) (string, error)
	IsPathWritable(path string) (string, error)
	ConfirmDestructiveAction(ctx context.Context, action, target, detail string) (bool, error)
	TerminalLock()
	TerminalUnlock()
	IsCommandAllowed(command string) bool
}

SecurityProvider defines the interface for path validation and destructive action confirmation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.