Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CtxParserRule ¶
type CtxParserRule struct {
// Instance of the parser
Parser contextParser `yaml:"-"`
// Name of the parser type
Type string `yaml:"type"`
// Extensions which the parser takes into consideration
Extensions []string `yaml:"extensions"`
// Bag of words used mainly to identify keys/values
// that are potential leaks
KeyBag []string `yaml:"keys"`
// Confidence of the assessment
// - "High" : for context based parsers
// - "Low" : for regexp/context insensitive parsers
Confidence string `yaml:"confidence"`
}
CtxParserRule is an union of a definition of the parser and it's instantiation.
func (*CtxParserRule) Init ¶
func (c *CtxParserRule) Init()
Init creates a Parser if the .Type is defined
type FileLeak ¶
type FileLeak struct {
// File (path to the file from the root of the execution)
File string `yaml:"file"`
Line int `yaml:"line"`
// Contains a couple of line before and after the commit
// This allows for displaying the context of the discovery
// without having to store / display the whole file
Snippet []string `yaml:"snippet"`
// Affected is the index of the offending line in the snippet slice
Affected int `yaml:"affected"`
// Start index of the offending snippet within the affected line
StartIdx int
// End index of the offending snippet within the affected line
EndIdx int
Confidence string `yaml:"confidence"`
IndepParserRule *IndepParserRule `yaml:"-"`
CtxParserRule *CtxParserRule `yaml:"-"`
}
FileLeak is a potential leak detected in the filesystem
type GitLeak ¶
type GitLeak struct {
// Hash of the commit (SHA-1)
Commit string `yaml:"commit"`
// File (path to the file from the root of the git repo)
File string `yaml:"file"`
// Line number within the affected file
Line int `yaml:"line"`
// Contains a couple of line before and after the commit
// This allows for displaying the context of the discovery
// without having to store / display the whole file
Snippet []string `yaml:"snippet"`
// Affected is the index of the offending line in the snippet slice
Affected int `yaml:"affected"`
// Start index of the offending snippet within the affected line
StartIdx int
// End index of the offending snippet within the affected line
EndIdx int
Confidence string `yaml:"confidence"`
// Stores the name of the author of the commit
// This could be replaced with the email for better formatting
Author string `yaml:"author,omitempty"`
// Time of the commit
When time.Time `yaml:"commit_date"`
// Pointer to the offending rule
IndepParserRule *IndepParserRule `yaml:"-"`
// Pointer to the offending parser rule
// The Rule and ParserRule attributes are exclusive
CtxParserRule *CtxParserRule `yaml:"-"`
Repo *Repo `yaml:"-"`
}
GitLeak is a potential leak detected associated with a commit
type IndepParserRule ¶
type IndepParserRule struct {
Definition string `yaml:"definition"`
Description string `yaml:"description,omitempty"`
Category string `yaml:"category,omitempty"`
Weight float32 `yaml:"weight"`
Compiled *regexp.Regexp
}
IndepParserRule represents a context independant parser
type Leak ¶
type Leak interface {
}
Leak is an interface that represents a possible credential leak discovered during the scan phase
type Repo ¶
type Repo struct {
Source string `yaml:"source"`
Path string
Since time.Time
Storer *git.Repository
}
Repo represents the internal git representation as well as the local one (in the filesystem)
func (*Repo) FetchCommits ¶
FetchCommits stores all commits in a slice
This allows for concurrent r/w of the commit slice without having to go through go-git's commit iterator object. (Comes at a certain cost to memory but the commit object itself seems to be very light)
type RuleSet ¶
type RuleSet struct {
// Version of the configuration file
// Not used currently but for future proofing
APIVersion string `yaml:"apiVersion"`
// FNV hash of the configuration file
// Useful for determining whether or not the definition file
// has been changed. (for future uses)
Checksum string
ReadAt time.Time
IndepParsers []IndepParserRule `yaml:"rules"`
CtxParsers []CtxParserRule `yaml:"parsers"`
BlackList []string `yaml:"black_list"`
BlackListCompiled []*regexp.Regexp `yaml:"-"`
// Sets whether or not to examine compressed files
Compressed bool `yaml:"compressed"`
}
RuleSet groups all Rules and Parsers interpreted from the user defined file
- Rules represent parsers that are context independant it can parse a file line by line to precisely find the leak
- Parsers are parsers that need the entire file as a context to analyse for leaks correctly (TODO: rename)
func (*RuleSet) ParseConfig ¶
ParseConfig reads the user defined configuration file
Source Files
Click to show internal directories.
Click to hide internal directories.