sources

package
v0.0.0-...-96bab31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2026 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package sources provides adapters for reading credentials from various formats.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNotOpen is returned when Read is called before Open.
	ErrNotOpen = errors.New("source not open")

	// ErrAlreadyOpen is returned when Open is called on an already-open source.
	ErrAlreadyOpen = errors.New("source already open")

	// ErrClosed is returned when operations are attempted on a closed source.
	ErrClosed = errors.New("source is closed")
)

Common errors that can be returned by source adapters.

Functions

func IsAuthError 

func IsAuthError(err error) bool

IsAuthError returns true if the error is an authentication error.

func IsFormatError 

func IsFormatError(err error) bool

IsFormatError returns true if the error is a format error.

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound returns true if the error is a not found error.

func IsPartialRead 

func IsPartialRead(err error) bool

IsPartialRead returns true if the error is a partial read error.

func RegisterDefault 

func RegisterDefault(s Source)

RegisterDefault registers a source with the default registry.

Types

type BitwardenCard 

type BitwardenCard struct {
	CardholderName string `json:"cardholderName"`
	Brand          string `json:"brand"`
	Number         string `json:"number"`
	ExpMonth       string `json:"expMonth"`
	ExpYear        string `json:"expYear"`
	Code           string `json:"code"`
}

BitwardenCard represents credit card data in a Bitwarden item.

type BitwardenExport 

type BitwardenExport struct {
	Encrypted bool              `json:"encrypted"`
	Folders   []BitwardenFolder `json:"folders"`
	Items     []BitwardenItem   `json:"items"`
}

BitwardenExport represents the top-level Bitwarden JSON export structure.

type BitwardenField 

type BitwardenField struct {
	Name  string `json:"name"`
	Value string `json:"value"`
	Type  int    `json:"type"` // 0=text, 1=hidden, 2=boolean, 3=linked
}

BitwardenField represents a custom field in a Bitwarden item.

type BitwardenFolder 

type BitwardenFolder struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

BitwardenFolder represents a folder in the Bitwarden export.

type BitwardenIdentity 

type BitwardenIdentity struct {
	Title          string `json:"title"`
	FirstName      string `json:"firstName"`
	MiddleName     string `json:"middleName"`
	LastName       string `json:"lastName"`
	Address1       string `json:"address1"`
	Address2       string `json:"address2"`
	Address3       string `json:"address3"`
	City           string `json:"city"`
	State          string `json:"state"`
	PostalCode     string `json:"postalCode"`
	Country        string `json:"country"`
	Company        string `json:"company"`
	Email          string `json:"email"`
	Phone          string `json:"phone"`
	SSN            string `json:"ssn"`
	Username       string `json:"username"`
	PassportNumber string `json:"passportNumber"`
	LicenseNumber  string `json:"licenseNumber"`
}

BitwardenIdentity represents identity data in a Bitwarden item.

type BitwardenItem 

type BitwardenItem struct {
	ID             string             `json:"id"`
	OrganizationID string             `json:"organizationId"`
	FolderID       string             `json:"folderId"`
	Type           int                `json:"type"`
	Name           string             `json:"name"`
	Notes          string             `json:"notes"`
	Favorite       bool               `json:"favorite"`
	Login          *BitwardenLogin    `json:"login,omitempty"`
	SecureNote     *BitwardenNote     `json:"secureNote,omitempty"`
	Card           *BitwardenCard     `json:"card,omitempty"`
	Identity       *BitwardenIdentity `json:"identity,omitempty"`
	CollectionIDs  []string           `json:"collectionIds"`
	CreationDate   string             `json:"creationDate"`
	RevisionDate   string             `json:"revisionDate"`
	Reprompt       int                `json:"reprompt"`
	Fields         []BitwardenField   `json:"fields,omitempty"`
}

BitwardenItem represents a single item in the Bitwarden export.

type BitwardenLogin 

type BitwardenLogin struct {
	URIs     []BitwardenURI `json:"uris"`
	Username string         `json:"username"`
	Password string         `json:"password"`
	TOTP     string         `json:"totp"`
}

BitwardenLogin represents login data in a Bitwarden item.

type BitwardenNote 

type BitwardenNote struct {
	Type int `json:"type"`
}

BitwardenNote represents secure note data in a Bitwarden item.

type BitwardenSource 

type BitwardenSource struct {
	// contains filtered or unexported fields
}

BitwardenSource implements the Source interface for Bitwarden JSON exports.

func NewBitwardenSource 

func NewBitwardenSource() *BitwardenSource

NewBitwardenSource creates a new Bitwarden JSON source adapter.

func (*BitwardenSource) Close 

func (s *BitwardenSource) Close() error

Close releases resources.

func (*BitwardenSource) Description 

func (s *BitwardenSource) Description() string

Description returns a human-readable description.

func (*BitwardenSource) Detect 

func (s *BitwardenSource) Detect(path string) (int, error)

Detect checks if the given path is a Bitwarden JSON export.

func (*BitwardenSource) Name 

func (s *BitwardenSource) Name() string

Name returns the unique identifier for this source.

func (*BitwardenSource) Open 

func (s *BitwardenSource) Open(path string, opts OpenOptions) error

Open initializes the source with the given file path.

func (*BitwardenSource) Read 

func (s *BitwardenSource) Read() ([]model.Credential, error)

Read parses the Bitwarden JSON and returns credentials.

func (*BitwardenSource) SupportedExtensions 

func (s *BitwardenSource) SupportedExtensions() []string

SupportedExtensions returns file extensions this source handles.

type BitwardenURI 

type BitwardenURI struct {
	URI   string `json:"uri"`
	Match *int   `json:"match,omitempty"`
}

BitwardenURI represents a URI entry in a Bitwarden login.

type ChromeSource 

type ChromeSource struct {
	// contains filtered or unexported fields
}

ChromeSource implements the Source interface for Chrome CSV exports.

func NewChromeSource 

func NewChromeSource() *ChromeSource

NewChromeSource creates a new Chrome CSV source adapter.

func (*ChromeSource) Close 

func (s *ChromeSource) Close() error

Close releases resources.

func (*ChromeSource) Description 

func (s *ChromeSource) Description() string

Description returns a human-readable description.

func (*ChromeSource) Detect 

func (s *ChromeSource) Detect(path string) (int, error)

Detect checks if the given path is a Chrome CSV export.

func (*ChromeSource) Name 

func (s *ChromeSource) Name() string

Name returns the unique identifier for this source.

func (*ChromeSource) Open 

func (s *ChromeSource) Open(path string, opts OpenOptions) error

Open initializes the source with the given file path.

func (*ChromeSource) Read 

func (s *ChromeSource) Read() ([]model.Credential, error)

Read parses the Chrome CSV and returns credentials.

func (*ChromeSource) SupportedExtensions 

func (s *ChromeSource) SupportedExtensions() []string

SupportedExtensions returns file extensions this source handles.

type ErrAuthenticationFailed 

type ErrAuthenticationFailed struct {
	Source string // Source adapter name
	Path   string // File path
	Reason string // Why authentication failed
	Err    error  // Underlying error, if any
}

ErrAuthenticationFailed indicates that authentication failed (wrong password, key, etc.).

func (*ErrAuthenticationFailed) Error 

func (e *ErrAuthenticationFailed) Error() string

func (*ErrAuthenticationFailed) Unwrap 

func (e *ErrAuthenticationFailed) Unwrap() error

type ErrFileNotFound 

type ErrFileNotFound struct {
	Path string
}

ErrFileNotFound indicates the specified file does not exist.

func (*ErrFileNotFound) Error 

func (e *ErrFileNotFound) Error() string

type ErrInvalidFormat 

type ErrInvalidFormat struct {
	Source  string // Source adapter name
	Path    string // File path
	Details string // What was wrong
	Err     error  // Underlying error, if any
}

ErrInvalidFormat indicates that the source file has an invalid or corrupted format.

func (*ErrInvalidFormat) Error 

func (e *ErrInvalidFormat) Error() string

func (*ErrInvalidFormat) Unwrap 

func (e *ErrInvalidFormat) Unwrap() error

type ErrPartialRead 

type ErrPartialRead struct {
	Source     string   // Source adapter name
	TotalItems int      // Total items attempted
	ReadItems  int      // Items successfully read
	Failures   []string // Descriptions of failures
	Errs       []error  // Individual errors
}

ErrPartialRead indicates that some credentials couldn't be read. The source will still return the credentials that were successfully read.

func (*ErrPartialRead) AddFailure 

func (e *ErrPartialRead) AddFailure(description string, err error)

AddFailure adds a failure to the partial read error.

func (*ErrPartialRead) Error 

func (e *ErrPartialRead) Error() string

func (*ErrPartialRead) HasFailures 

func (e *ErrPartialRead) HasFailures() bool

HasFailures returns true if there are any failures recorded.

type ErrPermissionDenied 

type ErrPermissionDenied struct {
	Path string
	Op   string // Operation that failed (read, open, etc.)
	Err  error  // Underlying error
}

ErrPermissionDenied indicates a file access permission issue.

func (*ErrPermissionDenied) Error 

func (e *ErrPermissionDenied) Error() string

func (*ErrPermissionDenied) Unwrap 

func (e *ErrPermissionDenied) Unwrap() error

type ErrSourceNotFound 

type ErrSourceNotFound struct {
	Path          string
	MinConfidence int
}

ErrSourceNotFound indicates that no source adapter could handle the given path.

func (*ErrSourceNotFound) Error 

func (e *ErrSourceNotFound) Error() string

type ErrUnsupportedFeature 

type ErrUnsupportedFeature struct {
	Source  string
	Feature string
}

ErrUnsupportedFeature indicates a feature is not supported by the source.

func (*ErrUnsupportedFeature) Error 

func (e *ErrUnsupportedFeature) Error() string

type FirefoxSource 

type FirefoxSource struct {
	// contains filtered or unexported fields
}

FirefoxSource implements the Source interface for Firefox CSV exports.

func NewFirefoxSource 

func NewFirefoxSource() *FirefoxSource

NewFirefoxSource creates a new Firefox CSV source adapter.

func (*FirefoxSource) Close 

func (s *FirefoxSource) Close() error

Close releases resources.

func (*FirefoxSource) Description 

func (s *FirefoxSource) Description() string

Description returns a human-readable description.

func (*FirefoxSource) Detect 

func (s *FirefoxSource) Detect(path string) (int, error)

Detect checks if the given path is a Firefox CSV export.

func (*FirefoxSource) Name 

func (s *FirefoxSource) Name() string

Name returns the unique identifier for this source.

func (*FirefoxSource) Open 

func (s *FirefoxSource) Open(path string, opts OpenOptions) error

Open initializes the source with the given file path.

func (*FirefoxSource) Read 

func (s *FirefoxSource) Read() ([]model.Credential, error)

Read parses the Firefox CSV and returns credentials.

func (*FirefoxSource) SupportedExtensions 

func (s *FirefoxSource) SupportedExtensions() []string

SupportedExtensions returns file extensions this source handles.

type KeePassSource 

type KeePassSource struct {
	// contains filtered or unexported fields
}

KeePassSource implements the Source interface for KeePass .kdbx files.

Security Note: This implementation uses gokeepasslib which relies on Go's standard library encoding/xml for XML parsing. Go's XML parser is safe from XML External Entity (XXE) attacks by design - it does not resolve external entities or support DTD processing. See: https://github.com/golang/go/issues/14107

func NewKeePassSource 

func NewKeePassSource() *KeePassSource

NewKeePassSource creates a new KeePass source adapter.

func (*KeePassSource) Close 

func (s *KeePassSource) Close() error

Close releases resources and locks protected entries.

func (*KeePassSource) Description 

func (s *KeePassSource) Description() string

Description returns a human-readable description.

func (*KeePassSource) Detect 

func (s *KeePassSource) Detect(path string) (int, error)

Detect checks if the given path is a KeePass database.

func (*KeePassSource) Name 

func (s *KeePassSource) Name() string

Name returns the unique identifier for this source.

func (*KeePassSource) Open 

func (s *KeePassSource) Open(path string, opts OpenOptions) error

Open initializes the source with the given file path and options.

func (*KeePassSource) Read 

func (s *KeePassSource) Read() ([]model.Credential, error)

Read extracts all entries from the KeePass database.

func (*KeePassSource) SupportedExtensions 

func (s *KeePassSource) SupportedExtensions() []string

SupportedExtensions returns file extensions this source handles.

type OpenOptions 

type OpenOptions struct {
	// Password for encrypted sources (KeePass, encrypted exports).
	Password string

	// KeyFilePath for sources that support key files (KeePass).
	KeyFilePath string

	// Interactive indicates whether the source may prompt for missing credentials.
	// If true, PasswordFunc will be called when a password is needed.
	Interactive bool

	// PasswordFunc is a callback for interactive password entry.
	// It receives a prompt string and should return the password or an error.
	// Only used when Interactive is true.
	PasswordFunc func(prompt string) (string, error)

	// Recursive indicates whether to search directories recursively.
	// Only applicable to directory-based sources like SSH.
	Recursive bool

	// IncludeHidden indicates whether to include hidden files.
	// Only applicable to file-discovery sources.
	IncludeHidden bool
}

OpenOptions provides configuration for opening a source.

type PasswordPromptFunc 

type PasswordPromptFunc func(prompt string) (string, error)

PasswordPromptFunc is the signature for interactive password callbacks.

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry manages available source adapters. It provides lookup by name and auto-detection by file extension or content.

func DefaultRegistry 

func DefaultRegistry() *Registry

DefaultRegistry returns the default global registry with all built-in sources. This function is safe for concurrent use.

func NewRegistry 

func NewRegistry() *Registry

NewRegistry creates a new empty source registry.

func (*Registry) Count 

func (r *Registry) Count() int

Count returns the number of registered sources.

func (*Registry) DetectSource 

func (r *Registry) DetectSource(path string) (Source, error)

DetectSource attempts to auto-detect the appropriate source for a path. It first tries extension matching, then content detection. Returns the best matching source or ErrSourceNotFound if no match.

func (*Registry) DetectSourceWithThreshold 

func (r *Registry) DetectSourceWithThreshold(path string, minConfidence int) (Source, error)

DetectSourceWithThreshold is like DetectSource but requires a minimum confidence.

func (*Registry) Get 

func (r *Registry) Get(name string) (Source, bool)

Get retrieves a source adapter by name. Returns the source and true if found, or nil and false if not found.

func (*Registry) List 

func (r *Registry) List() []Source

List returns all registered source adapters sorted by name.

func (*Registry) Names 

func (r *Registry) Names() []string

Names returns the names of all registered sources sorted alphabetically.

func (*Registry) Register 

func (r *Registry) Register(s Source)

Register adds a source adapter to the registry. If a source with the same name already exists, it will be replaced.

func (*Registry) Unregister 

func (r *Registry) Unregister(name string)

Unregister removes a source adapter from the registry.

type SSHSource 

type SSHSource struct {
	// contains filtered or unexported fields
}

SSHSource implements the Source interface for a single SSH private key file.

func NewSSHSource 

func NewSSHSource() *SSHSource

NewSSHSource creates a new SSH source adapter.

func (*SSHSource) Close 

func (s *SSHSource) Close() error

Close releases resources.

func (*SSHSource) Description 

func (s *SSHSource) Description() string

Description returns a human-readable description.

func (*SSHSource) Detect 

func (s *SSHSource) Detect(path string) (int, error)

Detect checks if the given path is a valid SSH private key file. Returns confidence 0-100 based on whether it looks like an SSH private key.

func (*SSHSource) Name 

func (s *SSHSource) Name() string

Name returns the unique identifier for this source.

func (*SSHSource) Open 

func (s *SSHSource) Open(path string, opts OpenOptions) error

Open initializes the source with the given file path.

func (*SSHSource) Read 

func (s *SSHSource) Read() ([]model.Credential, error)

Read parses the SSH private key file.

func (*SSHSource) SupportedExtensions 

func (s *SSHSource) SupportedExtensions() []string

SupportedExtensions returns common SSH private key file extensions.

type Source 

type Source interface {
	// Name returns the unique identifier for this source (e.g., "keepass", "chrome").
	Name() string

	// Description returns a human-readable description of the source.
	Description() string

	// SupportedExtensions returns file extensions this source handles (e.g., [".kdbx"]).
	// Return empty slice for directory-based sources.
	SupportedExtensions() []string

	// Detect checks if the given path is valid for this source.
	// Returns a confidence score from 0-100 (100 = definitely this format).
	// A score of 0 means this source cannot handle the path.
	Detect(path string) (confidence int, err error)

	// Open initializes the source with the given path and options.
	// This may prompt for credentials if Interactive is true and credentials are needed.
	Open(path string, opts OpenOptions) error

	// Read returns all credentials from the source.
	// May be called multiple times; should return the same results.
	// Returns ErrPartialRead if some credentials couldn't be read.
	Read() ([]model.Credential, error)

	// Close releases any resources held by the source.
	// Should clear sensitive data from memory where possible.
	Close() error
}

Source defines the interface for credential source adapters. Each adapter reads credentials from a specific format (KeePass, Chrome CSV, etc.) and converts them to the internal model representation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.