secrets

package
v1.7.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
	HexChars    = "1234567890abcdefABCDEF"
)

Variables

View Source
var (
	SecretsQueryMetadata map[string]string
)

Functions

func AllowRuleMatches added in v1.7.4

func AllowRuleMatches(s string, allowRules []AllowRule) [][]int

AllowRuleMatches return all the allow rules matches for the secret queries

func CheckEntropyInterval

func CheckEntropyInterval(entropy Entropy, token string) (isEntropyInInterval bool, entropyLevel float64)

CheckEntropyInterval - verifies if a given token's entropy is within expected bounds

func IsAllowRule added in v1.7.1

func IsAllowRule(s string, query *RegexQuery, allowRules []AllowRule) bool

IsAllowRule check if string matches any of the allow rules for the secret queries

Types

type AllowRule

type AllowRule struct {
	Description string `json:"description"`
	RegexStr    string `json:"regex"`
	Regex       *regexp.Regexp
}

func CompileRegex added in v1.7.1

func CompileRegex(allowRules []AllowRule) ([]AllowRule, error)

CompileRegex compiles the regex allow rules

type Entropy

type Entropy struct {
	Group int     `json:"group"`
	Min   float64 `json:"min"`
	Max   float64 `json:"max"`
}

type Inspector

type Inspector struct {
	SecretTracker []SecretTracker
	// contains filtered or unexported fields
}

func NewInspector

func NewInspector(
	ctx context.Context,
	excludeResults map[string]bool,
	tracker engine.Tracker,
	queryFilter *source.QueryInspectorParameters,
	disableSecretsQuery bool,
	executionTimeout int,
	regexRulesContent string,
	isCustomSecretsRegexes bool,
) (*Inspector, error)

func (*Inspector) GetQueriesLength

func (c *Inspector) GetQueriesLength() int

func (*Inspector) Inspect

func (c *Inspector) Inspect(ctx context.Context, basePaths []string,
	files model.FileMetadatas, currentQuery chan<- int64) ([]model.Vulnerability, error)

Inspect inspects the source code for passwords & secrets and returns the list of vulnerabilities

type MultilineResult

type MultilineResult struct {
	DetectLineGroup int `json:"detectLineGroup"`
}

type RegexQuery

type RegexQuery struct {
	ID          string          `json:"id"`
	Name        string          `json:"name"`
	Multiline   MultilineResult `json:"multiline"`
	RegexStr    string          `json:"regex"`
	SpecialMask string          `json:"specialMask"`
	Entropies   []Entropy       `json:"entropies"`
	AllowRules  []AllowRule     `json:"allowRules"`
	Regex       *regexp.Regexp
}

type RegexRuleStruct

type RegexRuleStruct struct {
	Rules      []RegexQuery `json:"rules"`
	AllowRules []AllowRule  `json:"allowRules"`
}

type RuleMatch

type RuleMatch struct {
	File     string
	RuleName string
	Matches  []string
	Line     int
	Entropy  float64
}

type SecretTracker added in v1.6.3

type SecretTracker struct {
	ResolvedFilePath string
	Line             int
	OriginalContent  string
	MaskedContent    string
}

SecretTracker is Struct created to keep track of the secrets found in the inspector it used for masking all the secrets in the vulnerability preview in the different report formats

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL