common

package
v0.7.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 13, 2022 License: BSD-3-Clause Imports: 5 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	//AppName is the application name
	AppName = "checkmate"
	//AppDisplayName is the application name used for display purposes
	AppDisplayName = "CheckMate"

	//SourceFileExtensions extensions for source code
	//see https://fileinfo.com/filetypes/developer-all
	SourceFileExtensions = map[string]string{}/* 808 elements not displayed */

	//TextFileExtensions file name extensions for textual files
	TextFileExtensions = appendMaps(tfe1, tfe2, SourceFileExtensions)
	//DangerousFileNames are file names commonly associated with secrets, should not be stored in source code management systems
	DangerousFileNames = map[string]string{
		`id_rsa`:   `SSH private key`,
		`id_dsa`:   `SSH private key`,
		`keystore`: `Java key store`,
	}
	//CertsAndKeyStores are potential certificate and keystore files that should not be stored in source code repositories
	CertsAndKeyStores = map[string]string{
		`.pem`:      `Certificate file`,
		`.crt`:      `Certificate file`,
		`.cer`:      `Certificate file`,
		`.der`:      `Certificate file`,
		`.p7b`:      `Certificate file`,
		`.p7r`:      `Certificate file`,
		`.spc`:      `Certificate file`,
		`.pfx`:      `Certificate file`,
		`.p12`:      `Certificate file`,
		`.jks`:      `Java key store`,
		`.ks`:       `Java key store`,
		`.keystore`: `Java key store`,
		`.jceks`:    `Java key store`,
		`.ubr`:      `Java key store`,
		`.bks`:      `Java key store`,
		`.sst`:      `Microsoft certificate store`,
		`.sto`:      `Microsoft certificate store`,
	}
	//FinancialAndAccountingExtensions are file extensions that may contain financial accounting data: not to be stored in source code repositories or other shared spaces
	//see https://www.file-extensions.org/filetype/extension/name/financial-tax-files/sortBy/extension/order/asc/page/1
	FinancialAndAccountingExtensions = map[string]string{}/* 384 elements not displayed */

	//DangerousExtensions are file extensions that are known to contain sensitive data, not to be stored in source code repositories or other shared spaces
	//see https://www.file-extensions.org/filetype/extension/name/encoded-and-encrypted-files/sortBy/extension/order/asc/page/1
	DangerousExtensions = map[string]string{}/* 465 elements not displayed */

)

Functions

func IsConfidentialFile

func IsConfidentialFile(path string) (bool, string)

IsConfidentialFile indicates whether a file is potentially confidential based on its name or extension, with a narrative indicating what sort of file it may be if it is potentially confidential

func RegisterDiagnosticsConsumer

func RegisterDiagnosticsConsumer(callback func(d *diagnostics.SecurityDiagnostic), providers ...diagnostics.SecurityDiagnosticsProvider)

RegisterDiagnosticsConsumer registers a callback to consume diagnostics

Types

type CodeContext

type CodeContext struct {
	Location, ProjectID, ScanID string
}

type DataToScan

type DataToScan struct {
	//Source is the textual data to be scanned for secrets
	Source string `json:"source"`
	//SourceType is a hint as to the type of the source e.g .java, .xml, .yaml, .json, .rb, etc
	SourceType string `json:"source_type"`
	//Base64 is an optional flag that is used to indicate whether the text in `Source` is Base64-encoded
	Base64 bool `json:"base64,omitempty"`
}

DataToScan represents data to be inspected for possible secrets embedded along with hints and configurations about the nature of the data and the scanning sensitivity

type DiagnosticsAggregator

type DiagnosticsAggregator interface {
	AddDiagnostic(diagnostic *diagnostics.SecurityDiagnostic)
	Aggregate() []*diagnostics.SecurityDiagnostic //Called when aggregation strategy is required to be run
}

DiagnosticsAggregator implements a strategy for aggregating diagnostics, e.g. removing duplicates, overlap, less sever issues etc.

func MakeSimpleAggregator

func MakeSimpleAggregator() DiagnosticsAggregator

MakeSimpleAggregator creates a diagnostics aggregator that removes diagnostics whose range is completely overlapped by another diagnostic's range

type PathToSecurityDiagnostics

type PathToSecurityDiagnostics interface {
	util.PathConsumer
	diagnostics.SecurityDiagnosticsProvider
}

PathToSecurityDiagnostics is an interface that describes an object that can consume a file path or URI and generates security diagnostics

type ResourceToSecurityDiagnostics

type ResourceToSecurityDiagnostics interface {
	util.ResourceConsumer
	util.PathConsumer
	diagnostics.SecurityDiagnosticsProvider
}

ResourceToSecurityDiagnostics is an interface that describes an object that consumes arbitrary resource and generates security diagnostics

type ScanRequest

type ScanRequest struct {
	Type       ScanType
	Paths      []string     // for PathScan type
	DataToScan []DataToScan // for StringScan type
	Excludes   diagnostics.ExcludeDefinition
}

ScanRequest is a container for static analysis scan

type ScanType

type ScanType int

ScanType describes the type of scan in a ScanRequest

const (
	//PathScan describes a type of scan involving local file system paths
	PathScan ScanType = iota
	//StringScan describes a type of scan where the string to scan is sent directly in the scan request
	StringScan
)

type SensitiveFile

type SensitiveFile struct {
	//if the value does not start with a . then filename is intended
	Extension   string
	Description string
	Excluded    bool //flag to indicate that this extension or filename should be ignored as non-sensitive
}

SensitiveFile is a description of a potentially sensitive file based on its name or extension

func GetSensitiveFilesDescriptors

func GetSensitiveFilesDescriptors() []SensitiveFile

GetSensitiveFilesDescriptors gets all registered sensitive file descriptions

type SourceToSecurityDiagnostics

type SourceToSecurityDiagnostics interface {
	util.ResourceConsumer
	diagnostics.SecurityDiagnosticsProvider
}

SourceToSecurityDiagnostics is an interface that describes an object that can consume source and generates security diagnostics

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL