Documentation
¶
Index ¶
- Variables
- func IsConfidentialFile(path string) (bool, string)
- func RegisterDiagnosticsConsumer(callback func(d *diagnostics.SecurityDiagnostic), ...)
- type CodeContext
- type DataToScan
- type DiagnosticsAggregator
- type PathToSecurityDiagnostics
- type ResourceToSecurityDiagnostics
- type ScanRequest
- type ScanType
- type SensitiveFile
- type SourceToSecurityDiagnostics
Constants ¶
This section is empty.
Variables ¶
var ( //AppName is the application name AppName = "checkmate" //AppDisplayName is the application name used for display purposes AppDisplayName = "CheckMate" //SourceFileExtensions extensions for source code //see https://fileinfo.com/filetypes/developer-all SourceFileExtensions = map[string]string{}/* 808 elements not displayed */ //TextFileExtensions file name extensions for textual files TextFileExtensions = appendMaps(tfe1, tfe2, SourceFileExtensions) //DangerousFileNames are file names commonly associated with secrets, should not be stored in source code management systems DangerousFileNames = map[string]string{ `id_rsa`: `SSH private key`, `id_dsa`: `SSH private key`, `keystore`: `Java key store`, } //CertsAndKeyStores are potential certificate and keystore files that should not be stored in source code repositories CertsAndKeyStores = map[string]string{ `.pem`: `Certificate file`, `.crt`: `Certificate file`, `.cer`: `Certificate file`, `.der`: `Certificate file`, `.p7b`: `Certificate file`, `.p7r`: `Certificate file`, `.spc`: `Certificate file`, `.pfx`: `Certificate file`, `.p12`: `Certificate file`, `.jks`: `Java key store`, `.ks`: `Java key store`, `.keystore`: `Java key store`, `.jceks`: `Java key store`, `.ubr`: `Java key store`, `.bks`: `Java key store`, `.sst`: `Microsoft certificate store`, `.sto`: `Microsoft certificate store`, } //FinancialAndAccountingExtensions are file extensions that may contain financial accounting data: not to be stored in source code repositories or other shared spaces //see https://www.file-extensions.org/filetype/extension/name/financial-tax-files/sortBy/extension/order/asc/page/1 FinancialAndAccountingExtensions = map[string]string{}/* 384 elements not displayed */ //DangerousExtensions are file extensions that are known to contain sensitive data, not to be stored in source code repositories or other shared spaces //see https://www.file-extensions.org/filetype/extension/name/encoded-and-encrypted-files/sortBy/extension/order/asc/page/1 DangerousExtensions = map[string]string{}/* 465 elements not displayed */ )
Functions ¶
func IsConfidentialFile ¶
IsConfidentialFile indicates whether a file is potentially confidential based on its name or extension, with a narrative indicating what sort of file it may be if it is potentially confidential
func RegisterDiagnosticsConsumer ¶
func RegisterDiagnosticsConsumer(callback func(d *diagnostics.SecurityDiagnostic), providers ...diagnostics.SecurityDiagnosticsProvider)
RegisterDiagnosticsConsumer registers a callback to consume diagnostics
Types ¶
type CodeContext ¶
type CodeContext struct {
Location, ProjectID, ScanID string
}
type DataToScan ¶
type DataToScan struct {
//Source is the textual data to be scanned for secrets
Source string `json:"source"`
//SourceType is a hint as to the type of the source e.g .java, .xml, .yaml, .json, .rb, etc
SourceType string `json:"source_type"`
//Base64 is an optional flag that is used to indicate whether the text in `Source` is Base64-encoded
Base64 bool `json:"base64,omitempty"`
}
DataToScan represents data to be inspected for possible secrets embedded along with hints and configurations about the nature of the data and the scanning sensitivity
type DiagnosticsAggregator ¶
type DiagnosticsAggregator interface {
AddDiagnostic(diagnostic *diagnostics.SecurityDiagnostic)
Aggregate() []*diagnostics.SecurityDiagnostic //Called when aggregation strategy is required to be run
}
DiagnosticsAggregator implements a strategy for aggregating diagnostics, e.g. removing duplicates, overlap, less sever issues etc.
func MakeSimpleAggregator ¶
func MakeSimpleAggregator() DiagnosticsAggregator
MakeSimpleAggregator creates a diagnostics aggregator that removes diagnostics whose range is completely overlapped by another diagnostic's range
type PathToSecurityDiagnostics ¶
type PathToSecurityDiagnostics interface {
util.PathConsumer
diagnostics.SecurityDiagnosticsProvider
}
PathToSecurityDiagnostics is an interface that describes an object that can consume a file path or URI and generates security diagnostics
type ResourceToSecurityDiagnostics ¶
type ResourceToSecurityDiagnostics interface {
util.ResourceConsumer
util.PathConsumer
diagnostics.SecurityDiagnosticsProvider
}
ResourceToSecurityDiagnostics is an interface that describes an object that consumes arbitrary resource and generates security diagnostics
type ScanRequest ¶
type ScanRequest struct {
Type ScanType
Paths []string // for PathScan type
DataToScan []DataToScan // for StringScan type
Excludes diagnostics.ExcludeDefinition
}
ScanRequest is a container for static analysis scan
type SensitiveFile ¶
type SensitiveFile struct {
//if the value does not start with a . then filename is intended
Extension string
Description string
Excluded bool //flag to indicate that this extension or filename should be ignored as non-sensitive
}
SensitiveFile is a description of a potentially sensitive file based on its name or extension
func GetSensitiveFilesDescriptors ¶
func GetSensitiveFilesDescriptors() []SensitiveFile
GetSensitiveFilesDescriptors gets all registered sensitive file descriptions
type SourceToSecurityDiagnostics ¶
type SourceToSecurityDiagnostics interface {
util.ResourceConsumer
diagnostics.SecurityDiagnosticsProvider
}
SourceToSecurityDiagnostics is an interface that describes an object that can consume source and generates security diagnostics
Source Files
Directories