Documentation
¶
Index ¶
- Variables
- func CleanDigestAlgorithmName(name string) string
- func DigestAlgorithmName(hash crypto.Hash) string
- func GenerateSearchPatterns(basePatterns map[string]string, additionalPatterns map[string]string, ...) (map[string]*regexp.Regexp, error)
- type Classification
- type ClassificationCataloger
- type Classifier
- type ContentsCataloger
- type Digest
- type DigestsCataloger
- type MetadataCataloger
- type SearchResult
- type SecretsCataloger
- type SecretsMonitor
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultClassifiers = []Classifier{ { Class: "python-binary", FilepathPatterns: []*regexp.Regexp{ regexp.MustCompile(`(.*/|^)python(?P<version>[0-9]+\.[0-9]+)$`), regexp.MustCompile(`(.*/|^)libpython(?P<version>[0-9]+\.[0-9]+).so.*$`), }, EvidencePatternTemplates: []string{ `(?m)(?P<version>{{ .version }}\.[0-9]+[-_a-zA-Z0-9]*)`, }, }, { Class: "cpython-source", FilepathPatterns: []*regexp.Regexp{ regexp.MustCompile(`(.*/|^)patchlevel.h$`), }, EvidencePatternTemplates: []string{ `(?m)#define\s+PY_VERSION\s+"?(?P<version>[0-9\.\-_a-zA-Z]+)"?`, }, }, { Class: "go-binary", FilepathPatterns: []*regexp.Regexp{ regexp.MustCompile(`(.*/|^)go$`), }, EvidencePatternTemplates: []string{ `(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`, }, }, { Class: "go-binary-hint", FilepathPatterns: []*regexp.Regexp{ regexp.MustCompile(`(.*/|^)VERSION$`), }, EvidencePatternTemplates: []string{ `(?m)go(?P<version>[0-9]+\.[0-9]+(\.[0-9]+|beta[0-9]+|alpha[0-9]+|rc[0-9]+)?)`, }, }, { Class: "busybox-binary", FilepathPatterns: []*regexp.Regexp{ regexp.MustCompile(`(.*/|^)busybox$`), }, EvidencePatternTemplates: []string{ `(?m)BusyBox\s+v(?P<version>[0-9]+\.[0-9]+\.[0-9]+)`, }, }, }
View Source
var DefaultSecretsPatterns = map[string]string{
"aws-access-key": `(?i)aws_access_key_id["'=:\s]*?(?P<value>(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})`,
"aws-secret-key": `(?i)aws_secret_access_key["'=:\s]*?(?P<value>[0-9a-zA-Z/+]{40})`,
"pem-private-key": `-----BEGIN (\S+ )?PRIVATE KEY(\sBLOCK)?-----((?P<value>(\n.*?)+)-----END (\S+ )?PRIVATE KEY(\sBLOCK)?-----)?`,
"docker-config-auth": `"auths"((.*\n)*.*?"auth"\s*:\s*"(?P<value>[^"]+)")?`,
"generic-api-key": `(?i)api(-|_)?key["'=:\s]*?(?P<value>[A-Z0-9]{20,60})["']?(\s|$)`,
}
Functions ¶
func DigestAlgorithmName ¶
func GenerateSearchPatterns ¶
func GenerateSearchPatterns(basePatterns map[string]string, additionalPatterns map[string]string, excludePatternNames []string) (map[string]*regexp.Regexp, error)
GenerateSearchPatterns takes a set of named base patterns, a set of additional named patterns and an name exclusion list and generates a final set of regular expressions (indexed by name). The sets are aggregated roughly as such: (base - excluded) + additional.
Types ¶
type Classification ¶
type ClassificationCataloger ¶
type ClassificationCataloger struct {
// contains filtered or unexported fields
}
func NewClassificationCataloger ¶
func NewClassificationCataloger(classifiers []Classifier) (*ClassificationCataloger, error)
func (*ClassificationCataloger) Catalog ¶
func (i *ClassificationCataloger) Catalog(resolver source.FileResolver) (map[source.Coordinates][]Classification, error)
type Classifier ¶
type Classifier struct {
Class string
FilepathPatterns []*regexp.Regexp
EvidencePatternTemplates []string
}
func (Classifier) Classify ¶
func (c Classifier) Classify(resolver source.FileResolver, location source.Location) (*Classification, error)
type ContentsCataloger ¶
type ContentsCataloger struct {
// contains filtered or unexported fields
}
func NewContentsCataloger ¶
func NewContentsCataloger(globs []string, skipFilesAboveSize int64) (*ContentsCataloger, error)
func (*ContentsCataloger) Catalog ¶
func (i *ContentsCataloger) Catalog(resolver source.FileResolver) (map[source.Coordinates]string, error)
type Digest ¶
func DigestsFromFile ¶ added in v0.44.0
type DigestsCataloger ¶
type DigestsCataloger struct {
// contains filtered or unexported fields
}
func NewDigestsCataloger ¶
func NewDigestsCataloger(hashes []crypto.Hash) (*DigestsCataloger, error)
func (*DigestsCataloger) Catalog ¶
func (i *DigestsCataloger) Catalog(resolver source.FileResolver) (map[source.Coordinates][]Digest, error)
type MetadataCataloger ¶
type MetadataCataloger struct {
}
func NewMetadataCataloger ¶
func NewMetadataCataloger() *MetadataCataloger
func (*MetadataCataloger) Catalog ¶
func (i *MetadataCataloger) Catalog(resolver source.FileResolver) (map[source.Coordinates]source.FileMetadata, error)
type SearchResult ¶
type SearchResult struct {
Classification string `json:"classification"`
LineNumber int64 `json:"lineNumber"`
LineOffset int64 `json:"lineOffset"`
SeekPosition int64 `json:"seekPosition"`
Length int64 `json:"length"`
Value string `json:"value,omitempty"`
}
func (SearchResult) String ¶
func (s SearchResult) String() string
type SecretsCataloger ¶
type SecretsCataloger struct {
// contains filtered or unexported fields
}
func NewSecretsCataloger ¶
func (*SecretsCataloger) Catalog ¶
func (i *SecretsCataloger) Catalog(resolver source.FileResolver) (map[source.Coordinates][]SearchResult, error)
type SecretsMonitor ¶
type SecretsMonitor struct {
progress.Stager
SecretsDiscovered progress.Monitorable
progress.Progressable
}
Source Files
Click to show internal directories.
Click to hide internal directories.