report

package
v0.19.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2023 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const FileScansFileName = "file-scans.json"

FileScansFileName is the name of the file used to report information about file scans.

View Source 
const MemoryScansFileName = "memory-scans.json"

MemoryScansFileName is the name of the file used to report information about memory scans.

View Source 
const MetaFileName = "meta.json"

MetaFileName is the name of the file containing meta information about the report format.

View Source 
const ProcessesFileName = "processes.json"

ProcessesFileName is the name of the file used to report information about processes.

View Source 
const RulesFileName = "rules.yarc"

RulesFileName is the name of the file, where the used rules will be stored.

View Source 
const ScanningStatisticsFileName = "stats.json"

ScanningStatisticsFileName is the name of the file used to report scanning.

View Source 
const SystemInfoFileName = "systeminfo.json"

SystemInfoFileName is the name of the file, where system info is stored.

View Source 
const TimeFormat = "2006-01-02T15:04:05.000000-07:00"
View Source 
const TimeFormatV100 = "2006-01-02T15:04:05.000000Z-07:00"

Variables

View Source 
var FormatVersion = version.Version{
	Major:  1,
	Minor:  1,
	Bugfix: 0,
}
View Source 
var MetaV1Schema = fmt.Sprintf(schemaURLFormat, "1.0.0", "meta.schema.json")

Functions

This section is empty.

Types

type File 

type File struct {
	FilePath  string `json:"path"`
	MD5Sum    string `json:"md5,omitempty"`
	SHA256Sum string `json:"sha256,omitempty"`
}

type FileReader 

type FileReader struct {
	// contains filtered or unexported fields
}

func (*FileReader) Close 

func (rdr *FileReader) Close() error

func (*FileReader) OpenFileScans 

func (rdr *FileReader) OpenFileScans() (io.ReadCloser, error)

func (*FileReader) OpenMemoryScans 

func (rdr *FileReader) OpenMemoryScans() (io.ReadCloser, error)

func (*FileReader) OpenMeta 

func (rdr *FileReader) OpenMeta() (io.ReadCloser, error)

func (*FileReader) OpenProcesses 

func (rdr *FileReader) OpenProcesses() (io.ReadCloser, error)

func (*FileReader) OpenStatistics 

func (rdr *FileReader) OpenStatistics() (io.ReadCloser, error)

func (*FileReader) OpenSystemInformation 

func (rdr *FileReader) OpenSystemInformation() (io.ReadCloser, error)

func (*FileReader) SetKeyring 

func (rdr *FileReader) SetKeyring(keyring openpgp.EntityList)

func (*FileReader) SetPassword 

func (rdr *FileReader) SetPassword(password string)

type FileScan 

type FileScan struct {
	File    *File       `json:"file"`
	Matches []*Match    `json:"match"`
	Error   interface{} `json:"error"`
}

FileScan represents all matches on a file.

type Match 

type Match struct {
	Rule      string         `json:"rule"`
	Namespace string         `json:"namespace"`
	Strings   []*MatchString `json:"strings"`
}

Match represents the match of a yara Rule.

type MatchString 

type MatchString struct {
	Name   string `json:"name"`
	Base   uint64 `json:"base"`
	Offset uint64 `json:"offset"`
}

A MatchString represents a string declared and matched in a rule.

type MemoryScan 

type MemoryScan struct {
	PID           int         `json:"pid"`
	MemorySegment uintptr     `json:"memorySegment"`
	Matches       []*Match    `json:"match"`
	Error         interface{} `json:"error"`
}

MemoryScan represents all matches on a single memory segment of a process.

type MemorySegmentInfo 

type MemorySegmentInfo struct {
	// ParentBaseAddress is the base address of the parent segment.
	// If no parent segment exists, this is equal to the BaseAddress.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationBase
	ParentBaseAddress uintptr `json:"parentBaseAddress"`

	// BaseAddress is the base address of the current memory segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->BaseAddress
	BaseAddress uintptr `json:"baseAddress"`

	// AllocatedPermissions is the Permissions that were used to initially
	// allocate this segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->AllocationProtect
	AllocatedPermissions procio.Permissions `json:"allocatedPermissions"`

	// CurrentPermissions is the Permissions that the segment currently has.
	// This may differ from AllocatedPermissions if the permissions where changed
	// at some point (e.g. via VirtualProtect).
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->Protect
	CurrentPermissions procio.Permissions `json:"currentPermissions"`

	// Size contains the size of the segment in bytes.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->RegionSize
	Size uintptr `json:"size"`

	// RSS contains the ResidentSetSize as reported on linux, i.e.
	// the amount of RAM this segment actually uses right now.
	// Equivalence on windows: No equivalence, this is currently always equal to Size.
	RSS uintptr `json:"rss"`

	// State contains the current State of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->State
	State procio.State `json:"state"`

	// Type contains the Type of the segment.
	// Equivalence on windows: _MEMORY_BASIC_INFORMATION->SegmentType
	Type procio.SegmentType `json:"type"`

	// File contains the path to the mapped file, or empty string if
	// no file mapping is associated with this memory segment.
	MappedFile *File `json:"mappedFile"`
}

MemorySegmentInfo contains information about a memory segment.

type MetaInformation 

type MetaInformation struct {
	YapscanVersion version.Version   `json:"yapscanVersion"`
	FormatVersion  version.Version   `json:"formatVersion"`
	SchemaURLs     map[string]string `json:"schemaURLs"`
}

func GetMetaInformation 

func GetMetaInformation() *MetaInformation

type Parser 

type Parser struct{}

func NewParser 

func NewParser() *Parser

func (*Parser) Parse 

func (p *Parser) Parse(rdr Reader) (*Report, error)

type ProcessInfo 

type ProcessInfo struct {
	PID              int                  `json:"pid"`
	Bitness          arch.Bitness         `json:"bitness"`
	ExecutablePath   string               `json:"executablePath"`
	ExecutableMD5    string               `json:"executableMD5"`
	ExecutableSHA256 string               `json:"executableSHA256"`
	Username         string               `json:"username"`
	MemorySegments   []*MemorySegmentInfo `json:"memorySegments"`
}

ProcessInfo represents information about a Process.

type ProfilingInformation 

type ProfilingInformation struct {
	Time                  Time    `json:"time"`
	FreeRAM               uintptr `json:"freeRAM"`
	FreeSwap              uintptr `json:"freeSwap"`
	LoadAvgOneMinute      float64 `json:"loadAvgOneMinute"`
	LoadAvgFiveMinutes    float64 `json:"loadAvgFiveMinutes"`
	LoadAvgFifteenMinutes float64 `json:"loadAvgFifteenMinutes"`
}

type ProfilingInformationV100 added in v0.15.0 

type ProfilingInformationV100 struct {
	Time                  TimeV100 `json:"time"`
	FreeRAM               uintptr  `json:"freeRAM"`
	FreeSwap              uintptr  `json:"freeSwap"`
	LoadAvgOneMinute      float64  `json:"loadAvgOneMinute"`
	LoadAvgFiveMinutes    float64  `json:"loadAvgFiveMinutes"`
	LoadAvgFifteenMinutes float64  `json:"loadAvgFifteenMinutes"`
}

type Reader 

type Reader interface {
	SetPassword(password string)
	SetKeyring(keyring openpgp.EntityList)
	OpenMeta() (io.ReadCloser, error)
	OpenSystemInformation() (io.ReadCloser, error)
	OpenStatistics() (io.ReadCloser, error)
	OpenProcesses() (io.ReadCloser, error)
	OpenMemoryScans() (io.ReadCloser, error)
	OpenFileScans() (io.ReadCloser, error)
	io.Closer
}

func NewFileReader 

func NewFileReader(path string) Reader

type ReaderFactory added in v0.15.0 

type ReaderFactory struct {
	// contains filtered or unexported fields
}

func NewReaderFactory added in v0.15.0 

func NewReaderFactory() *ReaderFactory

func (*ReaderFactory) OpenFile added in v0.15.0 

func (f *ReaderFactory) OpenFile(path string) Reader

func (*ReaderFactory) SetKeyring added in v0.15.0 

func (f *ReaderFactory) SetKeyring(keyring openpgp.EntityList)

func (*ReaderFactory) SetPassword added in v0.15.0 

func (f *ReaderFactory) SetPassword(password string)

type Report 

type Report struct {
	Meta        *MetaInformation
	Stats       *ScanningStatistics
	SystemInfo  *SystemInfo
	Processes   []*ProcessInfo
	MemoryScans []*MemoryScan
	FileScans   []*FileScan
}

func NewReport added in v0.15.0 

func NewReport() *Report

type ReportWriter added in v0.15.0 

type ReportWriter struct {
	// contains filtered or unexported fields
}

func NewReportWriter added in v0.15.0 

func NewReportWriter(archiver archiver.Archiver) *ReportWriter

func (*ReportWriter) WriteReport added in v0.15.0 

func (w *ReportWriter) WriteReport(rprt *Report) (err error)

type ScanningStatistics 

type ScanningStatistics struct {
	Start                      Time                    `json:"start"`
	End                        Time                    `json:"end"`
	NumberOfProcessesScanned   uint64                  `json:"numberOfProcessesScanned"`
	NumberOfSegmentsScanned    uint64                  `json:"numberOfSegmentsScanned"`
	NumberOfMemoryBytesScanned uint64                  `json:"numberOfMemoryBytesScanned"`
	NumberOfFileBytesScanned   uint64                  `json:"numberOfFileBytesScanned"`
	NumberOfFilesScanned       uint64                  `json:"numberOfFilesScanned"`
	ProfilingInformation       []*ProfilingInformation `json:"profilingInformation"`
}

ScanningStatistics holds statistic information about a scan.

type ScanningStatisticsV100 added in v0.15.0 

type ScanningStatisticsV100 struct {
	Start                      TimeV100                    `json:"start"`
	End                        TimeV100                    `json:"end"`
	NumberOfProcessesScanned   uint64                      `json:"numberOfProcessesScanned"`
	NumberOfSegmentsScanned    uint64                      `json:"numberOfSegmentsScanned"`
	NumberOfMemoryBytesScanned uint64                      `json:"numberOfMemoryBytesScanned"`
	NumberOfFileBytesScanned   uint64                      `json:"numberOfFileBytesScanned"`
	NumberOfFilesScanned       uint64                      `json:"numberOfFilesScanned"`
	ProfilingInformation       []*ProfilingInformationV100 `json:"profilingInformation"`
}

ScanningStatisticsV100 holds statistic information about a scan.

type SystemInfo 

type SystemInfo struct {
	OSName    string   `json:"osName"`
	OSVersion string   `json:"osVersion"`
	OSFlavour string   `json:"osFlavour"`
	OSArch    arch.T   `json:"osArch"`
	Hostname  string   `json:"hostname"`
	IPs       []string `json:"ips"`
	NumCPUs   int      `json:"numCPUs"`
	TotalRAM  uintptr  `json:"totalRAM"`
	TotalSwap uintptr  `json:"totalSwap"`
}

SystemInfo contains information about the running system.

type Time 

type Time struct {
	time.Time
}

func NewTime added in v0.15.0 

func NewTime(t time.Time) Time

func Now 

func Now() Time

func (Time) MarshalJSON 

func (t Time) MarshalJSON() ([]byte, error)

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(b []byte) error

type TimeV100 added in v0.15.0 

type TimeV100 struct {
	time.Time
}

func (*TimeV100) UnmarshalJSON added in v0.15.0 

func (t *TimeV100) UnmarshalJSON(b []byte) error

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func NewOfflineValidator 

func NewOfflineValidator(schemaRootPath string) *Validator

func NewOnlineValidator 

func NewOnlineValidator(schemaRootPath string) *Validator

func (*Validator) ValidateReport 

func (v *Validator) ValidateReport(rdr Reader) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.