signals

package

v0.0.0-...-bd0d80a Latest Latest Go to latest Published: Oct 3, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/khulnasoft-lab/package-analysis

Links

Open Source Insights

Documentation ¶

Index ¶

type FileSignals
- func AnalyzeSingle(parseData parsing.SingleResult) FileSignals
- func (s FileSignals) String() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type FileSignals ¶

type FileSignals struct {
	// The following two variables respectively record how many string literals
	// and identifiers in the file have a given length. The absence of a count
	// for a particular lengths means that there were no symbols of that length
	// in the file.
	IdentifierLengths valuecounts.ValueCounts
	StringLengths     valuecounts.ValueCounts

	// SuspiciousIdentifiers holds identifiers that are deemed 'suspicious' (i.e.
	// indicative of obfuscation) according to certain rules. Each entry contains
	// the identifier name and the name of the first rule it was matched against.
	SuspiciousIdentifiers []staticanalysis.SuspiciousIdentifier

	// EscapedStrings contain string literals that contain large amount of escape
	// characters, which may indicate obfuscation.
	EscapedStrings []staticanalysis.EscapedString

	// Base64Strings holds a list of (substrings of) string literals found in the
	// file that match a base64 regex pattern. This patten has a minimum matching
	// length in order to reduce the number of false positives.
	Base64Strings []string

	// HexStrings holds a list of (substrings of) string literals found in the
	// file that contain long (>8 digits) hexadecimal digit sequences.
	HexStrings []string

	// IPAddresses contains any IP addresses found in string literals
	IPAddresses []string

	// URLs contains any urls (http or https) found in string literals
	URLs []string
}

FileSignals holds information related to the presence of obfuscated code in a single file.

func AnalyzeSingle ¶

func AnalyzeSingle(parseData parsing.SingleResult) FileSignals

AnalyzeSingle collects signals of interest for a file in a package, operating on a single parsing result (i.e. from one language parser). It returns a FileSignals object, containing information that may be useful to determine whether the file contains malicious code.

func (FileSignals) String ¶

func (s FileSignals) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
detections
stats
stringentropy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL