detections

package

v0.0.0-...-c4af43d Latest Latest Go to latest Published: Apr 9, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ossf/package-analysis

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FindBase64Substrings(s string) []string
func FindHexSubstrings(s string) []string
func FindIPAddresses(s string) []string
func FindURLs(s string) []string
func IsHighlyEscaped(s token.String, thresholdCount int, thresholdFrequency float64) bool

Constants ¶

This section is empty.

Variables ¶

View Source

var SuspiciousIdentifierPatterns = map[string]*regexp.Regexp{
	"hex":     hexIdentifier,
	"numeric": numericIdentifier,
	"single":  singleCharIdentifier,
}

SuspiciousIdentifierPatterns is a list of regex patterns to match source code identifiers that are carry a suspicion of being obfuscated, due to being not very human-friendly. A few matching identifiers may not indicate obfuscation, but if there is a large number of suspicious identifiers (especially of the same type) then obfuscation is probable.

Functions ¶

func FindBase64Substrings ¶

func FindBase64Substrings(s string) []string

FindBase64Substrings returns a slice containing all the non-overlapping substrings of s that are at least 20 characters long, and look like base64-encoded data. The function uses regex-based heuristics to determine valid substrings but does not decode the data. In particular, valid strings must have only valid base64 characters ([A-Za-z0-9+/] or [A-Za-z0-9-_], depending on the variant, plus up to 2 padding '=' characters). If padding characters are included, then the string length must be a multiple of 4.

The following heuristic rules are checked to reduce the number of false positives.

1. Must have at least one uppercase letter 2. Must have at least one lowercase letter 3. Must have at least one letter outside A-F (or a-f) [this filters out hex strings] 4. If padding characters are included, the string length must be a multiple of 4

While false positive matches will occur, due to the minimum length requirement it is highly unlikely that a legitimate base64 string will be excluded from the output.

Note that, if there are multiple base64 encoded strings in the input, depending on how they are separated, they may end up being concatenated together into a single string in the returned string slice.

func FindHexSubstrings ¶

func FindHexSubstrings(s string) []string

FindHexSubstrings returns all non-overlapping substrings of s made up of at least 8 consecutive hexadecimal digits. The leading 0x is not counted.

func FindIPAddresses ¶

func FindIPAddresses(s string) []string

func FindURLs ¶

func FindURLs(s string) []string

func IsHighlyEscaped ¶

func IsHighlyEscaped(s token.String, thresholdCount int, thresholdFrequency float64) bool

IsHighlyEscaped returns true if a string literal exceeds the given threshold count or frequency (in range [0, 1]) of escape sequences.

Supported escape sequences include:

Octal escape: "\251",
Hex escape: "\x3f",
Unicode 16-bit escape: "\u103a",
Unicode 32-bit escape: "\U00100FFF" or "\u{0100FF}".

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL