detectors

package
v3.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2023 License: AGPL-3.0 Imports: 11 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultFalsePositives = []FalsePositive{"example", "xxxxxx", "aaaaaa", "abcde", "00000", "sample"}
View Source
var FalsePositiveWordlists = Wordlists{
	// contains filtered or unexported fields
}

Functions

func HasDigit

func HasDigit(key string) bool

func IsKnownFalsePositive

func IsKnownFalsePositive(match string, falsePositives []FalsePositive, wordCheck bool) bool

IsKnownFalsePositives will not return a valid secret finding if any of the disqualifying conditions are met Currently that includes: No number, english word in key, or matches common example pattens. Only the secret key material should be passed into this function

func KeyIsRandom

func KeyIsRandom(key string) bool

KeyIsRandom is a Low cost check to make sure that 'keys' include a number to reduce FPs. Golang doesnt support regex lookaheads, so must be done in separate calls. TODO improve checks. Shannon entropy did not work well.

func MustGetBenchmarkData

func MustGetBenchmarkData() map[string][]byte

func PrefixRegex

func PrefixRegex(keywords []string) string

PrefixRegex ensures that at least one of the given keywords is within 20 characters of the capturing group that follows. This can help prevent false positives.

Types

type Detector

type Detector interface {
	// FromData will scan bytes for results, and optionally verify them.
	FromData(ctx context.Context, verify bool, data []byte) ([]Result, error)
	// Keywords are used for efficiently pre-filtering chunks using substring operations.
	// Use unique identifiers that are part of the secret if you can, or the provider name.
	Keywords() []string
}

Detector defines an interface for scanning for and verifying secrets.

type FalsePositive

type FalsePositive string

type Result

type Result struct {
	// DetectorType is the type of Detector.
	DetectorType detectorspb.DetectorType
	// DecoderType is the type of Decoder.
	DecoderType detectorspb.DecoderType
	Verified    bool
	// Raw contains the raw secret identifier data. Prefer IDs over secrets since it is used for deduping after hashing.
	Raw []byte
	// RawV2 contains the raw secret identifier that is a combination of both the ID and the secret.
	// This is used for secrets that are multi part and could have the same ID. Ex: AWS credentials
	RawV2 []byte
	// Redacted contains the redacted version of the raw secret identification data for display purposes.
	// A secret ID should be used if available.
	Redacted       string
	ExtraData      map[string]string
	StructuredData *detectorspb.StructuredData
}

func CleanResults

func CleanResults(results []Result) []Result

CleanResults returns all verified secrets, and if there are no verified secrets, just one unverified secret if there are any.

type ResultWithMetadata

type ResultWithMetadata struct {
	// SourceMetadata contains source-specific contextual information.
	SourceMetadata *source_metadatapb.MetaData
	// SourceID is the ID of the source that the API uses to map secrets to specific sources.
	SourceID int64
	// SourceType is the type of Source.
	SourceType sourcespb.SourceType
	// SourceName is the name of the Source.
	SourceName string
	Result
}

func CopyMetadata

func CopyMetadata(chunk *sources.Chunk, result Result) ResultWithMetadata

CopyMetadata returns a detector result with included metadata from the source chunk.

type Wordlists

type Wordlists struct {
	// contains filtered or unexported fields
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL