Documentation
¶
Index ¶
Constants ¶
View Source
const ( RequiredIdEntropy = 3.0 RequiredSecretEntropy = 4.25 )
Variables ¶
View Source
var FalsePositiveSecretPat = regexp.MustCompile(`[a-f0-9]{40}`)
Hashes, like those for git, do technically match the secret pattern. But they are extremely unlikely to be generated as an actual AWS secret. So when we find them, if they're not verified, we should ignore the result.
View Source
var ResourceTypes = map[string]string{
"ABIA": "AWS STS service bearer token",
"ACCA": "Context-specific credential",
"AGPA": "User group",
"AIDA": "IAM user",
"AIPA": "Amazon EC2 instance profile",
"AKIA": "Access key",
"ANPA": "Managed policy",
"ANVA": "Version in a managed policy",
"APKA": "Public key",
"AROA": "Role",
"ASCA": "Certificate",
"ASIA": "Temporary (AWS STS) access key IDs",
}
ResourceTypes derived from: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids
View Source
var SecretPat = regexp.MustCompile(`(?:[^A-Za-z0-9+/]|\A)([A-Za-z0-9+/]{40})(?:[^A-Za-z0-9+/]|\z)`)
View Source
var UrlEncodedReplacer = strings.NewReplacer(
"%2B", "+",
"%2b", "+",
"%2F", "/",
"%2f", "/",
"%3d", "=",
"%3D", "=",
)
UrlEncodedReplacer helps capture base64-encoded results that may be url-encoded. TODO: Add this as a decoder, or make it a more generic.
Functions ¶
func CleanResults ¶ added in v3.84.0
func GetAccountNumFromID ¶ added in v3.84.0
Types ¶
type ErrorResponseBody ¶ added in v3.84.0
type ErrorResponseBody struct {
Error Error `json:"Error"`
}
type IdentityResponse ¶ added in v3.84.0
type IdentityResponse struct {
GetCallerIdentityResponse struct {
GetCallerIdentityResult struct {
Account string `json:"Account"`
Arn string `json:"Arn"`
UserID string `json:"UserId"`
} `json:"GetCallerIdentityResult"`
ResponseMetadata struct {
RequestID string `json:"RequestId"`
} `json:"ResponseMetadata"`
} `json:"GetCallerIdentityResponse"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.