secrets

package

v0.9.3 Latest Latest Go to latest Published: May 23, 2023 License: BSD-3-Clause Imports: 21 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adedayo/checkmate-plugin

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FindSecret(rif util.RepositoryIndexedFile, source io.Reader, matcher MatchProvider, ...) chan *diagnostics.SecurityDiagnostic
func MakeCommonExclusions() diagnostics.ExcludeDefinition
func MergeExclusions(defs ...diagnostics.ExcludeDefinition) (excl diagnostics.ExcludeDefinition)
func SearchSecretsOnPaths(paths []string, options SecretSearchOptions) (chan *diagnostics.SecurityDiagnostic, chan []util.RepositoryIndexedFile)
type MatchProvider
type RegexFinder
type SecretScanner
- func MakeSecretScanner(config SecretSearchOptions) SecretScanner
- func (scanner SecretScanner) Scan(ctx context.Context, projectID string, scanID string, ...)
type SecretSearchOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	TenMB = int64(1024 * 1000 * 10) // 10Mb
)

Functions ¶

func FindSecret ¶

func FindSecret(rif util.RepositoryIndexedFile, source io.Reader, matcher MatchProvider, shouldProvideSourceInDiagnostics bool) chan *diagnostics.SecurityDiagnostic

FindSecret locates secrets contained in a source that implements `io.Reader` interface using a `MatchProvider`

func MakeCommonExclusions ¶ added in v0.2.0

func MakeCommonExclusions() diagnostics.ExcludeDefinition

MakeCommonExclusions creates an ExcludeDefinition that contains common patterns of files that do not contain secrets

func MergeExclusions ¶ added in v0.3.0

func MergeExclusions(defs ...diagnostics.ExcludeDefinition) (excl diagnostics.ExcludeDefinition)

func SearchSecretsOnPaths ¶

func SearchSecretsOnPaths(paths []string, options SecretSearchOptions) (chan *diagnostics.SecurityDiagnostic, chan []util.RepositoryIndexedFile)

SearchSecretsOnPaths searches for secrets on indicated paths (may include local paths and git repositories) Streams back security diagnostics and paths

Types ¶

type MatchProvider ¶

type MatchProvider interface {
	// common.exclusionProvider
	GetFinders() []common.ResourceToSecurityDiagnostics
}

MatchProvider provides regular expressions and other facilities for locating secrets in source data and resources

func GetFinderForFileType ¶

func GetFinderForFileType(fileType string, rif util.RepositoryIndexedFile, options SecretSearchOptions) MatchProvider

GetFinderForFileType returns the appropriate MatchProvider based on the file type hint

func NewCPPSecretsFinders ¶

func NewCPPSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewCPPSecretsFinders is a `MatchProvider` for finding secrets in files with C++-like content

func NewConfigurationSecretsFinder ¶

func NewConfigurationSecretsFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewConfigurationSecretsFinder is a `MatchProvider` for finding secrets in configuration `.conf` files

func NewERubySecretsFinders ¶

func NewERubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewERubySecretsFinders is a `MatchProvider` for finding secrets in files with ERuby content

func NewJavaFinder ¶

func NewJavaFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewJavaFinder provides secret detection in Java-like programming languages

func NewRubySecretsFinders ¶

func NewRubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewRubySecretsFinders is a `MatchProvider` for finding secrets in files with Ruby content

func NewXMLSecretsFinders ¶

func NewXMLSecretsFinders(filePath string, options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewXMLSecretsFinders is a `MatchProvider` for finding secrets in files with XML content

func NewYamlSecretsFinders ¶

func NewYamlSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider

NewYamlSecretsFinders is a `MatchProvider` for finding secrets in files with YAML content

type RegexFinder ¶

type RegexFinder struct {
	diagnostics.DefaultSecurityDiagnosticsProvider
	// contains filtered or unexported fields
}

RegexFinder provides secret detection using regular expressions

func (*RegexFinder) Consume ¶

func (finder *RegexFinder) Consume(startIndex int64, source string)

Consume allows a source processor receive `source` data streamed in "chunks", with `startIndex` indicating the character location of the first character in the stream

func (*RegexFinder) End ¶

func (finder *RegexFinder) End()

End is used to signal to the consumer that the source stream has ended

func (RegexFinder) GetRegularExpressions ¶

func (finder RegexFinder) GetRegularExpressions() []*regexp.Regexp

GetRegularExpressions returns the underlying compiled regular expressions

func (*RegexFinder) SetLineKeeper ¶

func (finder *RegexFinder) SetLineKeeper(lk *util.LineKeeper)

SetLineKeeper allows this source consumer to keep track of `code.Position`

func (*RegexFinder) ShouldProvideSourceInDiagnostics ¶

func (finder *RegexFinder) ShouldProvideSourceInDiagnostics(provideSource bool)

ShouldProvideSourceInDiagnostics toggles whether source evidence should be provided with diagnostics, defaults to false

type SecretScanner ¶ added in v0.2.1

type SecretScanner struct {
	// contains filtered or unexported fields
}

func MakeSecretScanner ¶ added in v0.2.1

func MakeSecretScanner(config SecretSearchOptions) SecretScanner

func (SecretScanner) Scan ¶ added in v0.2.1

func (scanner SecretScanner) Scan(ctx context.Context, projectID string, scanID string, pm projects.ProjectManager, repoStatusChecker projects.RepositoryStatusChecker,
	progressCallback func(diagnostics.Progress), consumers ...diagnostics.SecurityDiagnosticsConsumer)

type SecretSearchOptions ¶ added in v0.0.9

type SecretSearchOptions struct {
	ShowSource            bool                          `json:"ShowSource" yaml:"ShowSource"`
	Exclusions            diagnostics.ExclusionProvider `json:"-" yaml:"-"`
	ConfidentialFilesOnly bool                          `json:"ConfidentialFilesOnly" yaml:"ConfidentialFilesOnly"`
	CalculateChecksum     bool                          `json:"CalculateChecksum" yaml:"CalculateChecksum"`
	Verbose               bool                          `json:"Verbose" yaml:"Verbose"`                   //Verbose logging of file paths about to be scanned
	ReportIgnored         bool                          `json:"ReportIgnored" yaml:"ReportIgnored"`       //if set, generate diagnostics for excluded files/paths and values
	ExcludeTestFiles      bool                          `json:"ExcludeTestFiles" yaml:"ExcludeTestFiles"` //if set, excludes suspected Test Files
}

SecretSearchOptions search options for the secret finder plugin

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL