Documentation ¶
Index ¶
- Variables
- func FindSecret(rif util.RepositoryIndexedFile, source io.Reader, matcher MatchProvider, ...) chan *diagnostics.SecurityDiagnostic
- func MakeCommonExclusions() diagnostics.ExcludeDefinition
- func MergeExclusions(defs ...diagnostics.ExcludeDefinition) (excl diagnostics.ExcludeDefinition)
- func SearchSecretsOnPaths(paths []string, options SecretSearchOptions) (chan *diagnostics.SecurityDiagnostic, chan []util.RepositoryIndexedFile)
- type MatchProvider
- func GetFinderForFileType(fileType string, rif util.RepositoryIndexedFile, options SecretSearchOptions) MatchProvider
- func NewCPPSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewConfigurationSecretsFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewERubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewJavaFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewRubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewXMLSecretsFinders(filePath string, options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- func NewYamlSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
- type RegexFinder
- func (finder *RegexFinder) Consume(startIndex int64, source string)
- func (finder *RegexFinder) End()
- func (finder RegexFinder) GetRegularExpressions() []*regexp.Regexp
- func (finder *RegexFinder) SetLineKeeper(lk *util.LineKeeper)
- func (finder *RegexFinder) ShouldProvideSourceInDiagnostics(provideSource bool)
- type SecretScanner
- type SecretSearchOptions
Constants ¶
This section is empty.
Variables ¶
var (
TenMB = int64(1024 * 1000 * 10) // 10Mb
)
Functions ¶
func FindSecret ¶
func FindSecret(rif util.RepositoryIndexedFile, source io.Reader, matcher MatchProvider, shouldProvideSourceInDiagnostics bool) chan *diagnostics.SecurityDiagnostic
FindSecret locates secrets contained in a source that implements `io.Reader` interface using a `MatchProvider`
func MakeCommonExclusions ¶ added in v0.2.0
func MakeCommonExclusions() diagnostics.ExcludeDefinition
MakeCommonExclusions creates an ExcludeDefinition that contains common patterns of files that do not contain secrets
func MergeExclusions ¶ added in v0.3.0
func MergeExclusions(defs ...diagnostics.ExcludeDefinition) (excl diagnostics.ExcludeDefinition)
func SearchSecretsOnPaths ¶
func SearchSecretsOnPaths(paths []string, options SecretSearchOptions) (chan *diagnostics.SecurityDiagnostic, chan []util.RepositoryIndexedFile)
SearchSecretsOnPaths searches for secrets on indicated paths (may include local paths and git repositories) Streams back security diagnostics and paths
Types ¶
type MatchProvider ¶
type MatchProvider interface { // common.exclusionProvider GetFinders() []common.ResourceToSecurityDiagnostics }
MatchProvider provides regular expressions and other facilities for locating secrets in source data and resources
func GetFinderForFileType ¶
func GetFinderForFileType(fileType string, rif util.RepositoryIndexedFile, options SecretSearchOptions) MatchProvider
GetFinderForFileType returns the appropriate MatchProvider based on the file type hint
func NewCPPSecretsFinders ¶
func NewCPPSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewCPPSecretsFinders is a `MatchProvider` for finding secrets in files with C++-like content
func NewConfigurationSecretsFinder ¶
func NewConfigurationSecretsFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewConfigurationSecretsFinder is a `MatchProvider` for finding secrets in configuration `.conf` files
func NewERubySecretsFinders ¶
func NewERubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewERubySecretsFinders is a `MatchProvider` for finding secrets in files with ERuby content
func NewJavaFinder ¶
func NewJavaFinder(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewJavaFinder provides secret detection in Java-like programming languages
func NewRubySecretsFinders ¶
func NewRubySecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewRubySecretsFinders is a `MatchProvider` for finding secrets in files with Ruby content
func NewXMLSecretsFinders ¶
func NewXMLSecretsFinders(filePath string, options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewXMLSecretsFinders is a `MatchProvider` for finding secrets in files with XML content
func NewYamlSecretsFinders ¶
func NewYamlSecretsFinders(options SecretSearchOptions, rif util.RepositoryIndexedFile) MatchProvider
NewYamlSecretsFinders is a `MatchProvider` for finding secrets in files with YAML content
type RegexFinder ¶
type RegexFinder struct { diagnostics.DefaultSecurityDiagnosticsProvider // contains filtered or unexported fields }
RegexFinder provides secret detection using regular expressions
func (*RegexFinder) Consume ¶
func (finder *RegexFinder) Consume(startIndex int64, source string)
Consume allows a source processor receive `source` data streamed in "chunks", with `startIndex` indicating the character location of the first character in the stream
func (*RegexFinder) End ¶
func (finder *RegexFinder) End()
End is used to signal to the consumer that the source stream has ended
func (RegexFinder) GetRegularExpressions ¶
func (finder RegexFinder) GetRegularExpressions() []*regexp.Regexp
GetRegularExpressions returns the underlying compiled regular expressions
func (*RegexFinder) SetLineKeeper ¶
func (finder *RegexFinder) SetLineKeeper(lk *util.LineKeeper)
SetLineKeeper allows this source consumer to keep track of `code.Position`
func (*RegexFinder) ShouldProvideSourceInDiagnostics ¶
func (finder *RegexFinder) ShouldProvideSourceInDiagnostics(provideSource bool)
ShouldProvideSourceInDiagnostics toggles whether source evidence should be provided with diagnostics, defaults to false
type SecretScanner ¶ added in v0.2.1
type SecretScanner struct {
// contains filtered or unexported fields
}
func MakeSecretScanner ¶ added in v0.2.1
func MakeSecretScanner(config SecretSearchOptions) SecretScanner
func (SecretScanner) Scan ¶ added in v0.2.1
func (scanner SecretScanner) Scan(ctx context.Context, projectID string, scanID string, pm projects.ProjectManager, repoStatusChecker projects.RepositoryStatusChecker, progressCallback func(diagnostics.Progress), consumers ...diagnostics.SecurityDiagnosticsConsumer)
type SecretSearchOptions ¶ added in v0.0.9
type SecretSearchOptions struct { ShowSource bool `json:"ShowSource" yaml:"ShowSource"` Exclusions diagnostics.ExclusionProvider `json:"-" yaml:"-"` ConfidentialFilesOnly bool `json:"ConfidentialFilesOnly" yaml:"ConfidentialFilesOnly"` CalculateChecksum bool `json:"CalculateChecksum" yaml:"CalculateChecksum"` Verbose bool `json:"Verbose" yaml:"Verbose"` //Verbose logging of file paths about to be scanned ReportIgnored bool `json:"ReportIgnored" yaml:"ReportIgnored"` //if set, generate diagnostics for excluded files/paths and values ExcludeTestFiles bool `json:"ExcludeTestFiles" yaml:"ExcludeTestFiles"` //if set, excludes suspected Test Files }
SecretSearchOptions search options for the secret finder plugin