Documentation
¶
Overview ¶
Package report generates various report formats for scan results. It supports industry-standard formats like SARIF for integration with security tools and IDEs, as well as custom formats for specific use cases.
Index ¶
- Constants
- func GetHTMLTemplate() (*template.Template, error)
- func GetTemplateFuncMap() template.FuncMap
- type CSVExporter
- type CSVExporterOption
- type CSVRecord
- type CSVSummaryExporter
- type ComplianceAction
- type ComplianceInfo
- type EnvironmentStats
- type ExportMetadata
- type FileStats
- type Finding
- type HTMLGenerator
- type HTMLTemplateData
- type IntegrationRecord
- type Manager
- type Mitigation
- type ReportFactory
- func (f *ReportFactory) CreateCSVExporter(opts ...CSVExporterOption) *SecureCSVExporter
- func (f *ReportFactory) CreateExporter(format string, opts ...interface{}) (interface{}, error)
- func (f *ReportFactory) CreateHTMLGenerator() *SecureHTMLGenerator
- func (f *ReportFactory) CreateSARIFExporter() *SecureSARIFExporter
- type RepositoryInfo
- type RiskAssessmentInfo
- type SARIFAnnotation
- type SARIFArtifactChange
- type SARIFArtifactLocation
- type SARIFCodeFlow
- type SARIFContent
- type SARIFExporter
- type SARIFFix
- type SARIFInvocation
- type SARIFLocation
- type SARIFLogicalLocation
- type SARIFMessage
- type SARIFMultiformatMessage
- type SARIFNotification
- type SARIFPhysicalLocation
- type SARIFRegion
- type SARIFReplacement
- type SARIFReport
- type SARIFReportingConfiguration
- type SARIFResult
- type SARIFRule
- type SARIFRun
- type SARIFStack
- type SARIFStackFrame
- type SARIFThreadFlow
- type SARIFThreadFlowLocation
- type SARIFTool
- type SARIFToolComponent
- type SARIFURIBaseID
- type ScanSummary
- type SecureCSVExporter
- type SecureHTMLGenerator
- type SecureSARIFExporter
- type SecurityConfig
- type SecurityLayer
- type Statistics
- type ValidationStats
Examples ¶
Constants ¶
View Source
const ( SARIFVersion = "2.1.0" SARIFSchema = "https://json.schemastore.org/sarif-2.1.0.json" )
SARIF version and schema constants
Variables ¶
This section is empty.
Functions ¶
func GetHTMLTemplate ¶
GetHTMLTemplate returns the parsed HTML template
func GetTemplateFuncMap ¶
GetTemplateFuncMap returns the template function map
Types ¶
type CSVExporter ¶
type CSVExporter struct {
// contains filtered or unexported fields
}
CSVExporter handles CSV report generation
func NewCSVExporter ¶
func NewCSVExporter(opts ...CSVExporterOption) *CSVExporter
NewCSVExporter creates a new CSV exporter with options
func (*CSVExporter) ConvertIntegrationRecord ¶
func (e *CSVExporter) ConvertIntegrationRecord(ir IntegrationRecord, metadata ExportMetadata) CSVRecord
ConvertIntegrationRecord converts an integrated record to CSV record
func (*CSVExporter) Export ¶
func (e *CSVExporter) Export(w io.Writer, records []CSVRecord) error
Export writes findings to CSV format
Example ¶
package main
import (
"bytes"
"fmt"
"time"
"github.com/MacAttak/pi-scanner/pkg/report"
)
func main() {
// Create sample records
records := []report.CSVRecord{
{
Timestamp: time.Date(2024, 1, 15, 14, 30, 0, 0, time.UTC),
Repository: "example-repo",
Branch: "main",
FilePath: "src/customer.go",
LineNumber: 42,
PIType: "TFN",
PITypeDisplay: "Tax File Number",
MaskedMatch: "123****89",
Validated: true,
ConfidenceScore: 0.95,
RiskLevel: "CRITICAL",
},
}
// Create exporter with masked values
exporter := report.NewCSVExporter(report.WithMaskedValues())
// Export to buffer
var buf bytes.Buffer
if err := exporter.Export(&buf, records); err != nil {
panic(err)
}
// Print first few lines
lines := bytes.Split(buf.Bytes(), []byte("\n"))
for i := 0; i < 2 && i < len(lines); i++ {
fmt.Println(string(lines[i]))
}
}
Output: Timestamp,Repository,Branch,File Path,Line,Column,PI Type,PI Type Display,Validated,Test Data,Confidence Score,Risk Level,Original Risk Level,LLM Validated,LLM Explanation,Risk Score,Masked Value,Impact Score,Likelihood Score,Exposure Score,Risk Category,Environment,APRA Relevant,Privacy Act Issue,Notifiable Breach 2024-01-15 14:30:00,example-repo,main,src/customer.go,42,0,TFN,Tax File Number,true,false,0.95,CRITICAL,,false,,0.00,123****89,0.00,0.00,0.00,,,false,false,false
func (*CSVExporter) ExportFindings ¶
func (e *CSVExporter) ExportFindings(w io.Writer, findings []detection.Finding, metadata ExportMetadata) error
ExportFindings converts findings to CSV records and exports them
Example ¶
package main
import (
"bytes"
"fmt"
"time"
"github.com/MacAttak/pi-scanner/pkg/detection"
"github.com/MacAttak/pi-scanner/pkg/report"
)
func main() {
// Create sample findings
findings := []detection.Finding{
{
Type: detection.PITypeTFN,
Match: "123-456-789",
File: "src/customer.go",
Line: 42,
Column: 10,
Validated: true,
},
}
// Create metadata
metadata := report.ExportMetadata{
ScanID: "scan-123",
Repository: "example-repo",
Branch: "main",
CommitHash: "abc123",
ScanDuration: 2 * time.Minute,
ToolVersion: "1.0.0",
Timestamp: time.Date(2024, 1, 15, 14, 30, 0, 0, time.UTC),
}
// Create exporter
exporter := report.NewCSVExporter(report.WithMaskedValues())
// Export findings
var buf bytes.Buffer
if err := exporter.ExportFindings(&buf, findings, metadata); err != nil {
panic(err)
}
fmt.Println("CSV export completed successfully")
}
Output: CSV export completed successfully
type CSVExporterOption ¶
type CSVExporterOption func(*CSVExporter)
CSVExporterOption configures the CSV exporter
func WithContext ¶
func WithContext() CSVExporterOption
WithContext includes code context in CSV export
func WithDateFormat ¶
func WithDateFormat(format string) CSVExporterOption
WithDateFormat sets custom date format
func WithMaskedValues ¶
func WithMaskedValues() CSVExporterOption
WithMaskedValues includes masked PI values in CSV export
func WithMetadata ¶
func WithMetadata() CSVExporterOption
WithMetadata includes additional metadata columns
type CSVRecord ¶
type CSVRecord struct {
// Core fields
Timestamp time.Time
Repository string
Branch string
CommitHash string
FilePath string
LineNumber int
ColumnNumber int
PIType string
PITypeDisplay string
Match string
MaskedMatch string
Validated bool
IsTestData bool
// Risk assessment
ConfidenceScore float64
RiskLevel string
RiskScore float64
ImpactScore float64
LikelihoodScore float64
ExposureScore float64
RiskCategory string
// LLM Validation
LLMValidated bool
LLMRiskLevel string
LLMExplanation string
OriginalRiskLevel string // To show the original risk before LLM adjustment
// Context
CodeContext string
ProximityContext string
Environment string
// Compliance
APRARelevant bool
PrivacyActIssue bool
NotifiableBreach bool
// Metadata
ScanID string
ScanDuration time.Duration
ToolVersion string
}
CSVRecord represents a single row in the CSV export
type CSVSummaryExporter ¶
type CSVSummaryExporter struct {
// contains filtered or unexported fields
}
CSVSummaryExporter exports summary statistics in CSV format
func NewCSVSummaryExporter ¶
func NewCSVSummaryExporter() *CSVSummaryExporter
NewCSVSummaryExporter creates a new summary exporter
func (*CSVSummaryExporter) ExportSummary ¶
func (e *CSVSummaryExporter) ExportSummary(w io.Writer, summary ScanSummary, metadata ExportMetadata) error
ExportSummary writes summary statistics to CSV
Example ¶
package main
import (
"bytes"
"fmt"
"time"
"github.com/MacAttak/pi-scanner/pkg/report"
)
func main() {
// Create summary data
summary := report.ScanSummary{
TotalFindings: 100,
CriticalCount: 10,
HighCount: 20,
MediumCount: 30,
LowCount: 40,
ValidatedCount: 60,
}
// Create metadata
metadata := report.ExportMetadata{
Repository: "example-repo",
Branch: "main",
Timestamp: time.Date(2024, 1, 15, 14, 30, 0, 0, time.UTC),
ScanDuration: 2 * time.Minute,
}
// Create summary exporter
exporter := report.NewCSVSummaryExporter()
// Export summary
var buf bytes.Buffer
if err := exporter.ExportSummary(&buf, summary, metadata); err != nil {
panic(err)
}
// Print first few lines
lines := bytes.Split(buf.Bytes(), []byte("\n"))
for i := 0; i < 4 && i < len(lines); i++ {
fmt.Println(string(lines[i]))
}
}
Output: Metric,Value,Percentage Repository,example-repo, Branch,main, Scan Date,2024-01-15 14:30:00,
type ComplianceAction ¶
type ComplianceAction struct {
Type string `json:"type"`
Description string `json:"description"`
Priority string `json:"priority"`
Deadline time.Time `json:"deadline"`
Regulation string `json:"regulation"`
}
ComplianceAction represents a required compliance action
type ComplianceInfo ¶
type ComplianceInfo struct {
APRACompliant bool `json:"apra_compliant"`
PrivacyActCompliant bool `json:"privacy_act_compliant"`
NotifiableBreaches int `json:"notifiable_breaches"`
RequiredNotifications []string `json:"required_notifications"`
ComplianceActions []ComplianceAction `json:"compliance_actions"`
}
ComplianceInfo contains regulatory compliance information
type EnvironmentStats ¶
type EnvironmentStats struct {
ProductionFindings int `json:"production_findings"`
TestFindings int `json:"test_findings"`
MockFindings int `json:"mock_findings"`
ConfigFindings int `json:"config_findings"`
}
EnvironmentStats contains environment-based statistics
type ExportMetadata ¶
type ExportMetadata struct {
ScanID string
Repository string
Branch string
CommitHash string
ScanDuration time.Duration
ToolVersion string
Timestamp time.Time
}
ExportMetadata contains scan metadata for the export
type FileStats ¶
type FileStats struct {
Path string `json:"path"`
FindingsCount int `json:"findings_count"`
RiskScore float64 `json:"risk_score"`
}
FileStats represents statistics for a single file
type Finding ¶
type Finding struct {
ID string `json:"id"`
Type string `json:"type"`
TypeDisplay string `json:"type_display"`
RiskLevel string `json:"risk_level"`
ConfidenceScore float64 `json:"confidence_score"`
File string `json:"file"`
Line int `json:"line"`
Column int `json:"column"`
Match string `json:"match"`
MaskedMatch string `json:"masked_match"`
Context string `json:"context"`
Validated bool `json:"validated"`
IsTestData bool `json:"is_test_data"`
RiskAssessment RiskAssessmentInfo `json:"risk_assessment"`
Mitigations []Mitigation `json:"mitigations"`
}
Finding represents a single PI detection finding
type HTMLGenerator ¶
type HTMLGenerator struct {
// contains filtered or unexported fields
}
HTMLGenerator generates HTML reports
func NewHTMLGenerator ¶
func NewHTMLGenerator() *HTMLGenerator
NewHTMLGenerator creates a new HTML generator
func (*HTMLGenerator) Generate ¶
func (g *HTMLGenerator) Generate(data *HTMLTemplateData) ([]byte, error)
Generate creates an HTML report from template data
func (*HTMLGenerator) GenerateJSON ¶
func (g *HTMLGenerator) GenerateJSON(data *HTMLTemplateData) ([]byte, error)
GenerateJSON generates the template data as JSON (for debugging)
type HTMLTemplateData ¶
type HTMLTemplateData struct {
// Report metadata
ReportID string `json:"report_id"`
GeneratedAt time.Time `json:"generated_at"`
ScanDuration string `json:"scan_duration"`
ToolVersion string `json:"tool_version"`
// Repository information
Repository RepositoryInfo `json:"repository"`
// Scan summary
Summary ScanSummary `json:"summary"`
// Findings by risk level
CriticalFindings []Finding `json:"critical_findings"`
HighFindings []Finding `json:"high_findings"`
MediumFindings []Finding `json:"medium_findings"`
LowFindings []Finding `json:"low_findings"`
// Statistics and charts data
Statistics Statistics `json:"statistics"`
// Compliance information
Compliance ComplianceInfo `json:"compliance"`
}
HTMLTemplateData represents the data structure for HTML report generation
type IntegrationRecord ¶
type IntegrationRecord struct {
Finding detection.Finding
ConfidenceScore float64
RiskAssessment *scoring.RiskAssessment
Environment string
ProximityInfo string
}
IntegrationRecord represents a record with full scoring integration
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles report directory creation and management
func (*Manager) CreateReportDirectory ¶
CreateReportDirectory creates a structured directory for scan reports
func (*Manager) GetPhase1Path ¶
GetPhase1Path returns the path for phase 1 pattern scan results
func (*Manager) GetPhase2Path ¶
GetPhase2Path returns the path for phase 2 LLM validated results
func (*Manager) GetSummaryPath ¶
GetSummaryPath returns the path for the summary file
func (*Manager) ListReports ¶
ListReports lists all report directories
type Mitigation ¶
type Mitigation struct {
Title string `json:"title"`
Description string `json:"description"`
Priority string `json:"priority"`
Effort string `json:"effort"`
Timeline string `json:"timeline"`
}
Mitigation represents a recommended mitigation action
type ReportFactory ¶
type ReportFactory struct {
// contains filtered or unexported fields
}
ReportFactory creates secure report generators
func NewReportFactory ¶
func NewReportFactory(outputManager *output.Manager, config *SecurityConfig) *ReportFactory
NewReportFactory creates a new report factory
func (*ReportFactory) CreateCSVExporter ¶
func (f *ReportFactory) CreateCSVExporter(opts ...CSVExporterOption) *SecureCSVExporter
CreateCSVExporter creates a secure CSV exporter
func (*ReportFactory) CreateExporter ¶
func (f *ReportFactory) CreateExporter(format string, opts ...interface{}) (interface{}, error)
CreateExporter creates an exporter for the specified format
func (*ReportFactory) CreateHTMLGenerator ¶
func (f *ReportFactory) CreateHTMLGenerator() *SecureHTMLGenerator
CreateHTMLGenerator creates a secure HTML generator
func (*ReportFactory) CreateSARIFExporter ¶
func (f *ReportFactory) CreateSARIFExporter() *SecureSARIFExporter
CreateSARIFExporter creates a secure SARIF exporter
type RepositoryInfo ¶
type RepositoryInfo struct {
Name string `json:"name"`
URL string `json:"url"`
Branch string `json:"branch"`
CommitHash string `json:"commit_hash"`
LastCommitDate time.Time `json:"last_commit_date"`
FilesScanned int `json:"files_scanned"`
LinesScanned int `json:"lines_scanned"`
}
RepositoryInfo contains repository details
type RiskAssessmentInfo ¶
type RiskAssessmentInfo struct {
OverallRisk float64 `json:"overall_risk"`
ImpactScore float64 `json:"impact_score"`
LikelihoodScore float64 `json:"likelihood_score"`
ExposureScore float64 `json:"exposure_score"`
RiskCategory string `json:"risk_category"`
Factors []string `json:"factors"`
}
RiskAssessmentInfo contains risk scoring details
type SARIFAnnotation ¶
type SARIFAnnotation struct {
Location SARIFLocation `json:"location"`
Message SARIFMessage `json:"message"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFAnnotation represents an annotation
type SARIFArtifactChange ¶
type SARIFArtifactChange struct {
ArtifactLocation SARIFArtifactLocation `json:"artifactLocation"`
Replacements []SARIFReplacement `json:"replacements"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFArtifactChange represents a change to an artifact
type SARIFArtifactLocation ¶
type SARIFArtifactLocation struct {
URI string `json:"uri"`
URIBaseID string `json:"uriBaseId,omitempty"`
Index int `json:"index,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFArtifactLocation represents a file location
type SARIFCodeFlow ¶
type SARIFCodeFlow struct {
ThreadFlows []SARIFThreadFlow `json:"threadFlows"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFCodeFlow represents code flow
type SARIFContent ¶
type SARIFContent struct {
Text string `json:"text,omitempty"`
Binary string `json:"binary,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFContent represents code content
type SARIFExporter ¶
type SARIFExporter struct {
// contains filtered or unexported fields
}
SARIFExporter handles SARIF report generation
func NewSARIFExporter ¶
func NewSARIFExporter(toolName, toolVersion, infoURI string) *SARIFExporter
NewSARIFExporter creates a new SARIF exporter
func (*SARIFExporter) Export ¶
func (e *SARIFExporter) Export(w io.Writer, findings []detection.Finding, metadata ExportMetadata) error
Export writes findings to SARIF format
Example ¶
Example usage test
findings := []detection.Finding{
{
Type: detection.PITypeTFN,
Match: "123-456-789",
File: "src/customer.go",
Line: 42,
Column: 10,
Validated: true,
},
}
metadata := ExportMetadata{
ScanID: "example-scan",
Repository: "example-repo",
Branch: "main",
ToolVersion: "1.0.0",
Timestamp: time.Now(),
ScanDuration: 30 * time.Second,
}
exporter := NewSARIFExporter("PI Scanner", "1.0.0", "https://github.com/MacAttak/pi-scanner")
var buf bytes.Buffer
if err := exporter.Export(&buf, findings, metadata); err != nil {
panic(err)
}
// Check if output contains SARIF version
output := buf.String()
if strings.Contains(output, `"version": "2.1.0"`) {
fmt.Println("SARIF report generated successfully")
}
Output: SARIF report generated successfully
func (*SARIFExporter) ExportWithRiskAssessment ¶
func (e *SARIFExporter) ExportWithRiskAssessment(w io.Writer, findings []IntegrationRecord, metadata ExportMetadata) error
ExportWithRiskAssessment exports findings with risk assessment data
func (*SARIFExporter) SetBaseURI ¶
func (e *SARIFExporter) SetBaseURI(baseURI string)
SetBaseURI sets the base URI for relative paths
type SARIFFix ¶
type SARIFFix struct {
Description SARIFMessage `json:"description,omitempty"`
ArtifactChanges []SARIFArtifactChange `json:"artifactChanges"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFFix represents a proposed fix
type SARIFInvocation ¶
type SARIFInvocation struct {
CommandLine string `json:"commandLine,omitempty"`
Arguments []string `json:"arguments,omitempty"`
ResponseFiles []SARIFArtifactLocation `json:"responseFiles,omitempty"`
StartTimeUTC string `json:"startTimeUtc,omitempty"`
EndTimeUTC string `json:"endTimeUtc,omitempty"`
ExecutionSuccessful bool `json:"executionSuccessful"`
ExitCode int `json:"exitCode,omitempty"`
WorkingDirectory SARIFArtifactLocation `json:"workingDirectory,omitempty"`
EnvironmentVariables map[string]string `json:"environmentVariables,omitempty"`
Account string `json:"account,omitempty"`
ProcessID int `json:"processId,omitempty"`
ExecutableLocation SARIFArtifactLocation `json:"executableLocation,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFInvocation represents tool invocation details
type SARIFLocation ¶
type SARIFLocation struct {
PhysicalLocation SARIFPhysicalLocation `json:"physicalLocation,omitempty"`
LogicalLocation SARIFLogicalLocation `json:"logicalLocation,omitempty"`
Message *SARIFMessage `json:"message,omitempty"`
Annotations []SARIFAnnotation `json:"annotations,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFLocation represents a location in code
type SARIFLogicalLocation ¶
type SARIFLogicalLocation struct {
Name string `json:"name,omitempty"`
Index int `json:"index,omitempty"`
FullyQualifiedName string `json:"fullyQualifiedName,omitempty"`
DecoratedName string `json:"decoratedName,omitempty"`
ParentIndex int `json:"parentIndex,omitempty"`
Kind string `json:"kind,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFLogicalLocation represents a logical location
type SARIFMessage ¶
type SARIFMessage struct {
Text string `json:"text,omitempty"`
Markdown string `json:"markdown,omitempty"`
ID string `json:"id,omitempty"`
Arguments []string `json:"arguments,omitempty"`
}
SARIFMessage contains the result message
type SARIFMultiformatMessage ¶
type SARIFMultiformatMessage struct {
Text string `json:"text"`
Markdown string `json:"markdown,omitempty"`
}
SARIFMultiformatMessage contains text in multiple formats
type SARIFNotification ¶
type SARIFNotification struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
ShortDescription SARIFMultiformatMessage `json:"shortDescription,omitempty"`
FullDescription SARIFMultiformatMessage `json:"fullDescription,omitempty"`
Help SARIFMultiformatMessage `json:"help,omitempty"`
DefaultConfiguration SARIFReportingConfiguration `json:"defaultConfiguration,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFNotification represents a notification
type SARIFPhysicalLocation ¶
type SARIFPhysicalLocation struct {
ArtifactLocation SARIFArtifactLocation `json:"artifactLocation"`
Region SARIFRegion `json:"region,omitempty"`
ContextRegion SARIFRegion `json:"contextRegion,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFPhysicalLocation represents a physical location in a file
type SARIFRegion ¶
type SARIFRegion struct {
StartLine int `json:"startLine,omitempty"`
StartColumn int `json:"startColumn,omitempty"`
EndLine int `json:"endLine,omitempty"`
EndColumn int `json:"endColumn,omitempty"`
CharOffset int `json:"charOffset,omitempty"`
CharLength int `json:"charLength,omitempty"`
Snippet *SARIFContent `json:"snippet,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFRegion represents a region in a file
type SARIFReplacement ¶
type SARIFReplacement struct {
DeletedRegion SARIFRegion `json:"deletedRegion"`
InsertedContent *SARIFContent `json:"insertedContent,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFReplacement represents a replacement
type SARIFReport ¶
type SARIFReport struct {
Version string `json:"version"`
Schema string `json:"$schema"`
Runs []SARIFRun `json:"runs"`
}
SARIFReport represents the top-level SARIF log
type SARIFReportingConfiguration ¶
type SARIFReportingConfiguration struct {
Enabled bool `json:"enabled"`
Level string `json:"level,omitempty"`
Rank float64 `json:"rank,omitempty"`
}
SARIFReportingConfiguration contains rule configuration
type SARIFResult ¶
type SARIFResult struct {
RuleID string `json:"ruleId"`
RuleIndex int `json:"ruleIndex,omitempty"`
Level string `json:"level,omitempty"`
Message SARIFMessage `json:"message"`
Locations []SARIFLocation `json:"locations"`
PartialFingerprints map[string]string `json:"partialFingerprints,omitempty"`
Fingerprints map[string]string `json:"fingerprints,omitempty"`
CodeFlows []SARIFCodeFlow `json:"codeFlows,omitempty"`
Fixes []SARIFFix `json:"fixes,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
Rank float64 `json:"rank,omitempty"`
}
SARIFResult represents a single finding
type SARIFRule ¶
type SARIFRule struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
ShortDescription SARIFMultiformatMessage `json:"shortDescription,omitempty"`
FullDescription SARIFMultiformatMessage `json:"fullDescription,omitempty"`
Help SARIFMultiformatMessage `json:"help,omitempty"`
DefaultConfiguration SARIFReportingConfiguration `json:"defaultConfiguration,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFRule represents a static analysis rule
type SARIFRun ¶
type SARIFRun struct {
Tool SARIFTool `json:"tool"`
Results []SARIFResult `json:"results"`
ArtifactLocations []SARIFArtifactLocation `json:"artifacts,omitempty"`
LogicalLocations []SARIFLogicalLocation `json:"logicalLocations,omitempty"`
Invocations []SARIFInvocation `json:"invocations,omitempty"`
OriginalURIBaseIDs map[string]SARIFURIBaseID `json:"originalUriBaseIds,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFRun represents a single run of the analysis tool
type SARIFStack ¶
type SARIFStack struct {
Message *SARIFMessage `json:"message,omitempty"`
Frames []SARIFStackFrame `json:"frames"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFStack represents a call stack
type SARIFStackFrame ¶
type SARIFStackFrame struct {
Location SARIFLocation `json:"location,omitempty"`
Module string `json:"module,omitempty"`
ThreadID int `json:"threadId,omitempty"`
Parameters []string `json:"parameters,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFStackFrame represents a stack frame
type SARIFThreadFlow ¶
type SARIFThreadFlow struct {
ID string `json:"id,omitempty"`
Message *SARIFMessage `json:"message,omitempty"`
Locations []SARIFThreadFlowLocation `json:"locations"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFThreadFlow represents thread flow
type SARIFThreadFlowLocation ¶
type SARIFThreadFlowLocation struct {
Location SARIFLocation `json:"location,omitempty"`
Stack *SARIFStack `json:"stack,omitempty"`
Kinds []string `json:"kinds,omitempty"`
Taxa []string `json:"taxa,omitempty"`
Module string `json:"module,omitempty"`
State map[string]interface{} `json:"state,omitempty"`
NestingLevel int `json:"nestingLevel,omitempty"`
ExecutionOrder int `json:"executionOrder,omitempty"`
ExecutionTimeUTC string `json:"executionTimeUtc,omitempty"`
Importance string `json:"importance,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFThreadFlowLocation represents a location in thread flow
type SARIFTool ¶
type SARIFTool struct {
Driver SARIFToolComponent `json:"driver"`
}
SARIFTool describes the analysis tool
type SARIFToolComponent ¶
type SARIFToolComponent struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
InformationURI string `json:"informationUri,omitempty"`
Rules []SARIFRule `json:"rules,omitempty"`
Notifications []SARIFNotification `json:"notifications,omitempty"`
SemanticVersion string `json:"semanticVersion,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFToolComponent contains tool details
type SARIFURIBaseID ¶
type SARIFURIBaseID struct {
URI string `json:"uri"`
Description SARIFMultiformatMessage `json:"description,omitempty"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
SARIFURIBaseID represents a URI base identifier
type ScanSummary ¶
type ScanSummary struct {
TotalFindings int `json:"total_findings"`
CriticalCount int `json:"critical_count"`
HighCount int `json:"high_count"`
MediumCount int `json:"medium_count"`
LowCount int `json:"low_count"`
UniqueTypes []string `json:"unique_types"`
TopRisks []string `json:"top_risks"`
TestDataCount int `json:"test_data_count"`
ValidatedCount int `json:"validated_count"`
}
ScanSummary provides high-level scan results
type SecureCSVExporter ¶
type SecureCSVExporter struct {
*CSVExporter
// contains filtered or unexported fields
}
SecureCSVExporter wraps CSV export with security controls
func (*SecureCSVExporter) ExportFindings ¶
func (e *SecureCSVExporter) ExportFindings(w io.Writer, findings []detection.Finding, metadata ExportMetadata) error
ExportFindings exports findings with security controls
type SecureHTMLGenerator ¶
type SecureHTMLGenerator struct {
// contains filtered or unexported fields
}
SecureHTMLGenerator wraps HTML generation with security controls
func (*SecureHTMLGenerator) GenerateReport ¶
func (g *SecureHTMLGenerator) GenerateReport(findings []detection.Finding, metadata ExportMetadata) ([]byte, error)
GenerateReport generates an HTML report with security controls
type SecureSARIFExporter ¶
type SecureSARIFExporter struct {
*SARIFExporter
// contains filtered or unexported fields
}
SecureSARIFExporter wraps SARIF export with security controls
func (*SecureSARIFExporter) Export ¶
func (e *SecureSARIFExporter) Export(w io.Writer, findings []detection.Finding, metadata ExportMetadata) error
Export generates a SARIF report with security controls
type SecurityConfig ¶
type SecurityConfig struct {
// EnforceMasking ensures all reports use the configured masking level
EnforceMasking bool
// ValidateBeforeOutput checks output for unmasked PI
ValidateBeforeOutput bool
// PreventDirectOutput prevents bypassing the security layer
PreventDirectOutput bool
// LogAllOperations logs all report generation
LogAllOperations bool
// RequireAuthentication requires auth for sensitive operations
RequireAuthentication bool
}
SecurityConfig configures the security layer
func DefaultSecurityConfig ¶
func DefaultSecurityConfig() *SecurityConfig
DefaultSecurityConfig returns secure defaults
type SecurityLayer ¶
type SecurityLayer struct {
// contains filtered or unexported fields
}
SecurityLayer provides security controls for report generation
func NewSecurityLayer ¶
func NewSecurityLayer(outputManager *output.Manager, config *SecurityConfig, logger *slog.Logger) *SecurityLayer
NewSecurityLayer creates a new security layer
func (*SecurityLayer) NewSecureCSVExporter ¶
func (s *SecurityLayer) NewSecureCSVExporter(opts ...CSVExporterOption) *SecureCSVExporter
NewSecureCSVExporter creates a secure CSV exporter
func (*SecurityLayer) NewSecureHTMLGenerator ¶
func (s *SecurityLayer) NewSecureHTMLGenerator() *SecureHTMLGenerator
NewSecureHTMLGenerator creates a secure HTML generator
func (*SecurityLayer) NewSecureSARIFExporter ¶
func (s *SecurityLayer) NewSecureSARIFExporter() *SecureSARIFExporter
NewSecureSARIFExporter creates a secure SARIF exporter
type Statistics ¶
type Statistics struct {
// PI type distribution
TypeDistribution map[string]int `json:"type_distribution"`
// Risk level distribution
RiskDistribution map[string]int `json:"risk_distribution"`
// File type distribution
FileTypeDistribution map[string]int `json:"file_type_distribution"`
// Top affected files
TopAffectedFiles []FileStats `json:"top_affected_files"`
// Validation statistics
ValidationStats ValidationStats `json:"validation_stats"`
// Environment statistics
EnvironmentStats EnvironmentStats `json:"environment_stats"`
}
Statistics contains scan statistics
Source Files
Click to show internal directories.
Click to hide internal directories.