Documentation
¶
Overview ¶
Package output manages the presentation and formatting of scan results. It supports multiple output formats including JSON, YAML, SARIF, and human-readable formats with proper filtering and organization of findings.
Index ¶
- func DefaultMaskPatterns() map[detection.PIType]MaskPattern
- func MaskSensitiveData(value string, piType string) string
- type AuditLogger
- func (a *AuditLogger) Close() error
- func (a *AuditLogger) LogConfigChange(setting, oldValue, newValue string)
- func (a *AuditLogger) LogOutputGeneration(format string, findingCount int, maskingLevel MaskingLevel)
- func (a *AuditLogger) LogOutputOperation(operation string, findingCount int, maskingLevel MaskingLevel)
- type Config
- type LogSanitizer
- type Manager
- func (m *Manager) Close() error
- func (m *Manager) GetSafeLogger() *slog.Logger
- func (m *Manager) PrepareFindings(findings []detection.Finding) []detection.Finding
- func (m *Manager) SetMaskingLevel(level MaskingLevel) error
- func (m *Manager) ValidateOutput(output []byte, findings []detection.Finding) error
- func (m *Manager) WriteJSON(w io.Writer, result *detection.ScanResult) error
- type MaskPattern
- type Masker
- type MaskingLevel
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultMaskPatterns ¶
func DefaultMaskPatterns() map[detection.PIType]MaskPattern
DefaultMaskPatterns returns the default masking patterns for each PI type
func MaskSensitiveData ¶
MaskSensitiveData is a compatibility function that uses partial masking This maintains backward compatibility with existing code
Types ¶
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
AuditLogger handles audit logging for output operations
func NewAuditLogger ¶
func NewAuditLogger(path string) (*AuditLogger, error)
NewAuditLogger creates a new audit logger
func (*AuditLogger) LogConfigChange ¶
func (a *AuditLogger) LogConfigChange(setting, oldValue, newValue string)
LogConfigChange logs configuration changes
func (*AuditLogger) LogOutputGeneration ¶
func (a *AuditLogger) LogOutputGeneration(format string, findingCount int, maskingLevel MaskingLevel)
LogOutputGeneration logs output file generation
func (*AuditLogger) LogOutputOperation ¶
func (a *AuditLogger) LogOutputOperation(operation string, findingCount int, maskingLevel MaskingLevel)
LogOutputOperation logs an output operation
type Config ¶
type Config struct {
// MaskingLevel controls how PI is masked in outputs
MaskingLevel MaskingLevel
// RequireExplicitUnmasked requires a flag to output unmasked data
RequireExplicitUnmasked bool
// EnableAuditLogging logs all output operations
EnableAuditLogging bool
// AuditLogPath is the path for audit logs
AuditLogPath string
// SanitizeLogs ensures PI doesn't appear in application logs
SanitizeLogs bool
// AllowedOutputFormats restricts which formats can be used
AllowedOutputFormats []string
// WarnOnInsecureConfig warns when using insecure settings
WarnOnInsecureConfig bool
}
Config configures the output manager
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns secure default configuration
type LogSanitizer ¶
type LogSanitizer struct {
// contains filtered or unexported fields
}
LogSanitizer removes PI from log messages
func NewLogSanitizer ¶
func NewLogSanitizer() *LogSanitizer
NewLogSanitizer creates a new log sanitizer
func (*LogSanitizer) AddPattern ¶
func (s *LogSanitizer) AddPattern(name string, pattern *regexp.Regexp)
AddPattern adds a pattern to sanitize
func (*LogSanitizer) Sanitize ¶
func (s *LogSanitizer) Sanitize(input string) string
Sanitize removes sensitive patterns from a string
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles secure output generation with automatic masking
func NewManager ¶
NewManager creates a new output manager
func (*Manager) GetSafeLogger ¶
GetSafeLogger returns a logger that sanitizes PI from logs
func (*Manager) PrepareFindings ¶
PrepareFindings prepares findings for output with appropriate masking
func (*Manager) SetMaskingLevel ¶
func (m *Manager) SetMaskingLevel(level MaskingLevel) error
SetMaskingLevel changes the masking level (with audit logging)
func (*Manager) ValidateOutput ¶
ValidateOutput checks that output doesn't contain unmasked PI
type MaskPattern ¶
type MaskPattern struct {
ShowPrefix int // Number of characters to show at start
ShowSuffix int // Number of characters to show at end
MaskChar string // Character to use for masking
PreserveChars string // Characters to preserve (e.g., "@" in emails)
}
MaskPattern defines how to mask a specific PI type
type Masker ¶
type Masker struct {
// contains filtered or unexported fields
}
Masker handles masking of sensitive data
func NewMasker ¶
func NewMasker(level MaskingLevel) *Masker
NewMasker creates a new masker with the specified level
func (*Masker) MaskFinding ¶
MaskFinding masks the sensitive data in a finding
func (*Masker) SetLevel ¶
func (m *Masker) SetLevel(level MaskingLevel)
SetLevel changes the masking level
func (*Masker) SetPattern ¶
func (m *Masker) SetPattern(piType detection.PIType, pattern MaskPattern)
SetPattern sets a custom masking pattern for a specific PI type
type MaskingLevel ¶
type MaskingLevel string
MaskingLevel represents the level of masking to apply
const ( // MaskingLevelFull completely redacts the value MaskingLevelFull MaskingLevel = "FULL" // MaskingLevelPartial shows some characters for verification MaskingLevelPartial MaskingLevel = "PARTIAL" // MaskingLevelNone shows the complete value (use with caution) MaskingLevelNone MaskingLevel = "NONE" )
func ValidateMaskingLevel ¶
func ValidateMaskingLevel(level string) (MaskingLevel, error)
ValidateMaskingLevel validates that a masking level is valid
Source Files