lib

package
v0.0.0-...-f9689f5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2026 License: MIT Imports: 27 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CustomConfig = config.Config{
	BlockStartString:    "{%",
	BlockEndString:      "%}",
	VariableStartString: "{{",
	VariableEndString:   "}}",
	CommentStartString:  "{#",
	CommentEndString:    "#}",
	AutoEscape:          false,
	StrictUndefined:     false,
	TrimBlocks:          true,
	LeftStripBlocks:     true,
}
View Source 
var MaskCredentialPattern *regexp.Regexp = regexp.MustCompile(`(?i)(password|token|pass|passkey|secret|secret_key|access_key|PAT)([:=]{1,1})[\s]*[^\s]+`)

MaskCredential RegexPattern

Functions

func CalculateEntropy 

func CalculateEntropy(password string) float64

CalculateEntropy calculates the Shannon entropy in bits.

func ContainsDictionaryWord 

func ContainsDictionaryWord(s string, dictionary map[string]struct{}) bool

Function to check if a string contains any dictionary words using a map

func CustomEnvironment 

func CustomEnvironment() *exec.Environment

func ExpandLayers 

func ExpandLayers(layers map[string][]string) []map[string]any

func FlattenAllVars 

func FlattenAllVars(data map[string]any) (map[string]any, error)

FlattenAllVars flattens all variables in the data map

func FlattenVar 

func FlattenVar(key string, data map[string]any, visited map[string]any) (any, error)

FlattenVar recursively resolves all template variables in a string until no more {{ }} patterns remain visited map has key "cached" -> map[string]any that use to cache between recursion and "visited" -> bool to mark key visited or not, this will be deleted after the recursion complete

func GenerateIniFromConfig 

func GenerateIniFromConfig(cfg *GeneratorConfig) string

func GoTemplate 

func GoTemplate(s *u.SshExec, src, dest string, data map[string]any, mode os.FileMode) (err error)

Take local jinja2 template file, template it and copy to remote hosts

func HelmChartValidation 

func HelmChartValidation(chartPath string, valuesFile []string) bool

Validate helm template. Pretty simple for now, not assess the set new var directive or include directive or long access var within range etc. `trivy` and `helm lint` with k8s validation should cover that job This only deals with when var is not defined, helm content rendered as empty string. `helm lint` wont give you error for that. Walk through the template, search for all string pattern with {{ .Values.<XXX> }} - then extract the var name. Load the helm values files into map, merge them and check the var name (or path access) in there. If not print outout error If there is helm template `if` statement to test the value then do not fail If there is a helm `default` function of filter to test the value and set the default value then do not fail

func IncludeVars 

func IncludeVars(filename string) map[string]interface{}

Validate a yaml file and load it into a map

func IniGetVal 

func IniGetVal(inifilepath, section, option string) string

func IniSetVal 

func IniSetVal(inifilepath, section, option, value string) error

func IsLikelyPasswordOrToken 

func IsLikelyPasswordOrToken[W string | map[string]struct{}](value, check_mode string, words_source W, word_len int, entropy_threshold float64) bool

Heuristic detect if the values is likely a real password etc possible values for check_mode: letter, digit, letter+digit, letter+digit+word if any other values it will be the same effect as letter+digit+word+special if you provide `letter` means the function will detect letter(s) in the value AND as long as it is greater than the entropy_threshold level it will return true Same `letter+digit` - the value must contain at least letter and digit so on word means if the value is an english word it return false (not 100% if entropy is high it might return true) The word check requires `words_file_path` to be set to a path of the words file; if the value is empty string then it have the default value is "words.txt". You need to be sure to create the file yourself. Link to download https://github.com/dwyl/english-words/blob/master/words.txt These rules to reduce the false positive detection as people might put there as an example of password rather then real password, we only want to spot out real password.

func LoadWordDictionary 

func LoadWordDictionary(filename string, word_len int) (map[string]struct{}, error)

Load dictionary words from a file and return a map for faster lookups

func MaskCredential 

func MaskCredential(inputstr string) string

Mask all credentials pattern

func MaskCredentialByte 

func MaskCredentialByte(inputbytes []byte) string

Mask all credentials pattern

func ParseInventoryGenerator 

func ParseInventoryGenerator(inventoryFile string) *aini.InventoryData

func TemplateDirTree 

func TemplateDirTree(srcDirpath, targetRoot string, tmplData map[string]interface{}) error

TemplateDirTree read all templates files in the src directory and template to the target directory keeping the directory structure the same as source. Src and Target Path should be absolute path. They should not overlap to avoid recursive loop

func TemplateFile 

func TemplateFile(src, dest string, data map[string]interface{}, fileMode os.FileMode)

Template a file using template string and convert windows new line to unix. This is work around the gonja2 windows new line problem

func TemplateFileOld 

func TemplateFileOld(src, dest string, data map[string]interface{}, fileMode os.FileMode)

One day if the upstream lib fixed we can restore this func

func TemplateFromStringWithConfig 

func TemplateFromStringWithConfig(source string, config *config.Config) (*exec.Template, error)

func TemplateString 

func TemplateString(srcString string, data map[string]interface{}) string

func ValidateYamlDir 

func ValidateYamlDir(yaml_dir string, yamlobj *map[string]interface{}) bool

Validate directory containing yaml files. Optionally return the unmarshalled object if you pass yamlobj not nil

func ValidateYamlFile 

func ValidateYamlFile(yaml_file string, yamlobj *map[string]interface{}) map[string]interface{}

Validate yaml files. Optionally return the unmarshalled object if you pass yamlobj not nil

Types

type GeneratorConfig 

type GeneratorConfig struct {
	Plugin string              `yaml:"plugin"`
	Hosts  HostConfig          `yaml:"hosts"`
	Layers map[string][]string `yaml:"layers"`
}

type Group 

type Group struct {
	Hosts map[string]*Host
	Vars  map[string]any
}

type GroupConfig 

type GroupConfig struct {
	Name    string            `yaml:"name"`
	Vars    map[string]string `yaml:"vars"`
	Parents []GroupConfig     `yaml:"parents"`
}

type Host 

type Host struct {
	Vars map[string]any
}

type HostConfig 

type HostConfig struct {
	Name    string            `yaml:"name"`
	Vars    map[string]string `yaml:"vars"`
	Parents []GroupConfig     `yaml:"parents"`
}

type IniInventory 

type IniInventory struct {
	Groups        map[string][]string          // group -> hosts
	GroupVars     map[string]map[string]string // group -> vars
	GroupChildren map[string]map[string]bool   // parent -> child groups
}

type Inventory 

type Inventory struct {
	Groups map[string]*Group
}

type PasswordStrength 

type PasswordStrength string

Password strength 

const (
	WeakPassword         PasswordStrength = "weak"
	MediumPassword       PasswordStrength = "medium"
	StrongPassword       PasswordStrength = "strong"
	VeryStrongPassword   PasswordStrength = "very strong"
	QuantumReadyPassword PasswordStrength = "quantum ready password"
)

func CheckPasswordStrength 

func CheckPasswordStrength(password string) (PasswordStrength, float64, error)

Optimized password strength check

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.