aws

package
v0.0.0-...-7560532 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2026 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RequiredIdEntropy     = 3.0
	RequiredSecretEntropy = 4.25
)
View Source 
const (
	VerificationErrAccountIDInDenyList     = "Account ID is in the deny list for verification"
	VerificationErrAccountIDNotInAllowList = "Account ID is not in the allow list for verification"
)

Verification error messages

Variables

View Source 
var FalsePositiveSecretPat = regexp.MustCompile(`[a-f0-9]{40}`)

Hashes, like those for git, do technically match the secret pattern. But they are extremely unlikely to be generated as an actual AWS secret. So when we find them, if they're not verified, we should ignore the result.

View Source 
var ResourceTypes = map[string]string{
	"ABIA": "AWS STS service bearer token",
	"ACCA": "Context-specific credential",
	"AGPA": "User group",
	"AIDA": "IAM user",
	"AIPA": "Amazon EC2 instance profile",
	"AKIA": "Access key",
	"ANPA": "Managed policy",
	"ANVA": "Version in a managed policy",
	"APKA": "Public key",
	"AROA": "Role",
	"ASCA": "Certificate",
	"ASIA": "Temporary (AWS STS) access key IDs",
}

ResourceTypes derived from: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids

View Source 
var SecretPat = regexp.MustCompile(`(?:[^A-Za-z0-9+/]|\A)([A-Za-z0-9+/]{40})(?:[^A-Za-z0-9+/]|\z)`)
View Source 
var UrlEncodedReplacer = strings.NewReplacer(
	"%2B", "+",
	"%2b", "+",
	"%2F", "/",
	"%2f", "/",
	"%3d", "=",
	"%3D", "=",
)

UrlEncodedReplacer helps capture base64-encoded results that may be url-encoded. TODO: Add this as a decoder, or make it a more generic.

Functions

func CleanResults 

func CleanResults(results []detectors.Result) []detectors.Result

func GetAccountNumFromID 

func GetAccountNumFromID(id string) (string, error)

func GetHMAC 

func GetHMAC(key []byte, data []byte) []byte

func GetHash 

func GetHash(input string) string

Types

type Error 

type Error struct {
	Code    string `json:"Code"`
	Message string `json:"Message"`
}

type ErrorResponseBody 

type ErrorResponseBody struct {
	Error Error `json:"Error"`
}

type IdentityResponse 

type IdentityResponse struct {
	GetCallerIdentityResponse struct {
		GetCallerIdentityResult struct {
			Account string `json:"Account"`
			Arn     string `json:"Arn"`
			UserID  string `json:"UserId"`
		} `json:"GetCallerIdentityResult"`
		ResponseMetadata struct {
			RequestID string `json:"RequestId"`
		} `json:"ResponseMetadata"`
	} `json:"GetCallerIdentityResponse"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.