30c0e9871b
- VerifySpec: add SuccessCodes, FailureCodes, RateLimitCodes, MetadataPaths, Body - Preserve legacy ValidStatus/InvalidStatus for backward compat - Add EffectiveSuccessCodes/FailureCodes/RateLimitCodes fallback helpers - Add ExtractMetadata helper using gjson (skeleton for Plan 05-03) - Finding: add Verified, VerifyStatus, VerifyHTTPCode, VerifyMetadata, VerifyError - Add github.com/tidwall/gjson v1.18.0 as direct dependency
34 lines
1.2 KiB
Go
34 lines
1.2 KiB
Go
package engine
|
|
|
|
import "time"
|
|
|
|
// Finding represents a detected API key from the scanning pipeline.
|
|
// KeyValue holds the plaintext key -- the storage layer encrypts it before persisting.
|
|
type Finding struct {
|
|
ProviderName string
|
|
KeyValue string // full plaintext key
|
|
KeyMasked string // first8...last4
|
|
Confidence string // "high", "medium", "low"
|
|
Source string // file path or description
|
|
SourceType string // "file", "dir", "git", "stdin", "url"
|
|
LineNumber int
|
|
Offset int64
|
|
DetectedAt time.Time
|
|
|
|
// Verification fields populated when scan --verify is set (Phase 5).
|
|
Verified bool // true if verifier ran against this finding
|
|
VerifyStatus string // "live", "dead", "rate_limited", "error", "unknown"
|
|
VerifyHTTPCode int // HTTP status code returned by verify endpoint
|
|
VerifyMetadata map[string]string // extracted metadata from response (org, tier, etc.)
|
|
VerifyError string // non-empty if VerifyStatus == "error"
|
|
}
|
|
|
|
// MaskKey returns a masked representation: first 8 chars + "..." + last 4 chars.
|
|
// Returns "****" if the key is shorter than 12 characters.
|
|
func MaskKey(key string) string {
|
|
if len(key) < 12 {
|
|
return "****"
|
|
}
|
|
return key[:8] + "..." + key[len(key)-4:]
|
|
}
|