Skip to main content

Go ecosystem analyzer plugin for AttackMap (net/http, chi, gin, echo, fiber, gorilla/mux; database/sql, gorm, sqlx, pgx; golang-jwt; resty).

Project description

attackmap-analyzer-go

Go ecosystem analyzer for AttackMap.

This analyzer extracts structured signals from Go modules and workspaces:

  • Web frameworks — net/http (stdlib), chi, gin, echo, fiber, gorilla/mux (route + entrypoint extraction)
  • Databasesdatabase/sql (Postgres / MySQL / SQLite drivers), gorm (with driver-aware kind inference), sqlx, pgx, mongo-go-driver, go-redis, bbolt, AWS SDK (S3, DynamoDB)
  • Auth packages — golang-jwt, golang.org/x/oauth2, gorilla/sessions, casbin, x/crypto/bcrypt / scrypt / argon2, go-chi/jwtauth, echo-jwt
  • HTTP clients (external calls) — net/http (http.Get / http.Post / http.NewRequest), go-resty, grequests
  • Secretsos.Getenv, os.LookupEnv, godotenv, viper.GetString
  • Service hints — module name extracted from go.mod

All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.go:NN.

Install

pip install git+https://github.com/mlaify/attackmap-analyzer-go.git

The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.

Usage with AttackMap

# Auto-discovered when installed:
attackmap analyze /path/to/go/repo

# Or invoke explicitly:
attackmap analyze /path/to/go/repo --module go

Detection

detect() returns true when any of the following are present, ignoring vendor/, .git/, node_modules/, dist/, and build/:

  • A go.mod or go.sum at the repository root, or anywhere in the tree
  • One or more .go files in the tree

Coverage notes

  • Framework-aware route extraction: chi/echo/fiber all use the same title-case verb pattern (r.Get(...), r.Post(...)). To avoid mis-attributing generic .Get(...) calls (e.g., on a map type) as routes, the analyzer only fires those extractors when the file also contains a recognizable framework marker (go-chi/chi import, chi.NewRouter(, labstack/echo, echo.New(, etc.).
  • gorilla/mux + net/http: when both are detected in the same file, only the gorilla extractor runs. The stdlib HandleFunc extractor would otherwise double-count the same routes.
  • Method extraction: gin uses uppercase methods (r.GET); chi/echo/fiber use title-case (r.Get); gorilla/mux chains .Methods("GET", "POST") after HandleFunc. All three shapes are supported. http.HandleFunc has no method information, so those routes are emitted with method ANY.
  • chi Route() / Mount() prefix nesting: routes inside r.Route("/api", func(r chi.Router) { ... }) are extracted but the outer /api prefix is not currently joined to the inner paths. Roadmap.
  • gRPC: framework presence and grpc.NewServer entrypoint are detected. Per-service / per-method route extraction would require parsing .proto files — not yet supported.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmap_analyzer_go-0.1.0.tar.gz (14.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmap_analyzer_go-0.1.0-py3-none-any.whl (10.3 kB view details)

Uploaded Python 3

File details

Details for the file attackmap_analyzer_go-0.1.0.tar.gz.

File metadata

  • Download URL: attackmap_analyzer_go-0.1.0.tar.gz
  • Upload date:
  • Size: 14.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for attackmap_analyzer_go-0.1.0.tar.gz
Algorithm Hash digest
SHA256 2a416f7611fce9d154d977dff5278fa3399802b2c771e7f54a8b35cef626f1d6
MD5 8ba7992ee6618cf4aa884bb826ef4092
BLAKE2b-256 9d73c526aa9c641f5c1cdb55910dede39470018eeda93e0a1823aa901ff4ae2f

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_go-0.1.0.tar.gz:

Publisher: release.yml on mlaify/attackmap-analyzer-go

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmap_analyzer_go-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for attackmap_analyzer_go-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 44943bd694502fe90bbd55e7b0690f4abaad062566fd7e88e8518af3938c12cc
MD5 d3276bd8359a6c8281e6c1719c77b069
BLAKE2b-256 1d8c353fdae184f0d82f371d5441f0779fd1ae46a67eefdc4326c3d9c8d9d6da

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_go-0.1.0-py3-none-any.whl:

Publisher: release.yml on mlaify/attackmap-analyzer-go

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page