gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-01-11 04:33:40 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
02bb8aed1b06b2a47e1b2d1055466041e990b84f
sif/docs/development.md
Celeste Hickenlooper 4942425ce5 docs: add comprehensive documentation and fix github actions 
- add docs/ with installation, usage, modules, scans, and api docs
- add docs link to main readme
- fix release.yml to bundle modules directory with releases
- add module system tests to runtest.yml
- standardize go version to 1.23 across workflows
2026-01-03 05:57:10 -08:00

3.2 KiB
Raw Blame History

development

setting up a development environment for sif.

prerequisites

  • go 1.23 or later
  • git
  • make

clone and build

git clone https://github.com/dropalldatabases/sif.git
cd sif
make

project structure

sif/
├── cmd/sif/          # entry point
│   └── main.go
├── sif.go            # main application logic
├── internal/         # private packages
│   ├── config/       # configuration parsing
│   ├── logger/       # logging utilities
│   ├── modules/      # module system
│   ├── scan/         # built-in scans
│   ├── styles/       # terminal styling
│   └── worker/       # worker pool
├── modules/          # built-in yaml modules
│   ├── http/         # http-based modules
│   ├── info/         # information gathering
│   └── recon/        # reconnaissance modules
├── docs/             # documentation
└── assets/           # images, etc

running locally

# build
make

# run
./sif -u https://example.com

# run with debug
./sif -u https://example.com -d

code quality

format

gofmt -w .

lint

golangci-lint run

test

go test ./...

race detection

go test -race ./...

adding a new scan

  1. create a new file in internal/scan/
  2. implement the scan function
  3. add flag to internal/config/config.go
  4. integrate in sif.go

see existing scans for examples.

adding a new module

create a yaml file in modules/:

id: my-new-module
info:
  name: my new security check
  author: your-name
  severity: medium
  description: what this checks for
  tags: [custom, security]

type: http

http:
  method: GET
  paths:
    - "{{BaseURL}}/path"

  matchers:
    - type: status
      status:
        - 200

see modules.md for the full format.

module system internals

the module system is in internal/modules/:

  • module.go - core interface and types
  • registry.go - module registration
  • loader.go - discovery and loading
  • yaml.go - yaml parsing
  • executor.go - http execution

adding a new module type

  1. add type constant to module.go
  2. implement executor in new file
  3. update loader to handle new extension/type

testing

unit tests

go test ./internal/...

functional test

./sif -u https://example.com -am

test modules

./sif -lm  # list modules
./sif -u https://example.com -m my-module -d  # test specific module

pull requests

  1. fork the repository
  2. create a feature branch
  3. make changes
  4. run gofmt -w . and golangci-lint run
  5. submit pr

commit messages

use lowercase, present tense:

add sql injection module
fix timeout handling in http executor
update readme with new flags

release process

releases are automated via github actions on push to main.

binaries are built for:

  • linux (amd64, 386, arm64)
  • macos (amd64, arm64)
  • windows (amd64, 386)

resources

Reference in New Issue View Git Blame Copy Permalink