gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-06-29 01:38:24 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
44cf3659644248ae2ceaf4f11ce906760727ebd3
sif/docs/development.md
T
Tigah 39b333320e chore: migrate module path to github.com/vmfunc/sif (#194) 
rename the go module path from github.com/dropalldatabases/sif to
github.com/vmfunc/sif across go.mod, all imports, the golangci exclude
list, release install docs and docs. pure string rename, no logic change.
2026-06-22 22:25:39 -07:00

3.6 KiB
Raw Blame History

development

setting up a development environment for sif.

prerequisites

  • go 1.25 or later
  • git
  • make

clone and build

git clone https://github.com/vmfunc/sif.git
cd sif
make

project structure

sif/
├── cmd/sif/          # entry point
│   └── main.go
├── sif.go            # main application logic
├── internal/         # private packages
│   ├── config/       # configuration parsing
│   ├── logger/       # logging utilities
│   ├── modules/      # module system
│   ├── scan/         # built-in scans
│   └── styles/       # terminal styling
├── modules/          # built-in yaml modules
│   ├── http/         # http-based modules
│   ├── info/         # information gathering
│   └── recon/        # reconnaissance modules
├── docs/             # documentation
└── assets/           # images, etc

running locally

# build
make

# run
./sif -u https://example.com

# run with debug
./sif -u https://example.com -d

code quality

format

gofmt -w .

lint

ci pins golangci-lint v2.11.4 (.github/workflows/go.yml); other versions report spurious issues against the v2 config, so pin it locally too:

go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4 run

test

go test ./...

race detection

go test -race ./...

adding a new scan

  1. create a new file in internal/scan/
  2. implement the scan function
  3. add flag to internal/config/config.go
  4. integrate in sif.go

see existing scans for examples.

adding a new module

create a yaml file in modules/:

id: my-new-module
info:
  name: my new security check
  author: your-name
  severity: medium
  description: what this checks for
  tags: [custom, security]

type: http

http:
  method: GET
  paths:
    - "{{BaseURL}}/path"

  matchers:
    - type: status
      status:
        - 200

see modules.md for the full format.

module system internals

the module system is in internal/modules/:

  • module.go - core interface and types
  • registry.go - module registration
  • loader.go - discovery and loading
  • yaml.go - yaml parsing
  • executor.go - http execution

adding a new module type

  1. add type constant to module.go
  2. implement executor in new file
  3. update loader to handle new extension/type

testing

unit tests

go test ./internal/...

integration tests

run the scanners against a local testbed that plants the artifacts each one should find (network-free, behind a build tag):

go test -tags=integration ./internal/scan/...

functional test

./sif -u https://example.com -am

test modules

./sif -lm  # list modules
./sif -u https://example.com -m my-module -d  # test specific module

pull requests

  1. fork the repository
  2. create a feature branch
  3. make changes
  4. run gofmt -w . and golangci-lint run (pinned version, see lint)
  5. submit pr

commit messages

use lowercase, present tense:

add sql injection module
fix timeout handling in http executor
update readme with new flags

release process

releases are automated via github actions on push to main.

binaries are built for:

  • linux (amd64, 386, arm64)
  • macos (amd64, arm64)
  • windows (amd64, 386)

resources

Reference in New Issue View Git Blame Copy Permalink