Skip to content

BaseMax/go-trust-graph

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

go-trust-graph

A Go tool that models trust relationships (users, keys, permissions, dependencies) as graphs and performs comprehensive security analysis.

Features

  • Trust Graph Modeling: Model complex trust relationships between users, keys, permissions, and dependencies
  • Cycle Detection: Identify circular trust relationships that can lead to security vulnerabilities
  • Over-Trusting Detection: Find nodes that trust too many other nodes, indicating potential security risks
  • Single Point of Failure Detection: Identify critical nodes whose compromise could affect many others
  • Graph Visualization: Export graphs in DOT format for visualization with Graphviz or JSON format
  • Risk Summary: Generate comprehensive risk reports with severity levels

Installation

From Source

git clone https://github.com/BaseMax/go-trust-graph.git
cd go-trust-graph
go build -o trustgraph ./cmd/trustgraph

Using Go Install

go install github.com/BaseMax/go-trust-graph/cmd/trustgraph@latest

Usage

Analyze Example Trust Graph

./trustgraph -example

Analyze Custom Trust Graph

./trustgraph -input examples/sample.json

Export Graph Visualization

# Export as DOT format (for Graphviz)
./trustgraph -input examples/sample.json -output graph.dot

# Visualize with Graphviz (requires graphviz installation)
dot -Tpng graph.dot -o graph.png

# Export as JSON
./trustgraph -input examples/sample.json -output graph.json -format json

Custom Over-Trust Threshold

./trustgraph -input examples/sample.json -threshold 5

Input Format

The tool accepts JSON files with the following structure:

{
  "nodes": [
    {
      "id": "alice",
      "type": "user",
      "name": "Alice",
      "metadata": {
        "role": "admin"
      }
    },
    {
      "id": "database",
      "type": "dependency",
      "name": "Production Database"
    }
  ],
  "edges": [
    {
      "from": "alice",
      "to": "database",
      "weight": 1.0
    }
  ]
}

Node Types

  • user: Represents a user in the system
  • key: Represents an authentication key (SSH, API, etc.)
  • permission: Represents a permission or role
  • dependency: Represents a system dependency

Edge Weight

The weight field (0.0 to 1.0) represents the strength of trust, where 1.0 is full trust.

Risk Detection

Cycle Detection

Cycles in trust graphs can indicate:

  • Circular dependencies
  • Potential for trust escalation attacks
  • Complex permission chains that are hard to audit

Example: User A trusts User B, User B trusts User C, and User C trusts User A.

Over-Trusting Detection

Nodes that trust too many other nodes can indicate:

  • Poor access control practices
  • Excessive permissions
  • Potential for privilege escalation

The default threshold is 10 trust relationships per node.

Single Point of Failure Detection

Critical nodes are identified based on:

  • Number of incoming trust relationships (how many depend on it)
  • Criticality score (percentage of graph depending on it)
  • Articulation point analysis (whether removing it disconnects the graph)

Example: A database that all services depend on.

Exit Codes

  • 0: SUCCESS - Low risk level
  • 1: WARNING - Medium risk level
  • 2: ERROR - High risk level

This allows integration with CI/CD pipelines for automated security checks.

Examples

See the examples/ directory for sample trust graphs.

Development

Running Tests

go test ./...

Building

go build -o trustgraph ./cmd/trustgraph

Project Structure

.
├── analyzer/           # Risk analysis algorithms
│   ├── analyzer.go
│   └── analyzer_test.go
├── graph/              # Graph data structures
│   ├── graph.go
│   ├── graph_test.go
│   ├── loader.go
│   └── output.go
├── cmd/trustgraph/     # CLI application
│   └── main.go
└── examples/           # Sample trust graphs
    └── sample.json

License

See LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

About

A Go tool that models trust relationships (users, keys, permissions, dependencies) as graphs and performs comprehensive security analysis. Analyzes trust relationships in local systems.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors