go-trust-graph

A Go tool that models trust relationships (users, keys, permissions, dependencies) as graphs and performs comprehensive security analysis.

Features

• Trust Graph Modeling: Model complex trust relationships between users, keys, permissions, and dependencies
• Cycle Detection: Identify circular trust relationships that can lead to security vulnerabilities
• Over-Trusting Detection: Find nodes that trust too many other nodes, indicating potential security risks
• Single Point of Failure Detection: Identify critical nodes whose compromise could affect many others
• Graph Visualization: Export graphs in DOT format for visualization with Graphviz or JSON format
• Risk Summary: Generate comprehensive risk reports with severity levels

Installation

From Source

git clone https://github.com/BaseMax/go-trust-graph.git
cd go-trust-graph
go build -o trustgraph ./cmd/trustgraph

Using Go Install

go install github.com/BaseMax/go-trust-graph/cmd/trustgraph@latest

Usage

Analyze Example Trust Graph

./trustgraph -example

Analyze Custom Trust Graph

./trustgraph -input examples/sample.json

Export Graph Visualization

# Export as DOT format (for Graphviz)
./trustgraph -input examples/sample.json -output graph.dot

# Visualize with Graphviz (requires graphviz installation)
dot -Tpng graph.dot -o graph.png

# Export as JSON
./trustgraph -input examples/sample.json -output graph.json -format json

Custom Over-Trust Threshold

./trustgraph -input examples/sample.json -threshold 5

Input Format

The tool accepts JSON files with the following structure:

{
  "nodes": [
    {
      "id": "alice",
      "type": "user",
      "name": "Alice",
      "metadata": {
        "role": "admin"
      }
    },
    {
      "id": "database",
      "type": "dependency",
      "name": "Production Database"
    }
  ],
  "edges": [
    {
      "from": "alice",
      "to": "database",
      "weight": 1.0
    }
  ]
}

Node Types

• user: Represents a user in the system
• key: Represents an authentication key (SSH, API, etc.)
• permission: Represents a permission or role
• dependency: Represents a system dependency

Edge Weight

The weight field (0.0 to 1.0) represents the strength of trust, where 1.0 is full trust.

Risk Detection

Cycle Detection

Cycles in trust graphs can indicate:

• Circular dependencies
• Potential for trust escalation attacks
• Complex permission chains that are hard to audit

Example: User A trusts User B, User B trusts User C, and User C trusts User A.

Over-Trusting Detection

Nodes that trust too many other nodes can indicate:

• Poor access control practices
• Excessive permissions
• Potential for privilege escalation

The default threshold is 10 trust relationships per node.

Single Point of Failure Detection

Critical nodes are identified based on:

• Number of incoming trust relationships (how many depend on it)
• Criticality score (percentage of graph depending on it)
• Articulation point analysis (whether removing it disconnects the graph)

Example: A database that all services depend on.

Exit Codes

• 0: SUCCESS - Low risk level
• 1: WARNING - Medium risk level
• 2: ERROR - High risk level

This allows integration with CI/CD pipelines for automated security checks.

Examples

See the examples/ directory for sample trust graphs.

Development

Running Tests

go test ./...

Building

go build -o trustgraph ./cmd/trustgraph

Project Structure

.
├── analyzer/           # Risk analysis algorithms
│   ├── analyzer.go
│   └── analyzer_test.go
├── graph/              # Graph data structures
│   ├── graph.go
│   ├── graph_test.go
│   ├── loader.go
│   └── output.go
├── cmd/trustgraph/     # CLI application
│   └── main.go
└── examples/           # Sample trust graphs
    └── sample.json

License

See LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.