whitesource

package
v1.104.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2020 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Index

Constants

View Source
const DateTimeLayout = "2006-01-02 15:04:05 -0700"

DateTimeLayout is the layout of the time format used by the WhiteSource API.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alert added in v1.51.0

type Alert struct {
	Vulnerability Vulnerability `json:"vulnerability"`
	Library       Library       `json:"library,omitempty"`
	Project       string        `json:"project,omitempty"`
	CreationDate  string        `json:"creation_date,omitempty"`
}

Alert

type Assignment added in v1.100.0

type Assignment struct {
	UserAssignments  []UserAssignment  `json:"userAssignments,omitempty"`
	GroupAssignments []GroupAssignment `json:"groupAssignments,omitempty"`
}

Assignment describes a list of UserAssignments and GroupAssignments which can be attributed to a WhiteSource Product.

type DownloadedFile added in v1.95.0

type DownloadedFile struct {
	// contains filtered or unexported fields
}

DownloadedFile records what URL has been downloaded to which file.

type File added in v1.95.0

type File interface {
	io.Writer
	io.StringWriter
	io.Closer
}

File defines the method subset we use from os.File

type GroupAssignment added in v1.100.0

type GroupAssignment struct {
	Name string `json:"name,omitempty"`
}

GroupAssignment refers to the name of a particular group in WhiteSource.

type Library added in v1.51.0

type Library struct {
	Name     string `json:"name,omitempty"`
	Filename string `json:"filename,omitempty"`
	Version  string `json:"version,omitempty"`
	Project  string `json:"project,omitempty"`
}

Library

type NpmInstall added in v1.95.0

type NpmInstall struct {
	// contains filtered or unexported fields
}

NpmInstall records in which directory "npm install" has been invoked and for which package.json files.

type Product

type Product struct {
	Name           string `json:"name"`
	Token          string `json:"token"`
	CreationDate   string `json:"creationDate,omitempty"`
	LastUpdateDate string `json:"lastUpdatedDate,omitempty"`
}

Product defines a WhiteSource product with name and token

type Project

type Project struct {
	ID             int64  `json:"id"`
	Name           string `json:"name"`
	PluginName     string `json:"pluginName"`
	Token          string `json:"token"`
	UploadedBy     string `json:"uploadedBy"`
	CreationDate   string `json:"creationDate,omitempty"`
	LastUpdateDate string `json:"lastUpdatedDate,omitempty"`
}

Project defines a WhiteSource project with name and token

type ReportOptions added in v1.95.0

type ReportOptions struct {
	// ReportDirectory defines the target directory for downloading reports.
	ReportDirectory string
	// VulnerabilityReportFormat defines the requested file format of the vulnerability report (i.e. pdf).
	VulnerabilityReportFormat string
}

ReportOptions defines options for downloading reports after scanning.

type Request

type Request struct {
	RequestType          string      `json:"requestType,omitempty"`
	UserKey              string      `json:"userKey,omitempty"`
	ProductToken         string      `json:"productToken,omitempty"`
	ProductName          string      `json:"productName,omitempty"`
	ProjectToken         string      `json:"projectToken,omitempty"`
	OrgToken             string      `json:"orgToken,omitempty"`
	Format               string      `json:"format,omitempty"`
	ProductAdmins        *Assignment `json:"productAdmins,omitempty"`
	ProductMembership    *Assignment `json:"productMembership,omitempty"`
	AlertsEmailReceivers *Assignment `json:"alertsEmailReceivers,omitempty"`
	ProductApprovers     *Assignment `json:"productApprovers,omitempty"`
	ProductIntegrators   *Assignment `json:"productIntegrators,omitempty"`
}

Request defines a request object to be sent to the WhiteSource system

type Scan added in v1.95.0

type Scan struct {
	// AggregateProjectName stores the name of the WhiteSource project where scans shall be aggregated.
	// It does not include the ProductVersion.
	AggregateProjectName string
	// ProductVersion is the global version that is used across all Projects (modules) during the scan.
	ProductVersion string
	// contains filtered or unexported fields
}

Scan stores information about scanned WhiteSource projects (modules).

func (*Scan) AppendScannedProject added in v1.95.0

func (s *Scan) AppendScannedProject(projectName string) error

AppendScannedProject checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name. The global product version is appended to the name.

func (*Scan) AppendScannedProjectVersion added in v1.95.0

func (s *Scan) AppendScannedProjectVersion(projectName string) error

AppendScannedProjectVersion checks that no Project with the same name is already contained in the list of scanned projects, and appends a new Project with the given name (which is expected to include the product version).

func (*Scan) DownloadReports added in v1.95.0

func (s *Scan) DownloadReports(options ReportOptions, utils scanUtils, sys whitesource) ([]piperutils.Path, error)

DownloadReports downloads a Project's risk and vulnerability reports

func (*Scan) ExecuteMTAScan added in v1.95.0

func (s *Scan) ExecuteMTAScan(config *ScanOptions, utils Utils) error

ExecuteMTAScan executes a scan for the Java part with maven, and performs a scan for each NPM module.

func (*Scan) ExecuteMavenScan added in v1.95.0

func (s *Scan) ExecuteMavenScan(config *ScanOptions, utils Utils) error

ExecuteMavenScan constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update".

func (*Scan) ExecuteMavenScanForPomFile added in v1.95.0

func (s *Scan) ExecuteMavenScanForPomFile(config *ScanOptions, utils Utils, pomPath string) error

ExecuteMavenScanForPomFile constructs maven parameters from the given configuration, and executes the maven goal "org.whitesource:whitesource-maven-plugin:19.5.1:update" for the given pom file.

func (*Scan) ExecuteNpmScan added in v1.95.0

func (s *Scan) ExecuteNpmScan(config *ScanOptions, utils Utils) error

ExecuteNpmScan iterates over all found npm modules and performs a scan in each one.

func (*Scan) ExecuteUAScan added in v1.95.0

func (s *Scan) ExecuteUAScan(config *ScanOptions, utils Utils) error

ExecuteUAScan executes a scan with the Whitesource Unified Agent.

func (*Scan) ExecuteYarnScan added in v1.95.0

func (s *Scan) ExecuteYarnScan(config *ScanOptions, utils Utils) error

ExecuteYarnScan generates a configuration file whitesource.config.json with appropriate values from config, installs whitesource yarn plugin and executes the scan.

func (*Scan) ProjectByName added in v1.95.0

func (s *Scan) ProjectByName(projectName string) (Project, bool)

ProjectByName returns a WhiteSource Project previously established via AppendScannedProject().

func (*Scan) ScanTime added in v1.95.0

func (s *Scan) ScanTime(projectName string) time.Time

ScanTime returns the time at which the respective WhiteSource Project was scanned, or the the zero value of time.Time, if AppendScannedProject() was not called with that name.

func (*Scan) ScannedProjects added in v1.95.0

func (s *Scan) ScannedProjects() []Project

ScannedProjects returns the WhiteSource projects that have been added via AppendScannedProject() as a slice.

func (*Scan) UpdateProjects added in v1.95.0

func (s *Scan) UpdateProjects(productToken string, sys whitesource) error

UpdateProjects pulls the current backend metadata for all WhiteSource projects in the product with the given productToken, and updates all scanned projects with the obtained information.

type ScanOptions added in v1.95.0

type ScanOptions struct {
	// ScanType defines the type of scan. Can be "maven" or "mta" for scanning with Maven or "npm"/"yarn".
	ScanType     string
	OrgToken     string
	UserToken    string
	ProductName  string
	ProductToken string
	// ProjectName is an optional name for an "aggregator" project.
	// All scanned maven modules will be reflected in the aggregate project.
	ProjectName                string
	BuildDescriptorExcludeList []string
	// PomPath is the path to root build descriptor file.
	PomPath string
	// M2Path is the path to the local maven repository.
	M2Path string
	// GlobalSettingsFile is an optional path to a global maven settings file.
	GlobalSettingsFile string
	// ProjectSettingsFile is an optional path to a local maven settings file.
	ProjectSettingsFile string
	// InstallArtifacts installs artifacts from all maven modules to the local repository
	InstallArtifacts bool

	// DefaultNpmRegistry is an optional default registry for NPM.
	DefaultNpmRegistry string

	AgentDownloadURL string
	AgentFileName    string
	ConfigFilePath   string

	Includes string
	Excludes string
}

ScanOptions contains parameters needed during the scan.

type ScanUtilsMock added in v1.95.0

type ScanUtilsMock struct {
	*mock.FilesMock
	*mock.ExecMockRunner
	NpmInstalledModules []NpmInstall
	DownloadedFiles     []DownloadedFile
}

ScanUtilsMock is an implementation of the Utils interface that can be used during tests.

func NewScanUtilsMock added in v1.95.0

func NewScanUtilsMock() *ScanUtilsMock

NewScanUtilsMock returns an initialized ScanUtilsMock instance.

func (*ScanUtilsMock) DownloadFile added in v1.95.0

func (m *ScanUtilsMock) DownloadFile(url, filename string, _ http.Header, _ []*http.Cookie) error

DownloadFile mimics http.Downloader and records the downloaded file.

func (*ScanUtilsMock) FileOpen added in v1.95.0

func (m *ScanUtilsMock) FileOpen(name string, flag int, perm os.FileMode) (File, error)

FileOpen mimics os.FileOpen() based on FilesMock Open().

func (*ScanUtilsMock) FindPackageJSONFiles added in v1.95.0

func (m *ScanUtilsMock) FindPackageJSONFiles(_ *ScanOptions) ([]string, error)

FindPackageJSONFiles mimics npm.FindPackageJSONFiles() based on the FilesMock setup.

func (*ScanUtilsMock) InstallAllNPMDependencies added in v1.95.0

func (m *ScanUtilsMock) InstallAllNPMDependencies(_ *ScanOptions, packageJSONs []string) error

InstallAllNPMDependencies mimics npm.InstallAllNPMDependencies() and records the "npm install".

func (*ScanUtilsMock) RemoveAll added in v1.95.0

func (m *ScanUtilsMock) RemoveAll(_ string) error

RemoveAll mimics os.RemoveAll().

type System

type System struct {
	// contains filtered or unexported fields
}

System defines a WhiteSource System including respective tokens (e.g. org token, user token)

func NewSystem added in v1.51.0

func NewSystem(serverURL, orgToken, userToken string, timeout time.Duration) *System

NewSystem constructs a new System instance

func (*System) CreateProduct added in v1.100.0

func (s *System) CreateProduct(productName string) (string, error)

CreateProduct creates a new WhiteSource product and returns its product token.

func (*System) GetProductByName added in v1.51.0

func (s *System) GetProductByName(productName string) (Product, error)

GetProductByName retrieves meta information for a specific WhiteSource product

func (*System) GetProductName

func (s *System) GetProductName(productToken string) (string, error)

GetProductName returns the product name for a given product token

func (*System) GetProductsMetaInfo

func (s *System) GetProductsMetaInfo() ([]Product, error)

GetProductsMetaInfo retrieves meta information for all WhiteSource products a user has access to

func (*System) GetProjectAlerts added in v1.51.0

func (s *System) GetProjectAlerts(projectToken string) ([]Alert, error)

GetProjectAlerts

func (*System) GetProjectByName added in v1.51.0

func (s *System) GetProjectByName(productToken, projectName string) (Project, error)

GetProjectByName fetches all projects and returns the one matching the given projectName, or none, if not found

func (*System) GetProjectByToken added in v1.85.0

func (s *System) GetProjectByToken(projectToken string) (Project, error)

GetProjectByToken returns project meta info given a project token

func (*System) GetProjectLibraryLocations added in v1.51.0

func (s *System) GetProjectLibraryLocations(projectToken string) ([]Library, error)

GetProjectLibraryLocations

func (*System) GetProjectRiskReport added in v1.51.0

func (s *System) GetProjectRiskReport(projectToken string) ([]byte, error)

GetProjectRiskReport

func (*System) GetProjectToken

func (s *System) GetProjectToken(productToken, projectName string) (string, error)

GetProjectToken returns the project token for a project with a given name

func (*System) GetProjectTokens

func (s *System) GetProjectTokens(productToken string, projectNames []string) ([]string, error)

GetProjectTokens returns the project tokens matching a given a slice of project names

func (*System) GetProjectVulnerabilityReport added in v1.51.0

func (s *System) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)

GetProjectVulnerabilityReport

func (*System) GetProjectsByIDs added in v1.51.0

func (s *System) GetProjectsByIDs(productToken string, projectIDs []int64) ([]Project, error)

GetProjectsByIDs retrieves all projects for the given productToken and filters them by the given project ids

func (*System) GetProjectsMetaInfo

func (s *System) GetProjectsMetaInfo(productToken string) ([]Project, error)

GetProjectsMetaInfo retrieves the registered projects for a specific WhiteSource product

func (*System) SetProductAssignments added in v1.100.0

func (s *System) SetProductAssignments(productToken string, membership, admins, alertReceivers *Assignment) error

SetProductAssignments assigns various types of membership to a WhiteSource Product.

type SystemMock added in v1.95.0

type SystemMock struct {
	ProductName         string
	Products            []Product
	Projects            []Project
	Alerts              []Alert
	Libraries           []Library
	RiskReport          []byte
	VulnerabilityReport []byte
}

SystemMock stores a number of WhiteSource objects and, based on that, mocks the behavior of System.

func NewSystemMock added in v1.95.0

func NewSystemMock(lastUpdateDate string) *SystemMock

NewSystemMock returns a pointer to a new instance of SystemMock.

func (*SystemMock) CreateProduct added in v1.100.0

func (m *SystemMock) CreateProduct(productName string) (string, error)

CreateProduct appends a new Product to the system mock and returns its token ("mock-product-token-<index>").

func (*SystemMock) GetProductByName added in v1.95.0

func (m *SystemMock) GetProductByName(productName string) (Product, error)

GetProductByName mimics retrieving a Product by name. It returns an error of no Product is stored in the mock.

func (*SystemMock) GetProjectAlerts added in v1.95.0

func (m *SystemMock) GetProjectAlerts(projectToken string) ([]Alert, error)

GetProjectAlerts returns the alerts stored in the SystemMock.

func (*SystemMock) GetProjectByToken added in v1.95.0

func (m *SystemMock) GetProjectByToken(projectToken string) (Project, error)

GetProjectByToken checks the Projects stored in the mock and returns the one with the given token or an error.

func (*SystemMock) GetProjectLibraryLocations added in v1.95.0

func (m *SystemMock) GetProjectLibraryLocations(projectToken string) ([]Library, error)

GetProjectLibraryLocations returns the libraries stored in the SystemMock.

func (*SystemMock) GetProjectRiskReport added in v1.95.0

func (m *SystemMock) GetProjectRiskReport(projectToken string) ([]byte, error)

GetProjectRiskReport mocks retrieving a risc report.

func (*SystemMock) GetProjectToken added in v1.95.0

func (m *SystemMock) GetProjectToken(productToken, projectName string) (string, error)

GetProjectToken checks the Projects stored in the mock and returns a valid token, or an empty token and no error.

func (*SystemMock) GetProjectVulnerabilityReport added in v1.95.0

func (m *SystemMock) GetProjectVulnerabilityReport(projectToken string, format string) ([]byte, error)

GetProjectVulnerabilityReport mocks retrieving a vulnerability report. Behavior depends on what is stored in the mock.

func (*SystemMock) GetProjectsMetaInfo added in v1.95.0

func (m *SystemMock) GetProjectsMetaInfo(productToken string) ([]Project, error)

GetProjectsMetaInfo returns the list of Projects stored in the mock or an error if token is unknown.

func (*SystemMock) SetProductAssignments added in v1.100.0

func (m *SystemMock) SetProductAssignments(productToken string, _, _, _ *Assignment) error

SetProductAssignments checks if the system mock contains a product with the given token and returns an error depending on that, but otherwise does nothing with the provided arguments.

type UserAssignment added in v1.100.0

type UserAssignment struct {
	Email string `json:"email,omitempty"`
}

UserAssignment holds an email address for a WhiteSource user which can be assigned to a WhiteSource Product in a specific role.

type Utils added in v1.95.0

type Utils interface {
	Stdout(out io.Writer)
	Stderr(err io.Writer)
	RunExecutable(executable string, params ...string) error

	DownloadFile(url, filename string, header http.Header, cookies []*http.Cookie) error

	Chdir(path string) error
	Getwd() (string, error)
	MkdirAll(path string, perm os.FileMode) error
	FileExists(path string) (bool, error)
	FileRead(path string) ([]byte, error)
	FileWrite(path string, content []byte, perm os.FileMode) error
	FileRemove(path string) error
	FileRename(oldPath, newPath string) error
	RemoveAll(path string) error
	FileOpen(name string, flag int, perm os.FileMode) (File, error)

	FindPackageJSONFiles(config *ScanOptions) ([]string, error)
	InstallAllNPMDependencies(config *ScanOptions, packageJSONFiles []string) error
}

Utils captures all external functionality that needs to be exchangeable in tests.

type Vulnerability added in v1.51.0

type Vulnerability struct {
	Name              string  `json:"name,omitempty"`
	Type              string  `json:"type,omitempty"`
	Level             string  `json:"level,omitempty"`
	Description       string  `json:"description,omitempty"`
	Severity          string  `json:"severity,omitempty"`
	CVSS3Severity     string  `json:"cvss3_severity,omitempty"`
	CVSS3Score        float64 `json:"cvss3_score,omitempty"`
	Score             float64 `json:"score,omitempty"`
	FixResolutionText string  `json:"fixResolutionText,omitempty"`
	PublishDate       string  `json:"publishDate,omitempty"`
}

Vulnerability

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL