database

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 15, 2023 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAPICouldNotMarshalPayload = errors.New("could not marshal payload")
View Source 
var ErrAPIRequestFailed = errors.New("api request failed")
View Source 
var ErrAPIRequestInvalid = errors.New("api request invalid")
View Source 
var ErrAPIResponseNotJSON = errors.New("api response could not be parsed as json")
View Source 
var ErrAPIResultsCountMismatch = errors.New("api results count mismatch")
View Source 
var ErrAPIUnexpectedResponse = errors.New("api returned unexpected status")
View Source 
var ErrAPIUnreadableResponse = errors.New("could not read response body")
View Source 
var ErrDirPathWrongProtocol = errors.New("directory path must start with \"file:\" protocol")
View Source 
var ErrInvalidBatchSize = errors.New("batch size must be greater than 0")
View Source 
var ErrOfflineDatabaseNotFound = errors.New("no offline version of the OSV database is available")
View Source 
var ErrOfflineDatabaseNotSupported = errors.New("API database does not support being used offline")
View Source 
var ErrUnexpectedStatusCode = errors.New("db host returned an unexpected status code")
View Source 
var ErrUnsupportedDatabaseType = errors.New("unsupported database source type")

Functions

This section is empty.

Types

type APIDB 

type APIDB struct {
	BaseURL   *url.URL
	BatchSize int
	// contains filtered or unexported fields
}

func NewAPIDB 

func NewAPIDB(config Config, offline bool, batchSize int) (*APIDB, error)

func (APIDB) Check 

func (db APIDB) Check(pkgs []internal.PackageDetails) ([]Vulnerabilities, error)

func (APIDB) Fetch 

func (db APIDB) Fetch(id string) (OSV, error)

Fetch gets the details of a specific OSV from the osv.dev database

func (APIDB) FetchAll 

func (db APIDB) FetchAll(ids []string) Vulnerabilities

func (APIDB) Identifier 

func (db APIDB) Identifier() string

func (APIDB) Name 

func (db APIDB) Name() string

type Affected 

type Affected struct {
	Package  Package  `json:"package"`
	Versions Versions `json:"versions"`
	Ranges   Affects  `json:"ranges,omitempty"`
}

type Affects 

type Affects []AffectsRange

type AffectsRange 

type AffectsRange struct {
	Type   AffectsRangeType `json:"type"`
	Events []RangeEvent     `json:"events"`
}

type AffectsRangeType 

type AffectsRangeType string
const (
	TypeSemver    AffectsRangeType = "SEMVER"
	TypeEcosystem AffectsRangeType = "ECOSYSTEM"
	TypeGit       AffectsRangeType = "GIT"
)

type Cache 

type Cache struct {
	URL  string `json:"url"`
	ETag string `json:"etag"`
	Date string `json:"date"`
	Body []byte `json:"body"`
}

Cache stores the OSV database archive for re-use

type Config 

type Config struct {
	Name             string `yaml:"name"`
	Type             string `yaml:"type"`
	URL              string `yaml:"url"`
	WorkingDirectory string `yaml:"working-directory"`
}

func (Config) Identifier 

func (dbc Config) Identifier() string

Identifier returns a unique string that can be used to check if a loaded database has been configured with this Config

type DB 

type DB interface {
	Name() string

	// Identifier can be used to check what config this database represents
	Identifier() string

	// Check looks for known vulnerabilities for the given pkgs within this OSV database.
	//
	// The vulnerabilities are returned in an array whose index align with the index of
	// the package that they're for within the pkgs array that was given.
	Check(pkgs []internal.PackageDetails) ([]Vulnerabilities, error)
}

func Load 

func Load(config Config, offline bool, batchSize int) (DB, error)

Load initializes a new OSV database based on the given Config

type DirDB 

type DirDB struct {
	LocalPath        string
	WorkingDirectory string
	Offline          bool
	// contains filtered or unexported fields
}

func NewDirDB 

func NewDirDB(config Config, offline bool) (*DirDB, error)

func (*DirDB) Check 

func (db *DirDB) Check(pkgs []internal.PackageDetails) ([]Vulnerabilities, error)

func (*DirDB) Identifier 

func (db *DirDB) Identifier() string

func (*DirDB) Name 

func (db *DirDB) Name() string

func (*DirDB) Vulnerabilities 

func (db *DirDB) Vulnerabilities(includeWithdrawn bool) []OSV

func (*DirDB) VulnerabilitiesAffectingPackage 

func (db *DirDB) VulnerabilitiesAffectingPackage(pkg internal.PackageDetails) Vulnerabilities

type Ecosystem 

type Ecosystem = internal.Ecosystem

type OSV 

type OSV struct {
	ID        string     `json:"id"`
	Aliases   []string   `json:"aliases"`
	Summary   string     `json:"summary"`
	Published time.Time  `json:"published"`
	Modified  time.Time  `json:"modified"`
	Withdrawn *time.Time `json:"withdrawn,omitempty"`
	Details   string     `json:"details"`
	Affected  []Affected `json:"affected"`
}

OSV represents an OSV style JSON vulnerability database entry

func (*OSV) AffectsEcosystem 

func (osv *OSV) AffectsEcosystem(ecosystem internal.Ecosystem) bool

func (*OSV) Describe 

func (osv *OSV) Describe() string

func (*OSV) IsAffected 

func (osv *OSV) IsAffected(pkg internal.PackageDetails) bool
func (osv *OSV) Link() string

Link returns a URL to the advisory, if possible. Otherwise, an empty string is returned

type ObjectWithID 

type ObjectWithID struct {
	ID string `json:"id"`
}

type Package 

type Package struct {
	Name      string    `json:"name"`
	Ecosystem Ecosystem `json:"ecosystem"`
}

func (Package) NormalizedName 

func (p Package) NormalizedName() string

NormalizedName ensures that the package name is normalized based on ecosystem in accordance to the OSV specification.

This is required because currently both GitHub and Pip seem to be a bit inconsistent in their package name handling, so we normalize them to be on the safe side.

In the future, it's hoped that this can be improved.

type RangeEvent 

type RangeEvent struct {
	Introduced   string `json:"introduced,omitempty"`
	Fixed        string `json:"fixed,omitempty"`
	LastAffected string `json:"last_affected,omitempty"`
}

type Reference 

type Reference struct {
	Type string `json:"type"`
	URL  string `json:"url"`
}

type Versions 

type Versions []string

func (Versions) MarshalJSON 

func (vs Versions) MarshalJSON() ([]byte, error)

MarshalJSON ensures that if there are no versions, an empty array is used as the value instead of "null"

type Vulnerabilities 

type Vulnerabilities []OSV

func (Vulnerabilities) Includes 

func (vs Vulnerabilities) Includes(vulnerability OSV) bool

func (Vulnerabilities) MarshalJSON 

func (vs Vulnerabilities) MarshalJSON() ([]byte, error)

MarshalJSON ensures that if there are no vulnerabilities, an empty array is used as the value instead of "null"

func (Vulnerabilities) Unique 

func (vs Vulnerabilities) Unique() Vulnerabilities

type ZipDB 

type ZipDB struct {
	ArchiveURL       string
	WorkingDirectory string
	Offline          bool
	UpdatedAt        string
	// contains filtered or unexported fields
}

func NewZippedDB 

func NewZippedDB(config Config, offline bool) (*ZipDB, error)

func (*ZipDB) Check 

func (db *ZipDB) Check(pkgs []internal.PackageDetails) ([]Vulnerabilities, error)

func (*ZipDB) Identifier 

func (db *ZipDB) Identifier() string

func (*ZipDB) Name 

func (db *ZipDB) Name() string

func (*ZipDB) Vulnerabilities 

func (db *ZipDB) Vulnerabilities(includeWithdrawn bool) []OSV

func (*ZipDB) VulnerabilitiesAffectingPackage 

func (db *ZipDB) VulnerabilitiesAffectingPackage(pkg internal.PackageDetails) Vulnerabilities

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.