Documentation ¶
Overview ¶
Package vulntest provides helpers for vulncheck functionality testing.
Index ¶
Constants ¶
const ( ReferenceTypeAdvisory = ReferenceType("ADVISORY") ReferenceTypeArticle = ReferenceType("ARTICLE") ReferenceTypeReport = ReferenceType("REPORT") ReferenceTypeFix = ReferenceType("FIX") ReferenceTypePackage = ReferenceType("PACKAGE") ReferenceTypeEvidence = ReferenceType("EVIDENCE") ReferenceTypeWeb = ReferenceType("WEB") )
Variables ¶
var ReferenceTypes = []ReferenceType{ ReferenceTypeAdvisory, ReferenceTypeArticle, ReferenceTypeReport, ReferenceTypeFix, ReferenceTypePackage, ReferenceTypeEvidence, ReferenceTypeWeb, }
ReferenceTypes is the set of reference types defined in OSV.
Functions ¶
func AffectedRanges ¶
func AffectedRanges(versions []VersionRange) []osv.Range
Types ¶
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB is a read-only vulnerability database on disk. Users can use this database with golang.org/x/vuln APIs by setting the `VULNDB` environment variable.
func NewDatabase ¶
NewDatabase returns a read-only DB containing the provided txtar-format collection of vulnerability reports. Each vulnerability report is a YAML file whose format is defined in golang.org/x/vulndb/doc/format.md. A report file name must have the id as its base name, and have .yaml as its extension.
db, err := NewDatabase(ctx, reports) ... defer db.Clean() client, err := NewClient(db) ...
The returned DB's Clean method must be called to clean up the generated database.
type Module ¶
type Module struct { Module string `yaml:",omitempty"` Versions []VersionRange `yaml:",omitempty"` Packages []*Package `yaml:",omitempty"` }
type Package ¶
type Package struct { Package string `yaml:",omitempty"` GOOS []string `yaml:"goos,omitempty"` GOARCH []string `yaml:"goarch,omitempty"` // Symbols originally identified as vulnerable. Symbols []string `yaml:",omitempty"` // Additional vulnerable symbols, computed from Symbols via static analysis // or other technique. DerivedSymbols []string `yaml:"derived_symbols,omitempty"` }
type Reference ¶
A Reference is a link to some external resource.
For ease of typing, References are represented in the YAML as a single-element mapping of type to URL.
func (*Reference) MarshalYAML ¶
func (*Reference) UnmarshalYAML ¶
type Report ¶
type Report struct { ID string `yaml:",omitempty"` Modules []*Module `yaml:",omitempty"` // Summary is a short phrase describing the vulnerability. Summary string `yaml:",omitempty"` // Description is the CVE description from an existing CVE. If we are // assigning a CVE ID ourselves, use CVEMetadata.Description instead. Description string `yaml:",omitempty"` Published time.Time `yaml:",omitempty"` Withdrawn *time.Time `yaml:",omitempty"` References []*Reference `yaml:",omitempty"` }
Report represents a vulnerability report in the vulndb. See https://go.googlesource.com/vulndb/+/refs/heads/master/doc/format.md
type Version ¶
type Version string
Version is an SemVer 2.0.0 semantic version with no leading "v" prefix, as used by OSV.