remediation

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 30, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeOverridePatches added in v1.8.3 

func ComputeOverridePatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeOverridePatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches. Vulnerabilities are resolved by directly overriding versions of vulnerable packages to non-vulnerable versions. If a patch introduces new vulnerabilities, additional overrides are attempted for the new vulnerabilities.

func ComputeRelaxPatches 

func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeRelaxPatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches

func SupportsInPlace added in v1.8.3 

func SupportsInPlace(l lockfile.ReadWriter) bool

func SupportsOverride added in v1.8.3 

func SupportsOverride(m manifest.ReadWriter) bool

func SupportsRelax added in v1.8.3 

func SupportsRelax(m manifest.ReadWriter) bool

TODO: Supported strategies should be part of the manifest/lockfile ReadWriter directly

Types

type InPlacePatch added in v1.7.0 

type InPlacePatch struct {
	lf.DependencyPatch
	ResolvedVulns []resolution.Vulnerability
}

type InPlaceResult added in v1.7.0 

type InPlaceResult struct {
	Patches   []InPlacePatch
	Unfixable []resolution.Vulnerability
}

func ComputeInPlacePatches added in v1.7.0 

func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, opts Options) (InPlaceResult, error)

ComputeInPlacePatches finds all possible targeting version changes that would fix vulnerabilities in a resolved graph. TODO: Check for introduced vulnerabilities

func (InPlaceResult) VulnCount added in v1.7.0 

func (r InPlaceResult) VulnCount() VulnCount

type Options added in v1.9.0 

type Options struct {
	resolution.ResolveOpts
	IgnoreVulns   []string // Vulnerability IDs to ignore
	ExplicitVulns []string // If set, only consider these vulnerability IDs & ignore all others

	DevDeps     bool    // Whether to consider vulnerabilities in dev dependencies
	MinSeverity float64 // Minimum vulnerability CVSS score to consider
	MaxDepth    int     // Maximum depth of dependency to consider vulnerabilities for (e.g. 1 for direct only)

	UpgradeConfig upgrade.Config // Allowed upgrade levels per package.
}

func (Options) MatchVuln added in v1.9.0 

func (opts Options) MatchVuln(v resolution.Vulnerability) bool

type VulnCount added in v1.7.0 

type VulnCount struct {
	Direct     int
	Transitive int

	// Note: These are metrics that overlap with Direct/Transitive, and with each other.
	Unfixable int
	Dev       int
}

func (VulnCount) Total added in v1.7.0 

func (vc VulnCount) Total() int

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.