remediation

package

v2.0.0-beta2 Latest Latest Go to latest Published: Feb 12, 2025 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/osv-scanner

Documentation ¶

Index ¶

func ComputeOverridePatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, ...) ([]resolution.Difference, error)
func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, ...) ([]resolution.Difference, error)
func SupportsInPlace(l lockfile.ReadWriter) bool
func SupportsOverride(m manifest.ReadWriter) bool
func SupportsRelax(m manifest.ReadWriter) bool
type InPlacePatch
type InPlaceResult
- func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, ...) (InPlaceResult, error)
- func (r InPlaceResult) VulnCount() VulnCount
type Options
- func (opts Options) MatchVuln(v resolution.Vulnerability) bool
type VulnCount
- func (vc VulnCount) Total() int

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComputeOverridePatches ¶

func ComputeOverridePatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeOverridePatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches. Vulnerabilities are resolved by directly overriding versions of vulnerable packages to non-vulnerable versions. If a patch introduces new vulnerabilities, additional overrides are attempted for the new vulnerabilities.

func ComputeRelaxPatches ¶

func ComputeRelaxPatches(ctx context.Context, cl client.ResolutionClient, result *resolution.Result, opts Options) ([]resolution.Difference, error)

ComputeRelaxPatches attempts to resolve each vulnerability found in result independently, returning the list of unique possible patches

func SupportsInPlace ¶

func SupportsInPlace(l lockfile.ReadWriter) bool

func SupportsOverride ¶

func SupportsOverride(m manifest.ReadWriter) bool

func SupportsRelax ¶

func SupportsRelax(m manifest.ReadWriter) bool

TODO: Supported strategies should be part of the manifest/lockfile ReadWriter directly

Types ¶

type InPlacePatch ¶

type InPlacePatch struct {
	lf.DependencyPatch
	ResolvedVulns []resolution.Vulnerability
}

type InPlaceResult ¶

type InPlaceResult struct {
	Patches   []InPlacePatch
	Unfixable []resolution.Vulnerability
}

func ComputeInPlacePatches ¶

func ComputeInPlacePatches(ctx context.Context, cl client.ResolutionClient, graph *resolve.Graph, opts Options) (InPlaceResult, error)

ComputeInPlacePatches finds all possible targeting version changes that would fix vulnerabilities in a resolved graph. TODO: Check for introduced vulnerabilities

func (InPlaceResult) VulnCount ¶

func (r InPlaceResult) VulnCount() VulnCount

type Options ¶

type Options struct {
	resolution.ResolveOpts
	IgnoreVulns   []string // Vulnerability IDs to ignore
	ExplicitVulns []string // If set, only consider these vulnerability IDs & ignore all others

	DevDeps     bool    // Whether to consider vulnerabilities in dev dependencies
	MinSeverity float64 // Minimum vulnerability CVSS score to consider
	MaxDepth    int     // Maximum depth of dependency to consider vulnerabilities for (e.g. 1 for direct only)

	UpgradeConfig upgrade.Config // Allowed upgrade levels per package.
}

func (Options) MatchVuln ¶

func (opts Options) MatchVuln(v resolution.Vulnerability) bool

type VulnCount ¶

type VulnCount struct {
	Direct     int
	Transitive int

	// Note: These are metrics that overlap with Direct/Transitive, and with each other.
	Unfixable int
	Dev       int
}

func (VulnCount) Total ¶

func (vc VulnCount) Total() int

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
relax
suggest
upgrade

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL