osv

package

v1.7.0 Latest Latest Go to latest Published: Mar 6, 2024 License: Apache-2.0 Imports: 11 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Get(id string) (*models.Vulnerability, error)
func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error)
type BatchedQuery
type BatchedResponse
- func MakeRequest(request BatchedQuery) (*BatchedResponse, error)
- func MakeRequestWithClient(request BatchedQuery, client *http.Client) (*BatchedResponse, error)
type DetermineVersionHash
type DetermineVersionResponse
- func MakeDetermineVersionRequest(name string, hashes []DetermineVersionHash) (*DetermineVersionResponse, error)
type HydratedBatchedResponse
- func Hydrate(resp *BatchedResponse) (*HydratedBatchedResponse, error)
- func HydrateWithClient(resp *BatchedResponse, client *http.Client) (*HydratedBatchedResponse, error)
type MinimalResponse
type MinimalVulnerability
type Package
type Query
type Response

Constants ¶

View Source

const (
	// QueryEndpoint is the URL for posting queries to OSV.
	QueryEndpoint = "https://api.osv.dev/v1/querybatch"
	// GetEndpoint is the URL for getting vulenrabilities from OSV.
	GetEndpoint = "https://api.osv.dev/v1/vulns"
	// DetermineVersionEndpoint is the URL for posting determineversion queries to OSV.
	DetermineVersionEndpoint = "https://api.osv.dev/v1experimental/determineversion"
	// BaseVulnerabilityURL is the base URL for detailed vulnerability views.
	BaseVulnerabilityURL = "https://osv.dev/"
)

Variables ¶

View Source

var RequestUserAgent = ""

Functions ¶

func Get ¶

func Get(id string) (*models.Vulnerability, error)

Get a Vulnerability for the given ID.

func GetWithClient ¶ added in v1.3.3

func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error)

GetWithClient gets a Vulnerability for the given ID with the provided http client.

Types ¶

type BatchedQuery ¶

type BatchedQuery struct {
	Queries []*Query `json:"queries"`
}

BatchedQuery represents a batched query to OSV.

type BatchedResponse ¶

type BatchedResponse struct {
	Results []MinimalResponse `json:"results"`
}

BatchedResponse represents an unhydrated batched response from OSV.

func MakeRequest ¶

func MakeRequest(request BatchedQuery) (*BatchedResponse, error)

MakeRequest sends a batched query to osv.dev

func MakeRequestWithClient ¶ added in v1.3.3

func MakeRequestWithClient(request BatchedQuery, client *http.Client) (*BatchedResponse, error)

MakeRequestWithClient sends a batched query to osv.dev with the provided http client.

type DetermineVersionHash ¶ added in v1.4.3

type DetermineVersionHash struct {
	Path string `json:"path"`
	Hash []byte `json:"hash"`
}

DetermineVersionHash holds the per file hash and path information for determineversion.

type DetermineVersionResponse ¶ added in v1.4.3

type DetermineVersionResponse struct {
	Matches []struct {
		Score    float64 `json:"score"`
		RepoInfo struct {
			Type    string `json:"type"`
			Address string `json:"address"`
			Tag     string `json:"tag"`
			Version string `json:"version"`
			Commit  string `json:"commit"`
		} `json:"repo_info"`
	} `json:"matches"`
}

func MakeDetermineVersionRequest ¶ added in v1.4.3

func MakeDetermineVersionRequest(name string, hashes []DetermineVersionHash) (*DetermineVersionResponse, error)

type HydratedBatchedResponse ¶

type HydratedBatchedResponse struct {
	Results []Response `json:"results"`
}

HydratedBatchedResponse represents a hydrated batched response from OSV.

func Hydrate ¶

func Hydrate(resp *BatchedResponse) (*HydratedBatchedResponse, error)

Hydrate fills the results of the batched response with the full Vulnerability details.

func HydrateWithClient ¶ added in v1.3.3

func HydrateWithClient(resp *BatchedResponse, client *http.Client) (*HydratedBatchedResponse, error)

HydrateWithClient fills the results of the batched response with the full Vulnerability details using the provided http client.

type MinimalResponse ¶

type MinimalResponse struct {
	Vulns []MinimalVulnerability `json:"vulns"`
}

MinimalResponse represents an unhydrated response from OSV.

type MinimalVulnerability ¶

type MinimalVulnerability struct {
	ID string `json:"id"`
}

MinimalVulnerability represents an unhydrated vulnerability entry from OSV.

type Package ¶

type Package struct {
	PURL      string `json:"purl,omitempty"`
	Name      string `json:"name,omitempty"`
	Ecosystem string `json:"ecosystem,omitempty"`
}

Package represents a package identifier for OSV.

type Query ¶

type Query struct {
	Commit   string            `json:"commit,omitempty"`
	Package  Package           `json:"package,omitempty"`
	Version  string            `json:"version,omitempty"`
	Source   models.SourceInfo `json:"-"` // TODO: Move this into Info struct in v2
	Metadata models.Metadata   `json:"-"`
}

Query represents a query to OSV.

func MakeCommitRequest ¶

func MakeCommitRequest(commit string) *Query

MakeCommitRequest makes a commit hash request.

func MakePURLRequest ¶

func MakePURLRequest(purl string) *Query

MakePURLRequest makes a PURL request.

func MakePkgRequest ¶

func MakePkgRequest(pkgDetails lockfile.PackageDetails) *Query

type Response ¶

type Response struct {
	Vulns []models.Vulnerability `json:"vulns"`
}

Response represents a full response from OSV.

Source Files ¶

View all Source files

osv.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL