pypi

package
v0.0.0-...-b9de0f1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

README

PyPI

Reference matching

For PyPI, we find package reference URLs by doing a BigQuery query on the public PyPI dataset.

bq query --max_rows=10000000 --format=json --nouse_legacy_sql < pypi_links.sql > pypi_links.json

This is also continuously updated and available at https://storage.googleapis.com/pypa-advisory-db/triage/pypi_links.json

However this includes packages that no longer exist or were deleted, so we check against the pypi simple API to make sure any matches actually exist.

Version matching

We also extract all valid versions by doing:

bq query --max_rows=10000000 --format=json --nouse_legacy_sql < pypi_versions.sql > pypi_versions.json

This is also continuously updated and available at https://storage.googleapis.com/pypa-advisory-db/triage/pypi_versions.json

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NormalizePackageName 

func NormalizePackageName(name string) string

NormalizePackageName normalizes a PyPI package name.

Types

type PyPI 

type PyPI struct {
	// contains filtered or unexported fields
}

func New 

func New(pypiLinksPath string, pypiVersionsPath string) *PyPI

func (*PyPI) Matches 

func (p *PyPI) Matches(cve cves.CVE, falsePositives *triage.FalsePositives) []string

func (*PyPI) PackageURL 

func (p *PyPI) PackageURL(pkg string) string

func (*PyPI) Versions 

func (p *PyPI) Versions(pkg string) []string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.