packagehandlers

package
v2.23.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 22, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// Package names are case-insensitive with this prefix
	PythonPackageRegexPrefix = "(?i)"
	// Match all possible operators and versions syntax
	PythonPackageRegexSuffix = "" /* 132-byte string literal not displayed */
)
View Source
const MavenVersionNotAvailableErrorFormat = "Version %s is not available for artifact"

Variables

This section is empty.

Functions

func GetVulnerabilityRegexCompiler added in v2.20.0

func GetVulnerabilityRegexCompiler(impactedName, impactedVersion, dependencyLineFormat string) *regexp.Regexp

This function adjusts the name and version of a dependency to conform to a regular expression format and constructs the complete regular expression pattern for searching. Note: 'dependencyLineFormat' should be a template with two placeholders to be populated. The first one will be replaced with 'impactedName', and the second one with 'impactedVersion'. Note: All supplied arguments are converted to lowercase. Hence, when utilizing this function, the file in which we search for the patterns must also be converted to lowercase. Note: This function may not support all package manager dependency formats. It is designed for package managers where the dependency's name consists of a single component. For example, in Gradle descriptors, a dependency line may consist of two components for the dependency's name (e.g., implementation group: 'junit', name: 'junit', version: '4.7'), therefore this func cannot be utilized in this case.

Types

type CommonPackageHandler

type CommonPackageHandler struct {
	// contains filtered or unexported fields
}

func (*CommonPackageHandler) GetAllDescriptorFilesFullPaths added in v2.20.0

func (cph *CommonPackageHandler) GetAllDescriptorFilesFullPaths(descriptorFilesSuffixes []string, patternsToExclude ...string) (descriptorFilesFullPaths []string, err error)

Recursively scans the current directory for descriptor files based on the provided list of suffixes, while excluding paths that match the specified exclusion patterns. The patternsToExclude must be provided as regexp patterns. For instance, if the pattern ".*node_modules.*" is provided, any paths containing "node_modules" will be excluded from the result. Returns a slice of all discovered descriptor files, represented as absolute paths.

func (*CommonPackageHandler) SetCommonParams

func (cph *CommonPackageHandler) SetCommonParams(serverDetails *config.ServerDetails, depsRepo string)

func (*CommonPackageHandler) UpdateDependency

func (cph *CommonPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails, installationCommand string, extraArgs ...string) (err error)

UpdateDependency updates the impacted package to the fixed version

type GoPackageHandler

type GoPackageHandler struct {
	CommonPackageHandler
}

func (*GoPackageHandler) UpdateDependency

func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type GradlePackageHandler

type GradlePackageHandler struct {
	CommonPackageHandler
}

func (*GradlePackageHandler) UpdateDependency

func (gph *GradlePackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type MavenPackageHandler

type MavenPackageHandler struct {
	CommonPackageHandler

	// mavenDepTreeManager handles the installation and execution of the maven-dep-tree to obtain all the project poms and running mvn commands
	*java.MavenDepTreeManager
	// contains filtered or unexported fields
}

func NewMavenPackageHandler

func NewMavenPackageHandler(scanDetails *utils.ScanDetails) *MavenPackageHandler

func (*MavenPackageHandler) UpdateDependency

func (mph *MavenPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) (err error)

type NpmPackageHandler

type NpmPackageHandler struct {
	CommonPackageHandler
}

func (*NpmPackageHandler) UpdateDependency

func (npm *NpmPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type NugetPackageHandler

type NugetPackageHandler struct {
	CommonPackageHandler
}

func (*NugetPackageHandler) UpdateDependency

func (nph *NugetPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type PackageHandler

type PackageHandler interface {
	UpdateDependency(details *utils.VulnerabilityDetails) error
	SetCommonParams(serverDetails *config.ServerDetails, depsRepo string)
}

PackageHandler interface to hold operations on packages

func GetCompatiblePackageHandler

func GetCompatiblePackageHandler(vulnDetails *utils.VulnerabilityDetails, details *utils.ScanDetails) (handler PackageHandler)

type PnpmPackageHandler added in v2.20.0

type PnpmPackageHandler struct {
	CommonPackageHandler
}

func (*PnpmPackageHandler) UpdateDependency added in v2.20.0

func (pnpm *PnpmPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type PythonPackageHandler

type PythonPackageHandler struct {
	CommonPackageHandler
	// contains filtered or unexported fields
}

PythonPackageHandler Handles all the python package mangers as they share behavior

func (*PythonPackageHandler) UpdateDependency

func (py *PythonPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type UnsupportedPackageHandler

type UnsupportedPackageHandler struct {
}

func (*UnsupportedPackageHandler) SetCommonParams

func (uph *UnsupportedPackageHandler) SetCommonParams(serverDetails *config.ServerDetails, depsRepo string)

func (*UnsupportedPackageHandler) UpdateDependency

func (uph *UnsupportedPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

type YarnPackageHandler

type YarnPackageHandler struct {
	CommonPackageHandler
}

func (*YarnPackageHandler) UpdateDependency

func (yarn *YarnPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL