legacydb

package
v0.0.0-...-210767f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2023 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Package legacydb provides functionality for generating, reading, writing, and validating vulnerability databases according to the legacy schema.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Diff 

func Diff(dbname1, dbname2 string) (err error)

func Equivalent 

func Equivalent(path, legacyPath string) error

Equivalent returns an error if the v1 database in path does not represent the same data as the legacy database in legacyPath, or if either database is internally inconsistent according to its schema.

func Generate 

func Generate(ctx context.Context, repo *git.Repository, outDir string, indent bool) (err error)

Generate creates and writes a new Go vulnerability database to outDir based on the contents of the "data/osv" folder inside repo.

The repo must contain a "data/osv" folder with files in OSV JSON format with filenames of the form GO-YYYY-XXXX.json.

func Validate 

func Validate(newPath, oldPath string) (err error)

Validate checks that the databases in newPath and oldPath are both valid databases, and that the database in newPath can be safely deployed on top of the database in oldPath.

Types

type DBIndex 

type DBIndex map[string]time.Time

type Database 

type Database struct {
	// A map from module names to the last modified time.
	// Represents $dbPath/index.json
	Index DBIndex
	// Map from each Go ID to its OSV entry.
	// Represents $dbPath/ID/index.json and the contents of $dbPath/ID/
	EntriesByID EntriesByID
	// Map from each module path to a list of corresponding OSV entries.
	// Each map entry represents the contents of a $dbPath/$modulePath.json
	// file.
	EntriesByModule EntriesByModule
	// Map from each alias (CVE and GHSA) ID to a list of Go IDs for that
	// alias.
	// Represents $dbPath/aliases.json
	IDsByAlias IDsByAlias
}

Database is an in-memory representation of a Go vulnerability database, following the legacy specification at https://go.dev/security/vuln/database#api.

func Load 

func Load(dbPath string) (_ *Database, err error)

Load reads the contents of dbPath into a Database, and errors if:

  • Any files are malformed (cannot be unmarshaled)
  • The database has missing files (based on the module and ID indexes)
  • The database has unexpected files not listed in the indexes
  • The database is internally inconsistent

func New 

func New(ctx context.Context, repo *git.Repository) (_ *Database, err error)

New creates a new Database based on the contents of the "data/osv" folder in the given repo.

It reads each OSV file, marshals it into a struct, updates the modified and published times based on the time of latest and first CL to modify the file, and stores the struct in the Database (and updates associated index maps). The result is an in-memory vulnerability database that can be written to files via Database.Write.

The repo must contain a "data/osv" folder with files in OSV JSON format with filenames of the form GO-YYYY-XXXX.json.

New does not modify the repo.

func (*Database) Write 

func (d *Database) Write(path string, indent bool) (err error)

Write writes the contents of the Database to JSON files, following the legacy specification in https://go.dev/security/vuln/database#api. path is the base path where the database will be written, and indent indicates if the JSON should be indented.

type EntriesByID 

type EntriesByID map[string]*osv.Entry

type EntriesByModule 

type EntriesByModule map[string][]*osv.Entry

type IDsByAlias 

type IDsByAlias map[string][]string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.