ghsa

package

v0.0.0-...-210767f Latest Latest Go to latest Published: Oct 24, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/khulnasoft-lab/go-vulndb

Links

Open Source Insights

Documentation ¶

Overview ¶

Package ghsa supports GitHub security advisories.

Index ¶

Constants
func IsGHSA(s string) bool
type Client
- func NewClient(ctx context.Context, accessToken string) *Client
type Identifier
type Reference
type SecurityAdvisory
type Vuln

Constants ¶

View Source

const Regex = `GHSA-[^-]{4}-[^-]{4}-[^-]{4}`

Variables ¶

This section is empty.

Functions ¶

func IsGHSA ¶

func IsGHSA(s string) bool

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a client that can fetch data about GitHub security advisories.

func NewClient ¶

func NewClient(ctx context.Context, accessToken string) *Client

NewClient creates a new client for making requests to the GHSA API.

func (*Client) FetchGHSA ¶

func (c *Client) FetchGHSA(ctx context.Context, ghsaID string) (_ *SecurityAdvisory, err error)

FetchGHSA returns the SecurityAdvisory for the given Github Security Advisory ID.

func (*Client) List ¶

func (c *Client) List(ctx context.Context, since time.Time) ([]*SecurityAdvisory, error)

List returns all SecurityAdvisories that affect Go, published or updated since the given time.

func (*Client) ListForCVE ¶

func (c *Client) ListForCVE(ctx context.Context, cve string) ([]*SecurityAdvisory, error)

type Identifier ¶

type Identifier struct {
	Type  string
	Value string
}

An Identifier identifies an advisory according to some scheme or organization, given by the Type field. Example types are GHSA and CVE.

type Reference ¶

type Reference struct {
	URL string
}

A Reference is a URL linked to by the advisory.

type SecurityAdvisory ¶

type SecurityAdvisory struct {
	// The GitHub Security Advisory identifier.
	ID string
	// A complete list of identifiers, e.g. CVE numbers.
	Identifiers []Identifier
	// A short description of the advisory.
	Summary string
	// A full description of the advisory.
	Description string
	// Where the advisory came from.
	Origin string
	// A link to a page for the advisory.
	Permalink string
	// When the advisory was first published.
	PublishedAt time.Time
	// References linked to by this advisory.
	References []Reference
	// When the advisory was last updated; should always be >= PublishedAt.
	UpdatedAt time.Time
	// The vulnerabilities associated with this advisory.
	Vulns []*Vuln
}

A SecurityAdvisory represents a GitHub security advisory.

type Vuln ¶

type Vuln struct {
	// The vulnerable Go package or module.
	Package string
	// The severity of the vulnerability.
	Severity githubv4.SecurityAdvisorySeverity
	// The earliest fixed version.
	EarliestFixedVersion string
	// A string representing the range of vulnerable versions.
	// E.g. ">= 1.0.3"
	VulnerableVersionRange string
	// When the vulnerability was last updated.
	UpdatedAt time.Time
}

A Vuln represents a vulnerability.

Source Files ¶

View all Source files

ghsa.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL