ghsa

package

v0.0.0-...-210767f Latest Latest Go to latest Published: Oct 24, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/khulnasoft-lab/go-vulndb

Links

Open Source Insights

Documentation ¶

Overview ¶

Package ghsa supports GitHub security advisories.

Index ¶

Constants
func IsGHSA(s string) bool
type Client
- func NewClient(ctx context.Context, accessToken string) *Client
type Identifier
type Reference
type SecurityAdvisory
type Vuln

Constants ¶

View Source

const Regex = `GHSA-[^-]{4}-[^-]{4}-[^-]{4}`

Variables ¶

This section is empty.

Functions ¶

func IsGHSA ¶

func IsGHSA(s string) bool

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a client that can fetch data about GitHub security advisories.

func NewClient ¶

func NewClient(ctx context.Context, accessToken string) *Client

NewClient creates a new client for making requests to the GHSA API.

func (*Client) FetchGHSA ¶

func (c *Client) FetchGHSA(ctx context.Context, ghsaID string) (_ *SecurityAdvisory, err error)

FetchGHSA returns the SecurityAdvisory for the given Github Security Advisory ID.

func (*Client) List ¶

func (c *Client) List(ctx context.Context, since time.Time) ([]*SecurityAdvisory, error)

List returns all SecurityAdvisories that affect Go, published or updated since the given time.

func (*Client) ListForCVE ¶

func (c *Client) ListForCVE(ctx context.Context, cve string) ([]*SecurityAdvisory, error)

type Identifier ¶

type Identifier struct {
	Type  string
	Value string
}

An Identifier identifies an advisory according to some scheme or organization, given by the Type field. Example types are GHSA and CVE.

type Reference ¶

type Reference struct {
	URL string
}

A Reference is a URL linked to by the advisory.

type SecurityAdvisory ¶

type SecurityAdvisory struct {
	// The GitHub Security Advisory identifier.
	ID string
	// A complete list of identifiers, e.g. CVE numbers.
	Identifiers []Identifier
	// A short description of the advisory.
	Summary string
	// A full description of the advisory.
	Description string
	// Where the advisory came from.
	Origin string
	// A link to a page for the advisory.
	Permalink string
	// When the advisory was first published.
	PublishedAt time.Time
	// References linked to by this advisory.
	References []Reference
	// When the advisory was last updated; should always be >= PublishedAt.
	UpdatedAt time.Time
	// The vulnerabilities associated with this advisory.
	Vulns []*Vuln
}

A SecurityAdvisory represents a GitHub security advisory.

type Vuln ¶

type Vuln struct {
	// The vulnerable Go package or module.
	Package string
	// The severity of the vulnerability.
	Severity githubv4.SecurityAdvisorySeverity
	// The earliest fixed version.
	EarliestFixedVersion string
	// A string representing the range of vulnerable versions.
	// E.g. ">= 1.0.3"
	VulnerableVersionRange string
	// When the vulnerability was last updated.
	UpdatedAt time.Time
}

A Vuln represents a vulnerability.

Source Files ¶

View all Source files

ghsa.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL