staticanalysis

Documentation

Index

• type ArchiveResult
• type Result
  • func (r *Result) ToAPIResults() *staticanalysis.Results
• type SingleResult
  • func AnalyzePackageFiles(ctx context.Context, extractDir string, jsParserConfig parsing.ParserConfig, ...) ([]SingleResult, error)
  • func (r SingleResult) String() string
• type Task
  • func AllTasks() []Task
  • func TaskFromString(s string) (Task, bool)

Types

type ArchiveResult

type ArchiveResult struct {
	// DetectedType records the output of the `file` command run on the archive.
	DetectedType string

	// Size records the (compressed) size of the archive (as reported by the filesystem).
	Size int64

	// SHA256 records the SHA256 hashsum of the archive.
	SHA256 string
}

type Result

type Result struct {
	Archive ArchiveResult
	Files   []SingleResult
}

Result (staticanalysis.Result) is the top-level internal data structure that stores all data produced by static analysis performed on a package artifact.

func (*Result) ToAPIResults

func (r *Result) ToAPIResults() *staticanalysis.Results

ToAPIResults converts the data in this Result object into the public staticanalysis.Results format defined in pkg/api/staticanalysis.

type SingleResult

type SingleResult struct {
	// Filename is the relative path to the file within the package
	Filename string

	Basic   *basicdata.FileData
	Parsing *parsing.SingleResult
	Signals *signals.FileSignals
}

SingleResult (staticanalysis.SingleResult) stores all data obtained by static analysis, performed on a single file of a package / artifact. Each field corresponds to a different analysis task (see Task). All nested structs must be JSON serialisable, so they can be sent across the sandbox boundary.

func AnalyzePackageFiles

func AnalyzePackageFiles(ctx context.Context, extractDir string, jsParserConfig parsing.ParserConfig, analysisTasks []Task) ([]SingleResult, error)

AnalyzePackageFiles walks a tree of extracted package files and runs the analysis tasks listed in analysisTasks to produce the result data.

Note that to some tasks depend on the data from other tasks; for example, 'signals' depends on 'parsing'. If a task listed in analysisTasks depends on a task not listed in analysisTasks, then both tasks are performed.

If staticanalysis.Parsing is not in the list of analysisTasks, jsParserConfig may be empty.

If an error occurs while traversing the extracted package directory tree, or an invalid task is requested, a nil result is returned along with the corresponding error object.

func (SingleResult) String

func (r SingleResult) String() string

type Task

type Task string

A Task (static analysis task) refers to a particular type of static analysis to be performed. Some tasks may depend on other tasks, for example Signals depends on Parsing.

const (
	// Basic analysis consists of information about a file that can be determined
	// without parsing, for example file size, file type and hash.
	Basic Task = "basic"

	// Parsing analysis involves using a programming language parser to extract
	// source code information from the file.
	Parsing Task = "parsing"

	// Signals analysis involves using applying certain detection rules to extract
	// signals of interest from the code. It depends on the output of the Parsing task,
	// and does not require reading files directly.
	Signals Task = "signals"

	// All is not a task itself, but represents/'depends on' all other tasks.
	All Task = "all"
)

NOTE: the string values below should match the JSON field names in result.go.

func AllTasks

func AllTasks() []Task

func TaskFromString

func TaskFromString(s string) (Task, bool)