vulncheck

package
v0.0.66 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2024 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Overview

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Package vulncheck provides the vulnerability check evaluator

Index

Constants

View Source
const (
	// VulncheckEvalType is the type of the vulncheck evaluator
	VulncheckEvalType = "vulncheck"
)

Variables

View Source
var ErrPkgNotFound = fmt.Errorf("package not found")

ErrPkgNotFound is returned when the package is not found in the package repository

Functions

This section is empty.

Types

type Evaluator

type Evaluator struct {
	// contains filtered or unexported fields
}

Evaluator is the vulncheck evaluator

func NewVulncheckEvaluator

func NewVulncheckEvaluator(
	ghcli provifv1.GitHub,
	opts ...eoptions.Option,
) (*Evaluator, error)

NewVulncheckEvaluator creates a new vulncheck evaluator

func (*Evaluator) Eval

func (e *Evaluator) Eval(
	ctx context.Context,
	pol map[string]any,
	_ protoreflect.ProtoMessage,
	res *engif.Result,
) error

Eval implements the Evaluator interface.

func (*Evaluator) SetFlagsClient

func (e *Evaluator) SetFlagsClient(client openfeature.IClient) error

SetFlagsClient sets the `openfeature` client in the underlying `Evaluator` struct.

type OSVResponse

type OSVResponse struct {
	Vulns []struct {
		ID               string    `json:"id"`
		Summary          string    `json:"summary"`
		Details          string    `json:"details"`
		Aliases          []string  `json:"aliases"`
		Modified         time.Time `json:"modified"`
		Published        time.Time `json:"published"`
		DatabaseSpecific struct {
			GithubReviewedAt string   `json:"github_reviewed_at"`
			GithubReviewed   bool     `json:"github_reviewed"`
			Severity         string   `json:"severity"`
			CweIDs           []string `json:"cwe_ids"`
			NvdPublishedAt   string   `json:"nvd_published_at"`
		} `json:"database_specific"`
		References []struct {
			Type string `json:"type"`
			URL  string `json:"url"`
		} `json:"references"`
		Affected []struct {
			Package struct {
				Name      string `json:"name"`
				Ecosystem string `json:"ecosystem"`
				Purl      string `json:"purl"`
			} `json:"package"`
			Ranges []struct {
				Type   string `json:"type"`
				Events []struct {
					Introduced string `json:"introduced,omitempty"`
					Fixed      string `json:"fixed,omitempty"`
				} `json:"events"`
			} `json:"ranges"`
			DatabaseSpecific struct {
				Source string `json:"source"`
			} `json:"database_specific"`
		} `json:"affected"`
		SchemaVersion string `json:"schema_version"`
		Severity      []struct {
			Type  string `json:"type"`
			Score string `json:"score"`
		} `json:"severity"`
	} `json:"vulns"`
}

OSVResponse is a response from the OSV database

type PyPiReply

type PyPiReply struct {
	Info struct {
		Name    string `json:"name"`
		Version string `json:"version"`
	} `json:"info"`
	// contains filtered or unexported fields
}

PyPiReply is the reply from the PyPi API

func (*PyPiReply) GetFormatterMeta

func (p *PyPiReply) GetFormatterMeta() formatterMeta

GetFormatterMeta returns the formatterMeta for the PyPiReply

func (*PyPiReply) GetPatchedVersion

func (p *PyPiReply) GetPatchedVersion() string

GetPatchedVersion returns the suggested patch version for a vulnerable package

func (*PyPiReply) HasPatchedVersion

func (p *PyPiReply) HasPatchedVersion() bool

HasPatchedVersion returns true if the vulnerable package can be updated to a patched version

func (*PyPiReply) IndentedString

func (p *PyPiReply) IndentedString(_ int, oldDepLine string, oldDep *pbinternal.Dependency) string

IndentedString returns the patch suggestion for a requirement.txt file This method satisfies the patchLocatorFormatter interface where different package managers have different patch formats and different ways of presenting them. Since PyPi doesn't indent, but can specify zero or multiple versions, we don't care about the indent parameter. This is ripe for refactoring, though, see the comment in the patchLocatorFormatter interface.

func (*PyPiReply) LineHasDependency

func (p *PyPiReply) LineHasDependency(line string) bool

LineHasDependency returns true if the requirement.txt line is for the same package as the receiver

type RepoQuerier

type RepoQuerier interface {
	SendRecvRequest(ctx context.Context, dep *pbinternal.Dependency, patched string, latest bool) (patchLocatorFormatter, error)
	NoPatchAvailableFormatter(dep *pbinternal.Dependency) patchLocatorFormatter
	PkgRegistryErrorFormatter(dep *pbinternal.Dependency, registryErr error) patchLocatorFormatter
}

RepoQuerier is the interface for querying a repository

type Vulnerability

type Vulnerability struct {
	ID         string `json:"id"`
	Summary    string `json:"summary"`
	Details    string `json:"details"`
	Introduced string `json:"introduced,omitempty"`
	Fixed      string `json:"fixed,omitempty"`
	Type       string `json:"type"`
}

Vulnerability is a vulnerability JSON representation

type VulnerabilityResponse

type VulnerabilityResponse struct {
	Vulns []Vulnerability `json:"vulns"`
}

VulnerabilityResponse is a response from the vulnerability database

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL