java

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 28, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package java contains components for interrogating java packages in container layers.

Package java contains components for interrogating java maven packages in container layers.

Index

Constants

View Source
const DefaultRequestTimeout = 2 * time.Second
View Source
const DefaultSearchAPI = `https://search.maven.org/solrsearch/select`

DefaultSearchAPI is a maven-like REST API that may be used to do reverse lookups based on an archive's sha1 sum.

Variables

View Source
var (
	Repository = claircore.Repository{
		Name: "maven",
		URI:  "https://repo1.maven.apache.org/maven2",
	}
)

Functions

func NewEcosystem

func NewEcosystem(ctx context.Context) *indexer.Ecosystem

NewEcosystem provides the set of scanners for the java ecosystem.

Types

type Matcher

type Matcher struct{}

Matcher matches discovered Java Maven packages against advisories provided via OSV.

func (*Matcher) Filter

func (*Matcher) Filter(r *claircore.IndexRecord) bool

func (*Matcher) Name

func (*Matcher) Name() string

Name implements driver.Matcher.

func (*Matcher) Query

func (*Matcher) Query() []driver.MatchConstraint

Query implements driver.Matcher.

func (*Matcher) Vulnerable

func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)

type RepoScanner

type RepoScanner struct{}

func (*RepoScanner) Kind

func (*RepoScanner) Kind() string

Kind implements scanner.VersionedScanner.

func (*RepoScanner) Name

func (*RepoScanner) Name() string

Name implements scanner.VersionedScanner.

func (*RepoScanner) Scan

func (rs *RepoScanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircore.Repository, error)

Scan attempts to find jar, war or ear and record the package information there.

A return of (nil, nil) is expected if there's nothing found.

func (*RepoScanner) Version

func (*RepoScanner) Version() string

Version implements scanner.VersionedScanner.

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner implements the scanner.PackageScanner interface.

It looks for files that seem like jar, war or ear, and looks at the metadata recorded there.

The zero value is ready to use.

func (*Scanner) Configure

func (s *Scanner) Configure(ctx context.Context, f indexer.ConfigDeserializer, c *http.Client) error

Configure implements indexer.RPCScanner.

func (*Scanner) Kind

func (*Scanner) Kind() string

Kind implements scanner.VersionedScanner.

func (*Scanner) Name

func (*Scanner) Name() string

Name implements scanner.VersionedScanner.

func (*Scanner) Scan

func (s *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircore.Package, error)

Scan attempts to find jar, war or ear files and record the package information there.

A return of (nil, nil) is expected if there's nothing found.

func (*Scanner) Version

func (*Scanner) Version() string

Version implements scanner.VersionedScanner.

type ScannerConfig

type ScannerConfig struct {
	// API is a URL endpoint to a maven-like REST API.
	// The default is DefaultSearchAPI.
	API               string        `yaml:"api" json:"api"`
	APIRequestTimeout time.Duration `yaml:"api_request_timeout" json:"api_request_timeout"`
}

ScannerConfig is the struct used to configure a Scanner.

Notes

Bugs

  • There's no way for a scanner that makes RPC calls to signal "the call failed, these are best-effort results, and please retry."

  • There's probably some bugs lurking in the jar.Info → claircore.Package mapping code around embedded jars. There's a testcase to be written, there.

Directories

Path Synopsis
Package jar implements a scanner on Java archive (jar) files.
Package jar implements a scanner on Java archive (jar) files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL