advisory

package
v0.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrNoPackageSecurityData = errors.New("no package security data found")

Functions

func BuildSecurityDatabase added in v0.5.1 

func BuildSecurityDatabase(opts BuildSecurityDatabaseOptions) ([]byte, error)

BuildSecurityDatabase builds an Alpine-style security database from the given options.

func Create 

func Create(req Request, opts CreateOptions) error

Create creates a new advisory in the `advisories` section of the document at the provided path.

func Discover 

func Discover(ctx context.Context, opts DiscoverOptions) error

Discover searches for new vulnerabilities that match packages in a config index, and adds new advisories to configs for vulnerabilities that haven't been noted yet.

func DiscoverAliases added in v0.5.0 

func DiscoverAliases(ctx context.Context, opts DiscoverAliasesOptions) error

DiscoverAliases queries external data sources for aliases for the vulnerabilities described in the selected advisories and updates the advisory documents with the discovered aliases.

func ExportCSV added in v0.1.6 

func ExportCSV(opts ExportOptions) (io.Reader, error)

ExportCSV returns a reader of advisory data encoded as CSV.

func ExportYAML added in v0.1.6 

func ExportYAML(opts ExportOptions) (io.Reader, error)

ExportYAML returns a reader of advisory data encoded as YAML.

func Update 

func Update(req Request, opts UpdateOptions) error

Update adds a new event to an existing advisory (named by the vuln parameter) in the document at the provided path.

func Validate 

func Validate(opts ValidateOptions) error

Types

type AliasFinder added in v0.5.0 

type AliasFinder interface {
	CVEForGHSA(ctx context.Context, ghsaID string) (string, error)
	GHSAsForCVE(ctx context.Context, cveID string) ([]string, error)
}

type BuildSecurityDatabaseOptions added in v0.5.1 

type BuildSecurityDatabaseOptions struct {
	AdvisoryDocIndices []*configs.Index[v2.Document]

	URLPrefix string
	Archs     []string
	Repo      string
}

BuildSecurityDatabaseOptions contains the options for building a database.

type CreateOptions 

type CreateOptions struct {
	// AdvisoryDocs is the Index of advisory documents on which to operate.
	AdvisoryDocs *configs.Index[v2.Document]
}

CreateOptions configures the Create operation.

type DiscoverAliasesOptions added in v0.5.0 

type DiscoverAliasesOptions struct {
	// AdvisoryDocs is the Index of advisory documents on which to operate.
	AdvisoryDocs *configs.Index[v2.Document]

	// AliasFinder is the alias finder to use for discovering aliases for the given
	// vulnerabilities.
	AliasFinder AliasFinder

	// SelectedPackages is the set of packages to operate on. If empty, all packages
	// will be operated on.
	SelectedPackages map[string]struct{}
}

DiscoverAliasesOptions is the set of options for the DiscoverAliases function.

type DiscoverOptions 

type DiscoverOptions struct {
	// SelectedPackages is a list of packages to include in search. If empty, all
	// packages will be included in search.
	SelectedPackages []string

	// BuildCfgs is the Index of build configurations on which to operate.
	BuildCfgs *configs.Index[config.Configuration]

	// AdvisoryDocs is the Index of advisory documents on which to operate.
	AdvisoryDocs *configs.Index[v2.Document]

	// PackageRepositoryURL is the URL to the distro's package repository (e.g.
	// "https://packages.wolfi.dev/os").
	PackageRepositoryURL string

	// The Arches to select during discovery (e.g. "x86_64").
	Arches []string

	// VulnerabilityDetector is how Discover finds vulnerabilities for packages.
	VulnerabilityDetector vuln.Detector

	// VulnEvents is a channel of events that occur during vulnerability discovery.
	VulnEvents chan<- interface{}
}

type DuplicateAdvisoryIDError added in v0.5.0 

type DuplicateAdvisoryIDError struct {
	// Package is the name of the package that already has an advisory with the same
	// ID.
	Package string

	// AdvisoryID is the ID of the advisory that already exists in the document.
	AdvisoryID string
}

DuplicateAdvisoryIDError is returned when an attempt is made to add an advisory with an ID that already exists in the document.

func (DuplicateAdvisoryIDError) Error added in v0.5.0 

func (e DuplicateAdvisoryIDError) Error() string

type ExportOptions 

type ExportOptions struct {
	AdvisoryDocIndices []*configs.Index[v2.Document]
}

type HTTPAliasFinder added in v0.5.0 

type HTTPAliasFinder struct {
	// contains filtered or unexported fields
}

func NewHTTPAliasFinder added in v0.5.0 

func NewHTTPAliasFinder(client *http.Client) *HTTPAliasFinder

func (*HTTPAliasFinder) CVEForGHSA added in v0.5.0 

func (f *HTTPAliasFinder) CVEForGHSA(ctx context.Context, ghsaID string) (string, error)

func (*HTTPAliasFinder) GHSAsForCVE added in v0.5.0 

func (f *HTTPAliasFinder) GHSAsForCVE(ctx context.Context, cveID string) ([]string, error)

type Request 

type Request struct {
	Package         string
	VulnerabilityID string
	Aliases         []string
	Event           v2.Event
}

Request specifies the parameters for creating a new advisory or updating an existing advisory.

func (Request) Validate 

func (req Request) Validate() error

Validate returns an error if the Request is invalid.

type UpdateOptions 

type UpdateOptions struct {
	// AdvisoryDocs is the Index of advisory documents on which to operate.
	AdvisoryDocs *configs.Index[v2.Document]
}

UpdateOptions configures the Update operation.

type ValidateOptions 

type ValidateOptions struct {
	// AdvisoryCfgs is the Index of advisories on which to operate.
	AdvisoryCfgs *configs.Index[v2.Document]
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.