govulncheck

package
v0.11.0-pre.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2022 License: BSD-3-Clause Imports: 7 Imported by: 0

Documentation

Overview

Package govulncheck provides an experimental govulncheck API.

Index

Constants

This section is empty.

Variables

View Source
var (
	// Source reports vulnerabilities that affect the analyzed packages.
	Source = govulncheck.Source

	// DefaultCache constructs cache for a vulnerability database client.
	DefaultCache = govulncheck.DefaultCache
)

Functions

func LatestFixed

func LatestFixed(modulePath string, as []osv.Affected) string

LatestFixed returns the latest fixed version in the list of affected ranges, or the empty string if there are no fixed versions.

func NewInMemoryCache added in v0.11.0

func NewInMemoryCache(underlying vulnc.Cache) *inMemoryCache

NewInMemoryCache returns a new memory-based cache that decorates the provided cache (file-based, perhaps).

Types

type AnalysisMode added in v0.11.0

type AnalysisMode string
const (
	ModeInvalid     AnalysisMode = "" // zero value
	ModeGovulncheck AnalysisMode = "govulncheck"
	ModeImports     AnalysisMode = "imports"
)

type CallStack added in v0.11.0

type CallStack = govulncheck.CallStack

CallStacks contains a representative call stack for each vulnerable symbol that is called.

type Config added in v0.11.0

type Config = govulncheck.Config

Config is the configuration for Main.

type Module added in v0.11.0

type Module = govulncheck.Module

Module represents a specific vulnerability relevant to a single module or package.

type Package added in v0.11.0

type Package = govulncheck.Package

Package is a Go package with known vulnerable symbols.

type Result added in v0.11.0

type Result struct {
	// Vulns contains all vulnerabilities that are called or imported by
	// the analyzed module.
	Vulns []*Vuln `json:",omitempty"`

	// Mode contains the source of the vulnerability info.
	// Clients of the gopls.fetch_vulncheck_result command may need
	// to interprete the vulnerabilities differently based on the
	// analysis mode. For example, Vuln without callstack traces
	// indicate a vulnerability that is not used if the result was
	// from 'govulncheck' analysis mode. On the other hand, Vuln
	// without callstack traces just implies the package with the
	// vulnerability is known to the workspace and we do not know
	// whether the vulnerable symbols are actually used or not.
	Mode AnalysisMode `json:",omitempty"`

	// AsOf describes when this Result was computed using govulncheck.
	// It is valid only with the govulncheck analysis mode.
	AsOf time.Time `json:",omitempty"`
}

Result is the result of vulnerability scanning.

type StackFrame added in v0.11.0

type StackFrame = govulncheck.StackFrame

StackFrame represents a call stack entry.

type Vuln added in v0.10.0

type Vuln = govulncheck.Vuln

Vuln represents a single OSV entry.

Directories

Path Synopsis
Package semver provides shared utilities for manipulating Go semantic versions.
Package semver provides shared utilities for manipulating Go semantic versions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL