scan

package

v0.14.1-pre.1 Latest Latest Go to latest Published: Oct 26, 2023 License: BSD-3-Clause Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

cs.opensource.google/go/x/tools

Links

Report a Vulnerability

Documentation ¶

Index ¶

Constants
func LatestFixed(modulePath string, as []osv.Affected) string
func Main(ctx context.Context, args ...string) error
func RunGovulncheck(ctx context.Context, pattern string, snapshot source.Snapshot, dir string, ...) (*vulncheck.Result, error)
func VulnerablePackages(ctx context.Context, snapshot source.Snapshot) (*vulncheck.Result, error)

Constants ¶

View Source

const GoVersionForVulnTest = "_GOPLS_TEST_VULNCHECK_GOVERSION"

GoVersionForVulnTest is an internal environment variable used in gopls testing to examine govulncheck behavior with a go version different than what `go version` returns in the system.

Variables ¶

This section is empty.

Functions ¶

func LatestFixed ¶

func LatestFixed(modulePath string, as []osv.Affected) string

LatestFixed returns the latest fixed version in the list of affected ranges, or the empty string if there are no fixed versions.

func RunGovulncheck ¶

func RunGovulncheck(ctx context.Context, pattern string, snapshot source.Snapshot, dir string, log io.Writer) (*vulncheck.Result, error)

RunGovulncheck implements the codelens "Run Govulncheck" that runs 'gopls vulncheck' and converts the output to gopls's internal data used for diagnostics and hover message construction.

func VulnerablePackages ¶

func VulnerablePackages(ctx context.Context, snapshot source.Snapshot) (*vulncheck.Result, error)

VulnerablePackages queries the vulndb and reports which vulnerabilities apply to this snapshot. The result contains a set of packages, grouped by vuln ID and by module. This implements the "import-based" vulnerability report on go.mod files.

Types ¶