README
¶
internal/govulncheck package
This package is a literal copy of the cmd/govulncheck/internal/govulncheck package in the vuln repo (https://go.googlesource.com/vuln).
The copy.sh does the copying, after removing all .go files here. To use it:
-
Clone the vuln repo to a directory next to the directory holding this repo (tools). After doing that your directory structure should look something like
~/repos/x/tools/gopls/... ~/repos/x/vuln/... -
cd to this directory.
-
Run
copy.sh. -
Re-add build tags for go1.18
Documentation
¶
Overview ¶
Package govulncheck supports the govulncheck command.
Index ¶
- func FuncName(fn *vulncheck.FuncNode) string
- func LatestFixed(as []osv.Affected) string
- func LoadPackages(cfg *packages.Config, patterns ...string) ([]*vulncheck.Package, error)
- func PkgPath(fn *vulncheck.FuncNode) string
- func SummarizeCallStack(cs vulncheck.CallStack, topPkgs map[string]bool, vulnPkg string) string
- type CallInfo
- type FSCache
- func (c *FSCache) ReadEntries(dbName string, p string) ([]*osv.Entry, error)
- func (c *FSCache) ReadIndex(dbName string) (client.DBIndex, time.Time, error)
- func (c *FSCache) WriteEntries(dbName string, p string, entries []*osv.Entry) error
- func (c *FSCache) WriteIndex(dbName string, index client.DBIndex, retrieved time.Time) error
- type PackageError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LatestFixed ¶
LatestFixed returns the latest fixed version in the list of affected ranges, or the empty string if there are no fixed versions.
func LoadPackages ¶
LoadPackages loads the packages matching patterns using cfg, after setting the cfg mode flags that vulncheck needs for analysis. If the packages contain errors, a PackageError is returned containing a list of the errors, along with the packages themselves.
func SummarizeCallStack ¶
SummarizeCallStack returns a short description of the call stack. It uses one of two forms, depending on what the lowest function F in topPkgs calls:
- If it calls a function V from the vulnerable package, then summarizeCallStack returns "F calls V".
- If it calls a function G in some other package, which eventually calls V, it returns "F calls G, which eventually calls V".
If it can't find any of these functions, summarizeCallStack returns the empty string.
Types ¶
type CallInfo ¶
type CallInfo struct {
// CallStacks contains all call stacks to vulnerable functions.
CallStacks map[*vulncheck.Vuln][]vulncheck.CallStack
// VulnGroups contains vulnerabilities grouped by ID and package.
VulnGroups [][]*vulncheck.Vuln
// ModuleVersions is a map of module paths to versions.
ModuleVersions map[string]string
// TopPackages contains the top-level packages in the call info.
TopPackages map[string]bool
}
CallInfo is information about calls to vulnerable functions.
type FSCache ¶
type FSCache struct {
// contains filtered or unexported fields
}
FSCache is a thread-safe file-system cache implementing osv.Cache
TODO: use something like cmd/go/internal/lockedfile for thread safety?
func DefaultCache ¶
func DefaultCache() *FSCache
func (*FSCache) ReadEntries ¶
func (*FSCache) WriteEntries ¶
type PackageError ¶
A PackageError contains errors from loading a set of packages.
func (*PackageError) Error ¶
func (e *PackageError) Error() string
Source Files