cvelistrepo

package

v0.0.0-...-854d032 Latest Latest Go to latest Published: Dec 20, 2024 License: BSD-3-Clause, CC-BY-4.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

go.googlesource.com/vulndb

Links

Report a Vulnerability

Documentation ¶

Overview ¶

Package cvelistrepo supports working with the repo containing the list of CVEs.

Index ¶

Constants
Variables
func RunTest[S report.Source](t *testing.T, update bool, wantFunc func(*testing.T, S) ([]txtar.File, error)) error
func TestToReport[S report.Source](t *testing.T, update, realProxy bool) error
func UpdateTxtar(ctx context.Context, url string, ids []string) error
type File
- func Files(repo *git.Repository, commit *object.Commit) (_ []File, err error)

Constants ¶

View Source

const (
	URLv4 = "https://github.com/CVEProject/cvelist"
	URLv5 = "https://github.com/CVEProject/cvelistV5"
)

URLs of the CVE project list repos.

Variables ¶

View Source

var (
	TestCVEsToModules = map[string]string{

		"CVE-2020-9283":  "golang.org/x/crypto",
		"CVE-2021-27919": "archive/zip",
		"CVE-2021-3115":  "cmd/go",

		"CVE-2022-39213": "github.com/pandatix/go-cvss",
		"CVE-2023-44378": "github.com/Consensys/gnark",
		"CVE-2023-45141": "github.com/gofiber/fiber",
		"CVE-2024-2056":  "github.com/gvalkov/tailon",
		"CVE-2024-33522": "github.com/projectcalico/calico",
		"CVE-2024-21527": "github.com/gotenberg/gotenberg",
		"CVE-2020-7668":  "github.com/unknwon/cae/tz",
		"CVE-2024-21583": "github.com/gitpod-io/gitpod",

		"CVE-2024-3094": "github.com/amlweems/xzbot",

		"CVE-2023-29407": "golang.org/x/image",
		"CVE-2023-45283": "path/filepath",
		"CVE-2023-45285": "cmd/go",

		"CVE-2023-45286": "github.com/go-resty/resty/v2",
	}
	TestCVEs = maps.Keys(TestCVEsToModules)
)

Functions ¶

func RunTest ¶

func RunTest[S report.Source](t *testing.T, update bool, wantFunc func(*testing.T, S) ([]txtar.File, error)) error

func TestToReport ¶

func TestToReport[S report.Source](t *testing.T, update, realProxy bool) error

func UpdateTxtar ¶

func UpdateTxtar(ctx context.Context, url string, ids []string) error

Types ¶

type File ¶

type File struct {
	DirPath  string
	Filename string
	TreeHash plumbing.Hash
	BlobHash plumbing.Hash
	Year     int
	Number   int
}

A File is a file in the cvelist repo that contains a CVE.

func Files ¶

func Files(repo *git.Repository, commit *object.Commit) (_ []File, err error)

Files returns all the CVE files in the given repo commit, sorted by name.

func (*File) ID ¶

func (f *File) ID() string

func (*File) Name ¶

func (f *File) Name() string

func (*File) ReadAll ¶

func (f *File) ReadAll(repo *git.Repository) ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL