Documentation ¶
Overview ¶
Package vulners contains a minion that uses the Vulners API to perform security scans on software packages installed on a system.
It does so by loading a list of all the software via the package manager (currently only supporting linux) and sending the CPE it builds to the Vulners backend.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrCpeFormat is thrown if the user supplied a malformed CPE identifier. ErrCpeFormat = errors.New("Invalid CPE format") )
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
A Client for the vulners APIs for Golang.
func NewClient ¶
NewClient creates a new Client with the default baseURL, the specified API key and a default rate limiter, which only allows a few concurrent requests: limits are higher if an API key is provided.
func (*Client) GetVulnerabilitiesForCpe ¶
func (c *Client) GetVulnerabilitiesForCpe(ctx context.Context, cpe string, maxVulnerabilities int) (result string, err error)
GetVulnerabilitiesForCpe returns all known vulnerabilities from Vulners for the given CPE, erroring out if there are more than maxVulnerabilities. Yes, that's not a very reasonable behavior, so just specify something large and a future version of this client might implement some form of client-side paging.
func (*Client) GetVulnerabilitiesForPackages ¶
func (c *Client) GetVulnerabilitiesForPackages(ctx context.Context, os string, osVersion string, packages []string) (*VulnResponse, error)
GetVulnerabilitiesForPackages returns all known vulnerabilities from Vulners for the combination of operating system, package and version.
type Minion ¶
type Minion struct {
// contains filtered or unexported fields
}
Minion that performs checks for known vulnerabilities in the software installed on the box.
func NewMinion ¶
NewMinion creates a default vulners minion that connects to Vulners default API endpoints. It accepts an optional apiKey parameter which specifies which key to use when querying the Vulners APIs.
func (Minion) AnalyzeFiles ¶
func (m Minion) AnalyzeFiles(ctx context.Context, req *pb.AnalyzeFilesRequest) (*pb.AnalyzeFilesResponse, error)
AnalyzeFiles will parse package databases, extract CPEs and query the vulners backend for security bugs.
func (Minion) ListInitialInterests ¶
func (m Minion) ListInitialInterests(ctx context.Context, req *pb.ListInitialInterestsRequest) (*pb.ListInitialInterestsResponse, error)
ListInitialInterests returns a list of files which might contain package information for parsing.
type VulnResponse ¶
type VulnResponse struct { Result string `json:"result"` Data vulnResponseData `json:"data"` }
VulnResponse contains the response to a query on the vulnerability state of a set of packages.
type VulnerabilityClient ¶
type VulnerabilityClient interface {
GetVulnerabilitiesForPackages(context.Context, string, string, []string) (*VulnResponse, error)
}
VulnerabilityClient is a client to fetch vulnerability data for a set of packages given an operating system and version
Directories ¶
Path | Synopsis |
---|---|
Package dpkg reads package information in the format of /var/lib/dpkg/status file.
|
Package dpkg reads package information in the format of /var/lib/dpkg/status file. |
Package rpm reads package information through RPMlib from a Packages database.
|
Package rpm reads package information through RPMlib from a Packages database. |