Documentation
¶
Index ¶
- Constants
- Variables
- func BuildCache() error
- func ExecCommand(name string, args ...string) (stdout, stderr string, err error)
- func ExpandHome(file string) string
- func FileExists(file string) bool
- func GetVersionTime(version interface{}) (*time.Time, error)
- func LoadConfig(path string, strict, wait, verbose, cache bool) error
- func LoadVulnerabilities(dependencies chan *Dependency, wg *sync.WaitGroup)
- func NewCache() error
- func ParseDuration(value string, def time.Duration) (time.Duration, error)
- func WaitBeforeCall()
- type Binary
- type CVE
- type Cache
- type CacheLogger
- type Config
- type Configurations
- type DateVersion
- type Dependency
- type DependencyCache
- type FileCache
- type FileConfig
- type Item
- type Match
- type MemcachedClient
- type MemcachedConfig
- type MemcachierClient
- type MemcachierConfig
- type Metadata
- type Node
- type PseudoVersion
- type Reference
- type ReferenceData
- type Response
- type Result
- type SemanticVersion
- type UnknownVersion
- type Version
- type Vulnerability
- type VulnerabilityMatch
Constants ¶
const ( MinimumBinaryDependencyFields = 3 MinimumBinaryLines = 3 )
const ( FileCacheDefaultFile = "~/.gobinsec-cache.yml" FileCacheDefaultExpiration = 24 * time.Hour )
const ( MemcachedDefaultTimeout = 1 * time.Second MemcachedDefaultExpiration = 24 * time.Hour )
const ( MemcachierDefaultTimeout = 1 * time.Second MemcachierDefaultExpiration = 24 * time.Hour )
const ( URL = "https://services.nvd.nist.gov/rest/json/cves/1.0/?keyword=" StatusCodeLimit = 300 RateMinuteWithoutKey = 10 RateMinuteWithKey = 100 )
const DateVersionTimeFormat = "2006-01-02"
DateVersionTimeFormat is the time format for date versions
const PseudoVersionMinimumLength = 32
const PseudoVersionTimeFormat = "20060102"
PseudoVersionTimeFormat is the time format for pseudo versions
Variables ¶
var ( ColorRed = color.New(color.FgRed).Add(color.Bold) ColorGreen = color.New(color.FgGreen).Add(color.Bold) )
var NumGoroutines = 4 * runtime.NumCPU()
NumGoroutines to load vulnerabilities
Functions ¶
func ExecCommand ¶
ExecCommand runs command with given args and returns stdout, stderr and an error if any
func ExpandHome ¶
ExpandHome expand ~ in file path with home directory
func GetVersionTime ¶
GetVersionTime extracts time from pseudo or date version
func LoadConfig ¶
LoadConfig loads configuration from given file and overwrite with command line options
func LoadVulnerabilities ¶
func LoadVulnerabilities(dependencies chan *Dependency, wg *sync.WaitGroup)
LoadVulnerabilities takes dependencies from channel and loads dependencies for it
func NewCache ¶
func NewCache() error
NewCache builds a cache instance depending on configuration and environment
func ParseDuration ¶
ParseDuration with default value
func WaitBeforeCall ¶
func WaitBeforeCall()
WaitBeforeCall waits in order not to exceed NVD call rate limit
Types ¶
type Binary ¶
type Binary struct {
Path string // path to binary file
Dependencies []*Dependency // list of dependencies
Vulnerable bool // tells if binary is vulnerable
}
Binary represents a binary with its dependencies
func (*Binary) GetDependencies ¶
GetDependencies gets dependencies analyzing binary with buildinfo
type Cache ¶
type Cache interface {
Name() string
Get(d *Dependency) ([]byte, error)
Set(d *Dependency, v []byte) error
Open() error
Close() error
}
Cache is the interface for caching
var CacheInstance Cache
func NewFileCache ¶
func NewFileCache(config *FileConfig) (Cache, error)
NewFileCache builds a cache using file
func NewMemcachedCache ¶
func NewMemcachedCache(config *MemcachedConfig) (Cache, error)
NewMemcachedCache builds a memcached cache
func NewMemcachierCache ¶
func NewMemcachierCache(config *MemcachierConfig) (Cache, error)
NewMemcachierCache builds a Memcachier cache
type CacheLogger ¶
type CacheLogger struct {
Cache Cache
}
CacheLogger logs cache calls on embedded cache
func NewCacheLogger ¶
func NewCacheLogger(cache Cache) *CacheLogger
NewCacheLogger returns a cache logger embedding a cache
func (*CacheLogger) Get ¶
func (c *CacheLogger) Get(d *Dependency) ([]byte, error)
Get calls embedded cache and logs result
func (*CacheLogger) Open ¶
func (c *CacheLogger) Open() error
Open prints an information message on terminal
func (*CacheLogger) Set ¶
func (c *CacheLogger) Set(d *Dependency, v []byte) error
Set calls embedded cache and logs call
type Config ¶
type Config struct {
APIKey string `yaml:"api-key"`
Memcached *MemcachedConfig `yaml:"memcached"`
Memcachier *MemcachierConfig `yaml:"memcachier"`
File *FileConfig `yaml:"file"`
Ignore []string `yaml:"ignore"`
Strict bool `yaml:"strict"`
Verbose bool `yaml:"verbose"`
Cache bool `yaml:"cache"`
Wait bool `yaml:"wait"`
}
Config is the configuration from YAML config file and command line options
func (*Config) IgnoreVulnerability ¶
IgnoreVulnerability tells if we should ignore given vulnerability
type Configurations ¶
type Configurations struct {
Nodes []Node `json:"nodes"`
}
type DateVersion ¶
DateVersion for dependencies that don't have a version
func NewDateVersion ¶
func NewDateVersion(text string) (*DateVersion, error)
NewDateVersion builds a date version from string
func (*DateVersion) Compare ¶
func (version *DateVersion) Compare(o interface{}) (int, error)
Compare two date versions by time
func (*DateVersion) String ¶
func (version *DateVersion) String() string
String returns a string representation for date version
type Dependency ¶
type Dependency struct {
Name string
Version Version
Vulnerabilities []Vulnerability
Vulnerable bool
}
Dependency is a dependency with vulnerabilities
func NewDependency ¶
func NewDependency(name, version string) (*Dependency, error)
NewDependency builds a new dependency and loads its vulnerabilities
func (*Dependency) Key ¶
func (d *Dependency) Key() string
Key returns a key as a string for caching
func (*Dependency) LoadVulnerabilities ¶
func (d *Dependency) LoadVulnerabilities() error
Vulnerabilities return list of vulnerabilities for given dependency
type DependencyCache ¶
DependencyCache is an entry of dependency cache
type FileCache ¶
type FileCache struct {
File string
Expiration time.Duration
Cache map[string]DependencyCache
}
FileCache is the cache instance
func (*FileCache) CleanCache ¶
func (fc *FileCache) CleanCache()
CleanCache removes obsolete cache entries
type FileConfig ¶
FileConfig is the configuration for file cache
func NewFileConfig ¶
func NewFileConfig(config *FileConfig) (*FileConfig, error)
NewFileConfig builds configuration for file cache
type Item ¶
type Item struct {
CVE CVE `json:"cve"`
Configurations Configurations `json:"configurations"`
}
type MemcachedClient ¶
MemcachedClient is the Cache using memcached
func (*MemcachedClient) Get ¶
func (mc *MemcachedClient) Get(d *Dependency) ([]byte, error)
Get returns NVD response for given dependency
func (*MemcachedClient) Name ¶
func (mc *MemcachedClient) Name() string
Name returns the name of this cache
func (*MemcachedClient) Set ¶
func (mc *MemcachedClient) Set(d *Dependency, v []byte) error
Set put NVD response for given dependency in cache
type MemcachedConfig ¶
type MemcachedConfig struct {
Address string `yaml:"address"`
Timeout time.Duration `yaml:"timeout"`
Expiration time.Duration `yaml:"expiration"`
}
MemcachedConfig is the configuration for memcached
func NewMemcachedConfig ¶
func NewMemcachedConfig(config *MemcachedConfig) (*MemcachedConfig, error)
NewMemcachedConfig returns configuration
type MemcachierClient ¶
MemcachierClient is the Cache using Memcachier
func (*MemcachierClient) Get ¶
func (mc *MemcachierClient) Get(d *Dependency) ([]byte, error)
Get returns NVD response for given dependency
func (*MemcachierClient) Name ¶
func (mc *MemcachierClient) Name() string
Name returns the name of this cache
func (*MemcachierClient) Set ¶
func (mc *MemcachierClient) Set(d *Dependency, v []byte) error
Set put NVD response for given dependency in cache
type MemcachierConfig ¶
type MemcachierConfig struct {
Address string `yaml:"address"`
Username string `yaml:"username"`
Password string `yaml:"password"`
Timeout time.Duration `yaml:"timeout"`
Expiration time.Duration `yaml:"expiration"`
}
MemcachierConfig is the configuration for Memcachier
func NewMemcachierConfig ¶
func NewMemcachierConfig(config *MemcachierConfig) (*MemcachierConfig, error)
NewMemcachierConfig returns configuration
type PseudoVersion ¶
PseudoVersion for dependencies that don't have a version. Its string representation is something like "v0.0.0-20191109021931-daa7c04131f5" with time and commit ID
func NewPseudoVersion ¶
func NewPseudoVersion(text string) (*PseudoVersion, error)
NewPseudoVersion builds a pseudo version from string
func (*PseudoVersion) Compare ¶
func (version *PseudoVersion) Compare(o interface{}) (int, error)
Compare two pseudo versions by time
func (*PseudoVersion) String ¶
func (version *PseudoVersion) String() string
String returns a string representation for pseudo version
type Reference ¶
type Reference struct {
ReferenceData []ReferenceData `json:"reference_data"`
}
type ReferenceData ¶
type ReferenceData struct {
URL string `json:"url"`
}
type SemanticVersion ¶
SemanticVersion is type to represent a semantic version
func NewSemanticVersion ¶
func NewSemanticVersion(text string) (*SemanticVersion, error)
NewSemanticVersion builds a version from string
func (*SemanticVersion) Compare ¶
func (version *SemanticVersion) Compare(other interface{}) (int, error)
Compare two semantic versions s and o: - if s < o : returns -1 - if s > o : returns +1 - if s = o : returns 0
func (*SemanticVersion) String ¶
func (version *SemanticVersion) String() string
String returns string representation of version
type UnknownVersion ¶
type UnknownVersion string
func NewUnknownVersion ¶
func NewUnknownVersion(version string) *UnknownVersion
func (*UnknownVersion) Compare ¶
func (version *UnknownVersion) Compare(other interface{}) (int, error)
func (*UnknownVersion) String ¶
func (version *UnknownVersion) String() string
type Vulnerability ¶
type Vulnerability struct {
ID string // CVE ID
References []string // Reference URL
Matchs []VulnerabilityMatch // version matching
Exposed bool // tells if this vulnerability is exposed
Ignored bool // tells id this vulnerability is ignored
}
Vulnerability for a vulnerability
func NewVulnerability ¶
func NewVulnerability(item Item) (*Vulnerability, error)
NewVulnerability builds a vulnerability from NVD call result
func (*Vulnerability) IsExposed ¶
func (v *Vulnerability) IsExposed(version Version) bool
IsExposed tells if given version matchs vulnerability
type VulnerabilityMatch ¶
type VulnerabilityMatch struct {
VersionStartExcluding Version
VersionStartIncluding Version
VersionEndExcluding Version
VersionEndIncluding Version
}
VulnerabilityMatch are version constraints for vulnerability
func NewVulnerabilityMatch ¶
func NewVulnerabilityMatch(m Match) (*VulnerabilityMatch, error)
NewVulnerabilityMatch return a version match
func (*VulnerabilityMatch) Equal ¶
func (m *VulnerabilityMatch) Equal(o VulnerabilityMatch) bool
Equal tells if matchs equal
func (*VulnerabilityMatch) InList ¶
func (m *VulnerabilityMatch) InList(matchs []VulnerabilityMatch) bool
InList tells if match in given list
func (*VulnerabilityMatch) Match ¶
func (m *VulnerabilityMatch) Match(v Version) bool
Match tells if given version matches (so that it is affected by vulnerability) nolint:gocyclo // this is life
Source Files