Documentation ¶
Index ¶
- Constants
- Variables
- func BuildCache() error
- func ExecCommand(name string, args ...string) (stdout, stderr string, err error)
- func ExpandHome(file string) string
- func FileExists(file string) bool
- func GetVersionTime(version interface{}) (*time.Time, error)
- func LoadConfig(path string, strict, wait, verbose, cache bool) error
- func LoadVulnerabilities(dependencies chan *Dependency, wg *sync.WaitGroup)
- func NewCache() error
- func ParseDuration(value string, def time.Duration) (time.Duration, error)
- func WaitBeforeCall()
- type Binary
- type CVE
- type Cache
- type CacheLogger
- type Config
- type Configurations
- type DateVersion
- type Dependency
- type DependencyCache
- type FileCache
- type FileConfig
- type Item
- type Match
- type MemcachedClient
- type MemcachedConfig
- type MemcachierClient
- type MemcachierConfig
- type Metadata
- type Node
- type PseudoVersion
- type Reference
- type ReferenceData
- type Response
- type Result
- type SemanticVersion
- type UnknownVersion
- type Version
- type Vulnerability
- type VulnerabilityMatch
Constants ¶
const ( MinimumBinaryDependencyFields = 3 MinimumBinaryLines = 3 )
const ( FileCacheDefaultFile = "~/.gobinsec-cache.yml" FileCacheDefaultExpiration = 24 * time.Hour )
const ( MemcachedDefaultTimeout = 1 * time.Second MemcachedDefaultExpiration = 24 * time.Hour )
const ( MemcachierDefaultTimeout = 1 * time.Second MemcachierDefaultExpiration = 24 * time.Hour )
const ( URL = "https://services.nvd.nist.gov/rest/json/cves/1.0/?keyword=" StatusCodeLimit = 300 RateMinuteWithoutKey = 10 RateMinuteWithKey = 100 )
const DateVersionTimeFormat = "2006-01-02"
DateVersionTimeFormat is the time format for date versions
const PseudoVersionMinimumLength = 32
const PseudoVersionTimeFormat = "20060102"
PseudoVersionTimeFormat is the time format for pseudo versions
Variables ¶
var ( ColorRed = color.New(color.FgRed).Add(color.Bold) ColorGreen = color.New(color.FgGreen).Add(color.Bold) )
var NumGoroutines = 4 * runtime.NumCPU()
NumGoroutines to load vulnerabilities
Functions ¶
func ExecCommand ¶
ExecCommand runs command with given args and returns stdout, stderr and an error if any
func ExpandHome ¶
ExpandHome expand ~ in file path with home directory
func GetVersionTime ¶
GetVersionTime extracts time from pseudo or date version
func LoadConfig ¶
LoadConfig loads configuration from given file and overwrite with command line options
func LoadVulnerabilities ¶
func LoadVulnerabilities(dependencies chan *Dependency, wg *sync.WaitGroup)
LoadVulnerabilities takes dependencies from channel and loads dependencies for it
func NewCache ¶
func NewCache() error
NewCache builds a cache instance depending on configuration and environment
func ParseDuration ¶
ParseDuration with default value
func WaitBeforeCall ¶
func WaitBeforeCall()
WaitBeforeCall waits in order not to exceed NVD call rate limit
Types ¶
type Binary ¶
type Binary struct { Path string // path to binary file Dependencies []*Dependency // list of dependencies Vulnerable bool // tells if binary is vulnerable }
Binary represents a binary with its dependencies
func (*Binary) GetDependencies ¶
GetDependencies gets dependencies analyzing binary with buildinfo
type Cache ¶
type Cache interface { Name() string Get(d *Dependency) ([]byte, error) Set(d *Dependency, v []byte) error Open() error Close() error }
Cache is the interface for caching
var CacheInstance Cache
func NewFileCache ¶
func NewFileCache(config *FileConfig) (Cache, error)
NewFileCache builds a cache using file
func NewMemcachedCache ¶
func NewMemcachedCache(config *MemcachedConfig) (Cache, error)
NewMemcachedCache builds a memcached cache
func NewMemcachierCache ¶
func NewMemcachierCache(config *MemcachierConfig) (Cache, error)
NewMemcachierCache builds a Memcachier cache
type CacheLogger ¶
type CacheLogger struct {
Cache Cache
}
CacheLogger logs cache calls on embedded cache
func NewCacheLogger ¶
func NewCacheLogger(cache Cache) *CacheLogger
NewCacheLogger returns a cache logger embedding a cache
func (*CacheLogger) Get ¶
func (c *CacheLogger) Get(d *Dependency) ([]byte, error)
Get calls embedded cache and logs result
func (*CacheLogger) Open ¶
func (c *CacheLogger) Open() error
Open prints an information message on terminal
func (*CacheLogger) Set ¶
func (c *CacheLogger) Set(d *Dependency, v []byte) error
Set calls embedded cache and logs call
type Config ¶
type Config struct { APIKey string `yaml:"api-key"` Memcached *MemcachedConfig `yaml:"memcached"` Memcachier *MemcachierConfig `yaml:"memcachier"` File *FileConfig `yaml:"file"` Ignore []string `yaml:"ignore"` Strict bool `yaml:"strict"` Verbose bool `yaml:"verbose"` Cache bool `yaml:"cache"` Wait bool `yaml:"wait"` }
Config is the configuration from YAML config file and command line options
func (*Config) IgnoreVulnerability ¶
IgnoreVulnerability tells if we should ignore given vulnerability
type Configurations ¶
type Configurations struct {
Nodes []Node `json:"nodes"`
}
type DateVersion ¶
DateVersion for dependencies that don't have a version
func NewDateVersion ¶
func NewDateVersion(text string) (*DateVersion, error)
NewDateVersion builds a date version from string
func (*DateVersion) Compare ¶
func (version *DateVersion) Compare(o interface{}) (int, error)
Compare two date versions by time
func (*DateVersion) String ¶
func (version *DateVersion) String() string
String returns a string representation for date version
type Dependency ¶
type Dependency struct { Name string Version Version Vulnerabilities []Vulnerability Vulnerable bool }
Dependency is a dependency with vulnerabilities
func NewDependency ¶
func NewDependency(name, version string) (*Dependency, error)
NewDependency builds a new dependency and loads its vulnerabilities
func (*Dependency) Key ¶
func (d *Dependency) Key() string
Key returns a key as a string for caching
func (*Dependency) LoadVulnerabilities ¶
func (d *Dependency) LoadVulnerabilities() error
Vulnerabilities return list of vulnerabilities for given dependency
type DependencyCache ¶
DependencyCache is an entry of dependency cache
type FileCache ¶
type FileCache struct { File string Expiration time.Duration Cache map[string]DependencyCache }
FileCache is the cache instance
func (*FileCache) CleanCache ¶
func (fc *FileCache) CleanCache()
CleanCache removes obsolete cache entries
type FileConfig ¶
FileConfig is the configuration for file cache
func NewFileConfig ¶
func NewFileConfig(config *FileConfig) (*FileConfig, error)
NewFileConfig builds configuration for file cache
type Item ¶
type Item struct { CVE CVE `json:"cve"` Configurations Configurations `json:"configurations"` }
type MemcachedClient ¶
MemcachedClient is the Cache using memcached
func (*MemcachedClient) Get ¶
func (mc *MemcachedClient) Get(d *Dependency) ([]byte, error)
Get returns NVD response for given dependency
func (*MemcachedClient) Name ¶
func (mc *MemcachedClient) Name() string
Name returns the name of this cache
func (*MemcachedClient) Set ¶
func (mc *MemcachedClient) Set(d *Dependency, v []byte) error
Set put NVD response for given dependency in cache
type MemcachedConfig ¶
type MemcachedConfig struct { Address string `yaml:"address"` Timeout time.Duration `yaml:"timeout"` Expiration time.Duration `yaml:"expiration"` }
MemcachedConfig is the configuration for memcached
func NewMemcachedConfig ¶
func NewMemcachedConfig(config *MemcachedConfig) (*MemcachedConfig, error)
NewMemcachedConfig returns configuration
type MemcachierClient ¶
MemcachierClient is the Cache using Memcachier
func (*MemcachierClient) Get ¶
func (mc *MemcachierClient) Get(d *Dependency) ([]byte, error)
Get returns NVD response for given dependency
func (*MemcachierClient) Name ¶
func (mc *MemcachierClient) Name() string
Name returns the name of this cache
func (*MemcachierClient) Set ¶
func (mc *MemcachierClient) Set(d *Dependency, v []byte) error
Set put NVD response for given dependency in cache
type MemcachierConfig ¶
type MemcachierConfig struct { Address string `yaml:"address"` Username string `yaml:"username"` Password string `yaml:"password"` Timeout time.Duration `yaml:"timeout"` Expiration time.Duration `yaml:"expiration"` }
MemcachierConfig is the configuration for Memcachier
func NewMemcachierConfig ¶
func NewMemcachierConfig(config *MemcachierConfig) (*MemcachierConfig, error)
NewMemcachierConfig returns configuration
type PseudoVersion ¶
PseudoVersion for dependencies that don't have a version. Its string representation is something like "v0.0.0-20191109021931-daa7c04131f5" with time and commit ID
func NewPseudoVersion ¶
func NewPseudoVersion(text string) (*PseudoVersion, error)
NewPseudoVersion builds a pseudo version from string
func (*PseudoVersion) Compare ¶
func (version *PseudoVersion) Compare(o interface{}) (int, error)
Compare two pseudo versions by time
func (*PseudoVersion) String ¶
func (version *PseudoVersion) String() string
String returns a string representation for pseudo version
type Reference ¶
type Reference struct {
ReferenceData []ReferenceData `json:"reference_data"`
}
type ReferenceData ¶
type ReferenceData struct {
URL string `json:"url"`
}
type SemanticVersion ¶
SemanticVersion is type to represent a semantic version
func NewSemanticVersion ¶
func NewSemanticVersion(text string) (*SemanticVersion, error)
NewSemanticVersion builds a version from string
func (*SemanticVersion) Compare ¶
func (version *SemanticVersion) Compare(other interface{}) (int, error)
Compare two semantic versions s and o: - if s < o : returns -1 - if s > o : returns +1 - if s = o : returns 0
func (*SemanticVersion) String ¶
func (version *SemanticVersion) String() string
String returns string representation of version
type UnknownVersion ¶
type UnknownVersion string
func NewUnknownVersion ¶
func NewUnknownVersion(version string) *UnknownVersion
func (*UnknownVersion) Compare ¶
func (version *UnknownVersion) Compare(other interface{}) (int, error)
func (*UnknownVersion) String ¶
func (version *UnknownVersion) String() string
type Vulnerability ¶
type Vulnerability struct { ID string // CVE ID References []string // Reference URL Matchs []VulnerabilityMatch // version matching Exposed bool // tells if this vulnerability is exposed Ignored bool // tells id this vulnerability is ignored }
Vulnerability for a vulnerability
func NewVulnerability ¶
func NewVulnerability(item Item) (*Vulnerability, error)
NewVulnerability builds a vulnerability from NVD call result
func (*Vulnerability) IsExposed ¶
func (v *Vulnerability) IsExposed(version Version) bool
IsExposed tells if given version matchs vulnerability
type VulnerabilityMatch ¶
type VulnerabilityMatch struct { VersionStartExcluding Version VersionStartIncluding Version VersionEndExcluding Version VersionEndIncluding Version }
VulnerabilityMatch are version constraints for vulnerability
func NewVulnerabilityMatch ¶
func NewVulnerabilityMatch(m Match) (*VulnerabilityMatch, error)
NewVulnerabilityMatch return a version match
func (*VulnerabilityMatch) Equal ¶
func (m *VulnerabilityMatch) Equal(o VulnerabilityMatch) bool
Equal tells if matchs equal
func (*VulnerabilityMatch) InList ¶
func (m *VulnerabilityMatch) InList(matchs []VulnerabilityMatch) bool
InList tells if match in given list
func (*VulnerabilityMatch) Match ¶
func (m *VulnerabilityMatch) Match(v Version) bool
Match tells if given version matches (so that it is affected by vulnerability) nolint:gocyclo // this is life