utils

package
v2.20.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// VCS providers params
	GitHub          vcsProvider = "github"
	GitLab          vcsProvider = "gitlab"
	BitbucketServer vcsProvider = "bitbucketServer"
	AzureRepos      vcsProvider = "azureRepos"

	// JFrog platform environment variables
	JFrogUserEnv = "JF_USER"
	JFrogUrlEnv  = "JF_URL"

	JFrogPasswordEnv = "JF_PASSWORD"
	JFrogTokenEnv    = "JF_ACCESS_TOKEN"

	// Git environment variables
	GitProvider     = "JF_GIT_PROVIDER"
	GitRepoOwnerEnv = "JF_GIT_OWNER"
	GitRepoEnv      = "JF_GIT_REPO"
	GitProjectEnv   = "JF_GIT_PROJECT"
	GitUsernameEnv  = "JF_GIT_USERNAME"

	// Git naming template environment variables
	BranchNameTemplateEnv       = "JF_BRANCH_NAME_TEMPLATE"
	CommitMessageTemplateEnv    = "JF_COMMIT_MESSAGE_TEMPLATE"
	PullRequestTitleTemplateEnv = "JF_PULL_REQUEST_TITLE_TEMPLATE"
	PullRequestCommentTitleEnv  = "JF_PR_COMMENT_TITLE"

	// Repository environment variables - Ignored if the frogbot-config.yml file is used
	InstallCommandEnv   = "JF_INSTALL_DEPS_CMD"
	RequirementsFileEnv = "JF_REQUIREMENTS_FILE"
	WorkingDirectoryEnv = "JF_WORKING_DIR"
	PathExclusionsEnv   = "JF_PATH_EXCLUSIONS"

	IncludeAllVulnerabilitiesEnv       = "JF_INCLUDE_ALL_VULNERABILITIES"
	AvoidPreviousPrCommentsDeletionEnv = "JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION"
	FailOnSecurityIssuesEnv            = "JF_FAIL"
	UseWrapperEnv                      = "JF_USE_WRAPPER"
	DepsRepoEnv                        = "JF_DEPS_REPO"
	MinSeverityEnv                     = "JF_MIN_SEVERITY"
	FixableOnlyEnv                     = "JF_FIXABLE_ONLY"
	AllowedLicensesEnv                 = "JF_ALLOWED_LICENSES"
	WatchesDelimiter                   = ","

	// Email related environment variables
	//#nosec G101 -- False positive - no hardcoded credentials.
	SmtpPasswordEnv   = "JF_SMTP_PASSWORD"
	SmtpUserEnv       = "JF_SMTP_USER"
	SmtpServerEnv     = "JF_SMTP_SERVER"
	EmailReceiversEnv = "JF_EMAIL_RECEIVERS"

	//#nosec G101 -- False positive - no hardcoded credentials.
	GitTokenEnv          = "JF_GIT_TOKEN"
	GitBaseBranchEnv     = "JF_GIT_BASE_BRANCH"
	GitPullRequestIDEnv  = "JF_GIT_PULL_REQUEST_ID"
	GitApiEndpointEnv    = "JF_GIT_API_ENDPOINT"
	GitAggregateFixesEnv = "JF_GIT_AGGREGATE_FIXES"
	GitEmailAuthorEnv    = "JF_GIT_EMAIL_AUTHOR"

	// The 'GITHUB_ACTIONS' environment variable exists when the CI is GitHub Actions
	GitHubActionsEnv = "GITHUB_ACTIONS"

	// Placeholders for templates
	PackagePlaceHolder    = "{IMPACTED_PACKAGE}"
	FixVersionPlaceHolder = "{FIX_VERSION}"
	BranchHashPlaceHolder = "{BRANCH_NAME_HASH}"

	// General flags
	AvoidExtraMessages = "JF_AVOID_EXTRA_MESSAGES"

	// Default naming templates
	BranchNameTemplate                       = "frogbot-" + PackagePlaceHolder + "-" + BranchHashPlaceHolder
	AggregatedBranchNameTemplate             = "frogbot-update-" + BranchHashPlaceHolder + "-dependencies"
	CommitMessageTemplate                    = "Upgrade " + PackagePlaceHolder + " to " + FixVersionPlaceHolder
	PullRequestTitleTemplate                 = outputwriter.FrogbotTitlePrefix + " Update version of " + PackagePlaceHolder + " to " + FixVersionPlaceHolder
	AggregatePullRequestTitleDefaultTemplate = outputwriter.FrogbotTitlePrefix + " Update %s dependencies"
)
View Source 
const (
	ScanPullRequest          = "scan-pull-request"
	ScanAllPullRequests      = "scan-all-pull-requests"
	ScanRepository           = "scan-repository"
	ScanMultipleRepositories = "scan-multiple-repositories"
	RootDir                  = "."

	JfrogHomeDirEnv = "JFROG_CLI_HOME_DIR"
)
View Source 
const (
	FrogbotConfigFile = "frogbot-config.yml"
)

Variables

View Source 
var (
	TrueVal        = true
	FrogbotVersion = "0.0.0"
)
View Source 
var BuildToolsDependenciesMap = map[coreutils.Technology][]string{
	coreutils.Go:  {"github.com/golang/go"},
	coreutils.Pip: {"pip", "setuptools", "wheel"},
}

Functions

func AddAnalyticsGeneralEvent added in v2.20.1 

func AddAnalyticsGeneralEvent(gitInfoContext *services.XscGitInfoContext, serverDetails *config.ServerDetails, scanType string) *utils.AnalyticsMetricsService

func AlertSecretsExposed 

func AlertSecretsExposed(secretsDetails *SecretsEmailDetails) (err error)

func AssertSanitizedEnv 

func AssertSanitizedEnv(t *testing.T)

Make sure the environment variables does not contain any Frogbot variables

func BuildServerConfigFile 

func BuildServerConfigFile(server *config.ServerDetails) (previousJFrogHomeDir, currentJFrogHomeDir string, err error)

func ChangeToTempDirWithCallback 

func ChangeToTempDirWithCallback(t *testing.T) (string, func() error)

func Chdir 

func Chdir(dir string) (cbk func() error, err error)

func ConvertSarifPathsToRelative 

func ConvertSarifPathsToRelative(issues *IssuesCollection, workingDirs ...string)

func CopyTestdataProjectsToTemp 

func CopyTestdataProjectsToTemp(t *testing.T, testDir string) (tmpDir string, restoreFunc func())

Create a temporary directory and copy the content of "testdata/testDir" into it

func CreateDotGitWithCommit 

func CreateDotGitWithCommit(t *testing.T, wd, port string, repositoriesPath ...string)

func DeleteExistingPullRequestComments 

func DeleteExistingPullRequestComments(repository *Repository, client vcsclient.VcsClient) error

Delete existing pull request regular comments (Summary, Fallback review comments)

func DeleteExistingPullRequestReviewComments 

func DeleteExistingPullRequestReviewComments(repo *Repository, pullRequestID int, client vcsclient.VcsClient) (err error)

Delete existing pull request review comments (Applicable, Sast, Iac)

func DeletePullRequestComments added in v2.20.0 

func DeletePullRequestComments(repo *Repository, client vcsclient.VcsClient, pullRequestID int) (err error)

func DownloadRepoToTempDir 

func DownloadRepoToTempDir(client vcsclient.VcsClient, repoOwner, repoName, branch string) (wd string, cleanup func() error, err error)

func ExtractVulnerabilitiesDetailsToRows 

func ExtractVulnerabilitiesDetailsToRows(vulnDetails []*VulnerabilityDetails) []formats.VulnerabilityOrViolationRow

func GenerateFixPullRequestDetails 

func GenerateFixPullRequestDetails(vulnerabilities []formats.VulnerabilityOrViolationRow, writer outputwriter.OutputWriter) (description string, extraComments []string)

func GenerateFrogbotSarifReport 

func GenerateFrogbotSarifReport(extendedResults *xrayutils.Results, isMultipleRoots bool, allowedLicenses []string) (string, error)

func GetFullBranchName 

func GetFullBranchName(branchName string) plumbing.ReferenceName

GetFullBranchName returns the full branch name (for example: refs/heads/master) The input branchName can be a short name (master) or a full name (refs/heads/master)

func GetFullPathWorkingDirs 

func GetFullPathWorkingDirs(workingDirs []string, baseWd string) []string

func GetRelativeWd 

func GetRelativeWd(fullPathWd, baseWd string) string

GetRelativeWd receive a base working directory along with a full path containing the base working directory, and the relative part is returned without the base prefix.

func GetSortedPullRequestComments 

func GetSortedPullRequestComments(client vcsclient.VcsClient, repoOwner, repoName string, prID int) ([]vcsclient.CommentInfo, error)

func GetVulnerabiltiesUniqueID 

func GetVulnerabiltiesUniqueID(vulnerability formats.VulnerabilityOrViolationRow) string

func HandlePullRequestCommentsAfterScan 

func HandlePullRequestCommentsAfterScan(issues *IssuesCollection, repo *Repository, client vcsclient.VcsClient, pullRequestID int) (err error)

func IsDirectDependency 

func IsDirectDependency(impactPath [][]formats.ComponentRow) (bool, error)

The impact graph of direct dependencies consists of only two elements.

func IsFrogbotRescanComment 

func IsFrogbotRescanComment(comment string) bool

func Md5Hash 

func Md5Hash(values ...string) (string, error)

func ReadConfigFromFileSystem 

func ReadConfigFromFileSystem(configRelativePath string) (configFileContent []byte, err error)

ReadConfigFromFileSystem looks for .frogbot/frogbot-config.yml from the given path and return its content. The path is relative and starts from the root of the project. If the config file is not found in the relative path, it will search in parent dirs.

func ReportUsageOnCommand 

func ReportUsageOnCommand(commandName string, serverDetails *config.ServerDetails, repositories RepoAggregator) func()

func SanitizeEnv 

func SanitizeEnv() error

func SetEnvAndAssert 

func SetEnvAndAssert(t *testing.T, env map[string]string)

Receive an environment variables key-values map, set and assert the environment variables. Return a callback that sets the previous values.

func SetEnvsAndAssertWithCallback 

func SetEnvsAndAssertWithCallback(t *testing.T, envs map[string]string) func()

func UploadSarifResultsToGithubSecurityTab 

func UploadSarifResultsToGithubSecurityTab(scanResults *xrayutils.Results, repo *Repository, branch string, client vcsclient.VcsClient) error

func ValidateSingleRepoConfiguration 

func ValidateSingleRepoConfiguration(configAggregator *RepoAggregator) error

func VerifyEnv 

func VerifyEnv(t *testing.T) (server config.ServerDetails, restoreFunc func())

Check connection details with JFrog instance. Return a callback method that restores the credentials after the test is done.

func VulnerabilityDetailsToMD5Hash 

func VulnerabilityDetailsToMD5Hash(vulnerabilities ...formats.VulnerabilityOrViolationRow) (string, error)

Generates MD5Hash from a VulnerabilityOrViolationRow The map can be returned in different order from Xray, so we need to sort the strings before hashing.

Types

type CustomTemplates 

type CustomTemplates struct {
	// contains filtered or unexported fields
}

type EmailDetails 

type EmailDetails struct {
	SmtpServer     string
	SmtpPort       string
	SmtpUser       string
	SmtpPassword   string
	EmailReceivers []string `yaml:"emailReceivers,omitempty"`
}

type ErrMissingConfig 

type ErrMissingConfig struct {
	// contains filtered or unexported fields
}

func (*ErrMissingConfig) Error 

func (e *ErrMissingConfig) Error() string

type ErrMissingEnv 

type ErrMissingEnv struct {
	VariableName string
}

func (*ErrMissingEnv) Error 

func (e *ErrMissingEnv) Error() string

func (*ErrMissingEnv) IsMissingEnvErr 

func (e *ErrMissingEnv) IsMissingEnvErr(err error) bool

IsMissingEnvErr returns true if err is a type of ErrMissingEnv, otherwise false

type ErrNothingToCommit added in v2.19.10 

type ErrNothingToCommit struct {
	PackageName string
}

func (*ErrNothingToCommit) Error added in v2.19.10 

func (err *ErrNothingToCommit) Error() string

type ErrUnsupportedFix 

type ErrUnsupportedFix struct {
	PackageName  string
	FixedVersion string
	ErrorType    UnsupportedErrorType
}

func (*ErrUnsupportedFix) Error 

func (err *ErrUnsupportedFix) Error() string

Custom error for unsupported fixes Currently we hold two unsupported reasons, indirect and build tools dependencies.

type FrogbotDetails 

type FrogbotDetails struct {
	Repositories  RepoAggregator
	ServerDetails *coreconfig.ServerDetails
	GitClient     vcsclient.VcsClient
	ReleasesRepo  string
}

func GetFrogbotDetails 

func GetFrogbotDetails(commandName string) (frogbotDetails *FrogbotDetails, err error)

type Git 

type Git struct {
	GitProvider vcsutils.VcsProvider
	vcsclient.VcsInfo
	RepoOwner                string
	RepoName                 string   `yaml:"repoName,omitempty"`
	Branches                 []string `yaml:"branches,omitempty"`
	BranchNameTemplate       string   `yaml:"branchNameTemplate,omitempty"`
	CommitMessageTemplate    string   `yaml:"commitMessageTemplate,omitempty"`
	PullRequestTitleTemplate string   `yaml:"pullRequestTitleTemplate,omitempty"`
	PullRequestCommentTitle  string   `yaml:"pullRequestCommentTitle,omitempty"`
	AvoidExtraMessages       bool     `yaml:"avoidExtraMessages,omitempty"`
	EmailAuthor              string   `yaml:"emailAuthor,omitempty"`
	AggregateFixes           bool     `yaml:"aggregateFixes,omitempty"`
	PullRequestDetails       vcsclient.PullRequestInfo
	RepositoryCloneUrl       string
}

type GitManager 

type GitManager struct {

	// When dryRun is enabled, skipClone allows skipping the cloning of a repository for testing purposes
	SkipClone bool
	// contains filtered or unexported fields
}

func NewGitManager 

func NewGitManager() *GitManager

func (*GitManager) AddAllAndCommit 

func (gm *GitManager) AddAllAndCommit(commitMessage string) error

func (*GitManager) BranchExistsInRemote 

func (gm *GitManager) BranchExistsInRemote(branchName string) (bool, error)

func (*GitManager) Checkout 

func (gm *GitManager) Checkout(branchName string) error

func (*GitManager) Clone 

func (gm *GitManager) Clone(destinationPath, branchName string) error

func (*GitManager) CreateBranchAndCheckout 

func (gm *GitManager) CreateBranchAndCheckout(branchName string, keepLocalChanges bool) error

Creates a new branch and switches to it. If keepLocalChanges is set to true, all changes made on the current branch before switching to the new one will be transferred to the new branch.

func (*GitManager) GenerateAggregatedCommitMessage 

func (gm *GitManager) GenerateAggregatedCommitMessage(tech []coreutils.Technology) string

func (*GitManager) GenerateAggregatedFixBranchName 

func (gm *GitManager) GenerateAggregatedFixBranchName(baseBranch string, tech []coreutils.Technology) (fixBranchName string)

GenerateAggregatedFixBranchName Generating a consistent branch name to enable branch updates and to ensure that there is only one Frogbot aggregate pull request from each base branch scanned.

func (*GitManager) GenerateAggregatedPullRequestTitle 

func (gm *GitManager) GenerateAggregatedPullRequestTitle(tech []coreutils.Technology) string

func (*GitManager) GenerateCommitMessage 

func (gm *GitManager) GenerateCommitMessage(impactedPackage string, fixVersion string) string

func (*GitManager) GenerateFixBranchName 

func (gm *GitManager) GenerateFixBranchName(branch string, impactedPackage string, fixVersion string) (string, error)

func (*GitManager) GeneratePullRequestTitle 

func (gm *GitManager) GeneratePullRequestTitle(impactedPackage string, version string) string

func (*GitManager) IsClean 

func (gm *GitManager) IsClean() (bool, error)

IsClean returns true if all the files are in Unmodified status.

func (*GitManager) Push 

func (gm *GitManager) Push(force bool, branchName string) error

func (*GitManager) RemoveRemoteBranch 

func (gm *GitManager) RemoveRemoteBranch(branchName string) error

func (*GitManager) SetAuth 

func (gm *GitManager) SetAuth(username, token string) *GitManager

func (*GitManager) SetDryRun 

func (gm *GitManager) SetDryRun(dryRun bool, dryRunRepoPath string) *GitManager

func (*GitManager) SetEmailAuthor 

func (gm *GitManager) SetEmailAuthor(emailAuthor string) *GitManager

func (*GitManager) SetGitParams 

func (gm *GitManager) SetGitParams(gitParams *Git) (*GitManager, error)

func (*GitManager) SetLocalRepository 

func (gm *GitManager) SetLocalRepository() (*GitManager, error)

func (*GitManager) SetRemoteGitUrl 

func (gm *GitManager) SetRemoteGitUrl(remoteHttpsGitUrl string) (*GitManager, error)

type IssuesCollection 

type IssuesCollection struct {
	Vulnerabilities []formats.VulnerabilityOrViolationRow
	Iacs            []formats.SourceCodeRow
	Secrets         []formats.SourceCodeRow
	Sast            []formats.SourceCodeRow
	Licenses        []formats.LicenseRow
}

func (*IssuesCollection) Append 

func (ic *IssuesCollection) Append(issues *IssuesCollection)

func (*IssuesCollection) CountIssuesCollectionFindings added in v2.20.1 

func (ic *IssuesCollection) CountIssuesCollectionFindings() int

func (*IssuesCollection) IacExists 

func (ic *IssuesCollection) IacExists() bool

func (*IssuesCollection) IssuesExists 

func (ic *IssuesCollection) IssuesExists() bool

func (*IssuesCollection) LicensesExists 

func (ic *IssuesCollection) LicensesExists() bool

func (*IssuesCollection) SastExists 

func (ic *IssuesCollection) SastExists() bool

func (*IssuesCollection) SecretsExists 

func (ic *IssuesCollection) SecretsExists() bool

func (*IssuesCollection) VulnerabilitiesExists 

func (ic *IssuesCollection) VulnerabilitiesExists() bool

type JFrogPlatform 

type JFrogPlatform struct {
	Watches         []string `yaml:"watches,omitempty"`
	JFrogProjectKey string   `yaml:"jfrogProjectKey,omitempty"`
}

type Params 

type Params struct {
	Scan          `yaml:"scan,omitempty"`
	Git           `yaml:"git,omitempty"`
	JFrogPlatform `yaml:"jfrogPlatform,omitempty"`
}

type Project 

type Project struct {
	InstallCommand      string   `yaml:"installCommand,omitempty"`
	PipRequirementsFile string   `yaml:"pipRequirementsFile,omitempty"`
	WorkingDirs         []string `yaml:"workingDirs,omitempty"`
	PathExclusions      []string `yaml:"pathExclusions,omitempty"`
	UseWrapper          *bool    `yaml:"useWrapper,omitempty"`
	DepsRepo            string   `yaml:"repository,omitempty"`
	InstallCommandName  string
	InstallCommandArgs  []string
	IsRecursiveScan     bool
}

type RepoAggregator 

type RepoAggregator []Repository

func BuildRepoAggregator 

func BuildRepoAggregator(gitClient vcsclient.VcsClient, configFileContent []byte, gitParamsFromEnv *Git, server *coreconfig.ServerDetails, commandName string) (resultAggregator RepoAggregator, err error)

BuildRepoAggregator receives the content of a frogbot-config.yml file, along with the Git (built from environment variables) and ServerDetails parameters. Returns a RepoAggregator instance with all the defaults and necessary fields.

type Repository 

type Repository struct {
	Params       `yaml:"params,omitempty"`
	OutputWriter outputwriter.OutputWriter
	Server       coreconfig.ServerDetails
}

type ReviewComment 

type ReviewComment struct {
	Location    formats.Location
	Type        ReviewCommentType
	CommentInfo vcsclient.PullRequestComment
}

type ReviewCommentType 

type ReviewCommentType string
const (
	ApplicableComment ReviewCommentType = "Applicable"
	IacComment        ReviewCommentType = "Iac"
	SastComment       ReviewCommentType = "Sast"

	RescanRequestComment = "rescan"
)

type Scan 

type Scan struct {
	IncludeAllVulnerabilities       bool      `yaml:"includeAllVulnerabilities,omitempty"`
	FixableOnly                     bool      `yaml:"fixableOnly,omitempty"`
	FailOnSecurityIssues            *bool     `yaml:"failOnSecurityIssues,omitempty"`
	AvoidPreviousPrCommentsDeletion bool      `yaml:"avoidPreviousPrCommentsDeletion,omitempty"`
	MinSeverity                     string    `yaml:"minSeverity,omitempty"`
	AllowedLicenses                 []string  `yaml:"allowedLicenses,omitempty"`
	Projects                        []Project `yaml:"projects,omitempty"`
	EmailDetails                    `yaml:",inline"`
}

func (*Scan) SetEmailDetails 

func (s *Scan) SetEmailDetails() error

type ScanDetails 

type ScanDetails struct {
	*Project
	*Git
	*services.XrayGraphScanParams
	*config.ServerDetails
	// contains filtered or unexported fields
}

func NewScanDetails 

func NewScanDetails(client vcsclient.VcsClient, server *config.ServerDetails, git *Git) *ScanDetails

func (*ScanDetails) BaseBranch 

func (sc *ScanDetails) BaseBranch() string

func (*ScanDetails) Client 

func (sc *ScanDetails) Client() vcsclient.VcsClient

func (*ScanDetails) FailOnInstallationErrors 

func (sc *ScanDetails) FailOnInstallationErrors() bool

func (*ScanDetails) FixableOnly 

func (sc *ScanDetails) FixableOnly() bool

func (*ScanDetails) MinSeverityFilter 

func (sc *ScanDetails) MinSeverityFilter() string

func (*ScanDetails) RunInstallAndAudit 

func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xrayutils.Results, err error)

func (*ScanDetails) SetBaseBranch 

func (sc *ScanDetails) SetBaseBranch(branch string) *ScanDetails

func (*ScanDetails) SetFailOnInstallationErrors 

func (sc *ScanDetails) SetFailOnInstallationErrors(toFail bool) *ScanDetails

func (*ScanDetails) SetFixableOnly 

func (sc *ScanDetails) SetFixableOnly(fixable bool) *ScanDetails

func (*ScanDetails) SetMinSeverity 

func (sc *ScanDetails) SetMinSeverity(minSeverity string) *ScanDetails

func (*ScanDetails) SetProject 

func (sc *ScanDetails) SetProject(project *Project) *ScanDetails

func (*ScanDetails) SetRepoName 

func (sc *ScanDetails) SetRepoName(repoName string) *ScanDetails

func (*ScanDetails) SetRepoOwner 

func (sc *ScanDetails) SetRepoOwner(owner string) *ScanDetails

func (*ScanDetails) SetXrayGraphScanParams 

func (sc *ScanDetails) SetXrayGraphScanParams(watches []string, jfrogProjectKey string, includeLicenses bool) *ScanDetails

func (*ScanDetails) SetXscGitInfoContext 

func (sc *ScanDetails) SetXscGitInfoContext(scannedBranch, gitProject string, client vcsclient.VcsClient) *ScanDetails

type SecretsEmailDetails 

type SecretsEmailDetails struct {
	EmailDetails
	// contains filtered or unexported fields
}

func NewSecretsEmailDetails 

func NewSecretsEmailDetails(gitClient vcsclient.VcsClient, repoConfig *Repository, secrets []formats.SourceCodeRow) *SecretsEmailDetails

type UnsupportedErrorType 

type UnsupportedErrorType string
const (
	IndirectDependencyFixNotSupported   UnsupportedErrorType = "IndirectDependencyFixNotSupported"
	BuildToolsDependencyFixNotSupported UnsupportedErrorType = "BuildToolsDependencyFixNotSupported"
	UnsupportedForFixVulnerableVersion  UnsupportedErrorType = "UnsupportedForFixVulnerableVersion"
)

type UrlAccessChecker 

type UrlAccessChecker struct {
	// contains filtered or unexported fields
}

func CheckConnection 

func CheckConnection(url string) *UrlAccessChecker

CheckConnection checks if the url is accessible in a separate goroutine not to block the main thread

func MockHasConnection 

func MockHasConnection() *UrlAccessChecker

func (*UrlAccessChecker) IsConnected 

func (ic *UrlAccessChecker) IsConnected() bool

IsConnected checks if the URL is accessible, waits for the connection check goroutine to finish

type VulnerabilityDetails 

type VulnerabilityDetails struct {
	formats.VulnerabilityOrViolationRow
	// Suggested fix version
	SuggestedFixedVersion string
	// States whether the dependency is direct or transitive
	IsDirectDependency bool
	// Cves as a list of string
	Cves []string
}

VulnerabilityDetails serves as a container for essential information regarding a vulnerability that is going to be addressed and resolved

func NewVulnerabilityDetails 

func NewVulnerabilityDetails(vulnerability formats.VulnerabilityOrViolationRow, fixVersion string) *VulnerabilityDetails

func (*VulnerabilityDetails) SetCves 

func (vd *VulnerabilityDetails) SetCves(cves []formats.CveRow)

func (*VulnerabilityDetails) SetIsDirectDependency 

func (vd *VulnerabilityDetails) SetIsDirectDependency(isDirectDependency bool)

func (*VulnerabilityDetails) UpdateFixVersionIfMax 

func (vd *VulnerabilityDetails) UpdateFixVersionIfMax(fixVersion string)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.