Documentation ¶
Overview ¶
Package govulncheck provides functionality to support the govulncheck command.
Index ¶
- Variables
- func FuncName(sf *result.StackFrame) string
- func HandleJSON(from io.Reader, to Handler) error
- func IsCalled(v *result.Vuln) bool
- func Pos(sf *result.StackFrame) string
- type Cmd
- type FSCache
- func (c *FSCache) ReadEntries(dbName string, p string) ([]*osv.Entry, error)
- func (c *FSCache) ReadIndex(dbName string) (client.DBIndex, time.Time, error)
- func (c *FSCache) WriteEntries(dbName string, p string, entries []*osv.Entry) error
- func (c *FSCache) WriteIndex(dbName string, index client.DBIndex, retrieved time.Time) error
- type Handler
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingArgPatterns = errors.New("missing any pattern args") ErrVulnerabilitiesFound = errors.New("vulnerabilities found") )
var LoadMode = packages.NeedName | packages.NeedImports | packages.NeedTypes | packages.NeedSyntax | packages.NeedTypesInfo | packages.NeedDeps | packages.NeedModule
LoadMode is the level of information needed for each package for running golang.org/x/tools/go/packages.Load.
Functions ¶
func FuncName ¶
func FuncName(sf *result.StackFrame) string
FuncName returns the full qualified function name from sf, adjusted to remove pointer annotations.
func HandleJSON ¶
HandleJSON reads the json from the supplied stream and hands the decoded output to the handler.
func IsCalled ¶
IsCalled reports whether the vulnerability is called, therefore affecting the target source code or binary.
func Pos ¶
func Pos(sf *result.StackFrame) string
Pos returns the position of the call in sf as string. If position is not available, return "".
Types ¶
type Cmd ¶
type Cmd struct { // Path is not used and exists only to model Cmd after exec.Cmd. Path string // Args holds command line arguments, including the command as Args[0]. // If the Args field is empty or nil, Run uses {Path}. // // In typical use, both Path and Args are set by calling Command. Args []string // Env is not used and exists only to model Cmd after exec.Cmd. Env []string // Dir specifies the working directory of the command. // // If Dir is the empty string, Run runs the command in the // current directory. Dir string // Stdin specifies the standard input. // // If Stdin is nil, Stdin is set to os.Stdin. Stdin io.Reader // Stdout and Stderr specify the standard output and error. // // If either is nil, Run connects os.Stdout and os.Stderr respectively. Stdout io.WriteCloser Stderr io.WriteCloser // contains filtered or unexported fields }
Cmd represents an external govulncheck command being prepared or run, similar to exec.Cmd.
func Command ¶
Command is the equivalent of exec.Command
Command returns the Cmd struct to execute govulncheck with the given arguments. It does not invoke an external command when started; the vulnerability scan happens in process.
It sets only the Path and Args in the returned structure.
The returned Cmd's Args field is constructed from the command name (which is always unused, but present to model the exec.Command API), followed by the elements of arg, so arg should not include the command name itself.
For example, Command("echo", "hello"). Args[0] is always name, not the possibly resolved Path.
It is designed to be very easy to switch to running an external command instead.
func (*Cmd) Run ¶
Run starts govulncheck and waits for it to complete.
The returned error is nil if the command runs, has no problems copying stdin, stdout, and stderr, and without an error.
func (*Cmd) Start ¶
Start starts the specified command but does not wait for it to complete.
After a successful call to Start the Wait method must be called in order to release associated system resources.
func (*Cmd) String ¶
String returns a human-readable description of c. It is intended only for debugging. In particular, it is not suitable for use as input to a shell. The output of String may vary across releases.
func (*Cmd) Wait ¶
Wait waits for the command to exit and waits for any copying to stdin or copying from stdout or stderr to complete.
The command must have been started by Start.
The returned error is nil if the command runs, has no problems copying stdin, stdout, and stderr, and without an error.
Wait releases any resources associated with the Cmd.
type FSCache ¶
type FSCache struct {
// contains filtered or unexported fields
}
FSCache is a thread-safe file-system cache implementing osv.Cache
TODO: use something like cmd/go/internal/lockedfile for thread safety?
func DefaultCache ¶
func (*FSCache) ReadEntries ¶
func (*FSCache) WriteEntries ¶
type Handler ¶
type Handler interface { // Flush writes any output the handler is buffering. Flush() error // Vulnerability adds a vulnerability to be printed to the output. Vulnerability(vuln *result.Vuln) error // Preamble communicates introductory message to the user. Preamble(preamble *result.Preamble) error // Progress is called to display a progress message. Progress(msg string) error }
Handler handles messages to be presented in a vulnerability scan output stream.
func NewJSONHandler ¶
NewJSONHandler returns a handler that writes govulncheck output as json.
func NewTextHandler ¶
NewTextHandler returns a handler that writes govulncheck output as text.