govulncheck

package
v0.0.0-...-4eb9d72 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: BSD-3-Clause Imports: 29 Imported by: 0

Documentation

Overview

Package govulncheck provides functionality to support the govulncheck command.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrMissingArgPatterns   = errors.New("missing any pattern args")
	ErrVulnerabilitiesFound = errors.New("vulnerabilities found")
)
View Source 
var LoadMode = packages.NeedName | packages.NeedImports | packages.NeedTypes |
	packages.NeedSyntax | packages.NeedTypesInfo | packages.NeedDeps |
	packages.NeedModule

LoadMode is the level of information needed for each package for running golang.org/x/tools/go/packages.Load.

Functions

func FuncName 

func FuncName(sf *result.StackFrame) string

FuncName returns the full qualified function name from sf, adjusted to remove pointer annotations.

func HandleJSON 

func HandleJSON(from io.Reader, to Handler) error

HandleJSON reads the json from the supplied stream and hands the decoded output to the handler.

func IsCalled 

func IsCalled(v *result.Vuln) bool

IsCalled reports whether the vulnerability is called, therefore affecting the target source code or binary.

func Pos 

func Pos(sf *result.StackFrame) string

Pos returns the position of the call in sf as string. If position is not available, return "".

Types

type Cmd 

type Cmd struct {
	// Path is not used and exists only to model Cmd after exec.Cmd.
	Path string

	// Args holds command line arguments, including the command as Args[0].
	// If the Args field is empty or nil, Run uses {Path}.
	//
	// In typical use, both Path and Args are set by calling Command.
	Args []string

	// Env is not used and exists only to model Cmd after exec.Cmd.
	Env []string

	// Dir specifies the working directory of the command.
	//
	// If Dir is the empty string, Run runs the command in the
	// current directory.
	Dir string

	// Stdin specifies the standard input.
	//
	// If Stdin is nil, Stdin is set to os.Stdin.
	Stdin io.Reader

	// Stdout and Stderr specify the standard output and error.
	//
	// If either is nil, Run connects os.Stdout and os.Stderr respectively.
	Stdout io.WriteCloser
	Stderr io.WriteCloser
	// contains filtered or unexported fields
}

Cmd represents an external govulncheck command being prepared or run, similar to exec.Cmd.

func Command 

func Command(ctx context.Context, name string, arg ...string) *Cmd

Command is the equivalent of exec.Command

Command returns the Cmd struct to execute govulncheck with the given arguments. It does not invoke an external command when started; the vulnerability scan happens in process.

It sets only the Path and Args in the returned structure.

The returned Cmd's Args field is constructed from the command name (which is always unused, but present to model the exec.Command API), followed by the elements of arg, so arg should not include the command name itself.

For example, Command("echo", "hello"). Args[0] is always name, not the possibly resolved Path.

It is designed to be very easy to switch to running an external command instead.

func (*Cmd) Run 

func (c *Cmd) Run() error

Run starts govulncheck and waits for it to complete.

The returned error is nil if the command runs, has no problems copying stdin, stdout, and stderr, and without an error.

func (*Cmd) Start 

func (c *Cmd) Start() error

Start starts the specified command but does not wait for it to complete.

After a successful call to Start the Wait method must be called in order to release associated system resources.

func (*Cmd) String 

func (c *Cmd) String() string

String returns a human-readable description of c. It is intended only for debugging. In particular, it is not suitable for use as input to a shell. The output of String may vary across releases.

func (*Cmd) Wait 

func (c *Cmd) Wait() error

Wait waits for the command to exit and waits for any copying to stdin or copying from stdout or stderr to complete.

The command must have been started by Start.

The returned error is nil if the command runs, has no problems copying stdin, stdout, and stderr, and without an error.

Wait releases any resources associated with the Cmd.

type FSCache 

type FSCache struct {
	// contains filtered or unexported fields
}

FSCache is a thread-safe file-system cache implementing osv.Cache

TODO: use something like cmd/go/internal/lockedfile for thread safety?

func DefaultCache 

func DefaultCache() (*FSCache, error)

func (*FSCache) ReadEntries 

func (c *FSCache) ReadEntries(dbName string, p string) ([]*osv.Entry, error)

func (*FSCache) ReadIndex 

func (c *FSCache) ReadIndex(dbName string) (client.DBIndex, time.Time, error)

func (*FSCache) WriteEntries 

func (c *FSCache) WriteEntries(dbName string, p string, entries []*osv.Entry) error

func (*FSCache) WriteIndex 

func (c *FSCache) WriteIndex(dbName string, index client.DBIndex, retrieved time.Time) error

type Handler 

type Handler interface {
	// Flush writes any output the handler is buffering.
	Flush() error

	// Vulnerability adds a vulnerability to be printed to the output.
	Vulnerability(vuln *result.Vuln) error

	// Preamble communicates introductory message to the user.
	Preamble(preamble *result.Preamble) error

	// Progress is called to display a progress message.
	Progress(msg string) error
}

Handler handles messages to be presented in a vulnerability scan output stream.

func NewJSONHandler 

func NewJSONHandler(w io.Writer) Handler

NewJSONHandler returns a handler that writes govulncheck output as json.

func NewTextHandler 

func NewTextHandler(w io.Writer) Handler

NewTextHandler returns a handler that writes govulncheck output as text.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.