vulntest

package

v0.15.3 Latest Latest Go to latest Published: Apr 12, 2024 License: BSD-3-Clause Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

cs.opensource.google/go/x/tools

Links

Documentation ¶

Overview ¶

Package vulntest provides helpers for vulncheck functionality testing.

Index ¶

Constants
Variables
func AffectedRanges(versions []VersionRange) []osv.Range
type DB
- func NewDatabase(ctx context.Context, txtarReports []byte) (*DB, error)
- func (db *DB) Clean() error
- func (db *DB) URI() string
type Module
type Package
type Reference
- func (r *Reference) MarshalYAML() (interface{}, error)
- func (r *Reference) UnmarshalYAML(n *yaml.Node) (err error)
type ReferenceType
type Report
- func (r *Report) ToString() (string, error)
- func (r *Report) Write(filename string) (err error)
type Version
type VersionRange

Constants ¶

View Source

const (
	ReferenceTypeAdvisory = ReferenceType("ADVISORY")
	ReferenceTypeArticle  = ReferenceType("ARTICLE")
	ReferenceTypeReport   = ReferenceType("REPORT")
	ReferenceTypeFix      = ReferenceType("FIX")
	ReferenceTypePackage  = ReferenceType("PACKAGE")
	ReferenceTypeEvidence = ReferenceType("EVIDENCE")
	ReferenceTypeWeb      = ReferenceType("WEB")
)

Variables ¶

View Source

var ReferenceTypes = []ReferenceType{
	ReferenceTypeAdvisory,
	ReferenceTypeArticle,
	ReferenceTypeReport,
	ReferenceTypeFix,
	ReferenceTypePackage,
	ReferenceTypeEvidence,
	ReferenceTypeWeb,
}

ReferenceTypes is the set of reference types defined in OSV.

Functions ¶

func AffectedRanges ¶ added in v0.14.0

func AffectedRanges(versions []VersionRange) []osv.Range

Types ¶

type DB ¶

type DB struct {
	// contains filtered or unexported fields
}

DB is a read-only vulnerability database on disk. Users can use this database with golang.org/x/vuln APIs by setting the `VULNDB“ environment variable.

func NewDatabase ¶

func NewDatabase(ctx context.Context, txtarReports []byte) (*DB, error)

NewDatabase returns a read-only DB containing the provided txtar-format collection of vulnerability reports. Each vulnerability report is a YAML file whose format is defined in golang.org/x/vulndb/doc/format.md. A report file name must have the id as its base name, and have .yaml as its extension.

db, err := NewDatabase(ctx, reports)
...
defer db.Clean()
client, err := NewClient(db)
...

The returned DB's Clean method must be called to clean up the generated database.

func (*DB) Clean ¶

func (db *DB) Clean() error

Clean deletes the database.

func (*DB) URI ¶

func (db *DB) URI() string

URI returns the file URI that can be used for VULNDB environment variable.

type Module ¶

type Module struct {
	Module   string         `yaml:",omitempty"`
	Versions []VersionRange `yaml:",omitempty"`
	Packages []*Package     `yaml:",omitempty"`
}

type Package ¶

type Package struct {
	Package string   `yaml:",omitempty"`
	GOOS    []string `yaml:"goos,omitempty"`
	GOARCH  []string `yaml:"goarch,omitempty"`
	// Symbols originally identified as vulnerable.
	Symbols []string `yaml:",omitempty"`
	// Additional vulnerable symbols, computed from Symbols via static analysis
	// or other technique.
	DerivedSymbols []string `yaml:"derived_symbols,omitempty"`
}

type Reference ¶

type Reference osv.Reference

A Reference is a link to some external resource.

For ease of typing, References are represented in the YAML as a single-element mapping of type to URL.

func (*Reference) MarshalYAML ¶

func (r *Reference) MarshalYAML() (interface{}, error)

func (*Reference) UnmarshalYAML ¶

func (r *Reference) UnmarshalYAML(n *yaml.Node) (err error)

type ReferenceType ¶

type ReferenceType string

Reference type is a reference (link) type.

type Report ¶

type Report struct {
	ID string `yaml:",omitempty"`

	Modules []*Module `yaml:",omitempty"`

	// Summary is a short phrase describing the vulnerability.
	Summary string `yaml:",omitempty"`

	// Description is the CVE description from an existing CVE. If we are
	// assigning a CVE ID ourselves, use CVEMetadata.Description instead.
	Description string     `yaml:",omitempty"`
	Published   time.Time  `yaml:",omitempty"`
	Withdrawn   *time.Time `yaml:",omitempty"`

	References []*Reference `yaml:",omitempty"`
}

Report represents a vulnerability report in the vulndb. See https://go.googlesource.com/vulndb/+/refs/heads/master/doc/format.md

func (*Report) ToString ¶

func (r *Report) ToString() (string, error)

ToString encodes r to a YAML string.

func (*Report) Write ¶

func (r *Report) Write(filename string) (err error)

Write writes r to filename in YAML format.

type Version ¶

type Version string

Version is an SemVer 2.0.0 semantic version with no leading "v" prefix, as used by OSV.

func (Version) Before ¶

func (v Version) Before(v2 Version) bool

Before reports whether v < v2.

func (Version) Canonical ¶

func (v Version) Canonical() string

Canonical returns the canonical formatting of the version.

func (Version) IsValid ¶

func (v Version) IsValid() bool

IsValid reports whether v is a valid semantic version string.

func (Version) V ¶

func (v Version) V() string

V returns the version with a "v" prefix.

type VersionRange ¶

type VersionRange struct {
	Introduced Version `yaml:"introduced,omitempty"`
	Fixed      Version `yaml:"fixed,omitempty"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL