Documentation
¶
Overview ¶
The full specification for this API endpoint can be found at: https://warehouse.pypa.io/api-reference/json.html#project
Index ¶
Examples ¶
Constants ¶
View Source
const Host = "pypi.org"
Variables ¶
View Source
var ErrMissingReleases = errors.New("no releases for this project's version")
Functions ¶
This section is empty.
Types ¶
type Attestation ¶
type Attestation struct {
Version int `json:"version"`
Envelope Envelope `json:"envelope"`
VerificationMaterials VerificationMaterials `json:"verification_material"`
}
type AttestationBundle ¶
type AttestationBundle struct {
Attestations []Attestation `json:"attestations"`
Publisher Publisher `json:"publisher"`
}
type Info ¶
type Info struct {
Author string `json:"author"`
AuthorEmail string `json:"author_email"`
BugtrackURL string `json:"bugtrack_url"`
Classifiers []string `json:"classifiers"`
Description string `json:"description"`
DescriptionContentType string `json:"description_content_type"`
DocsURL string `json:"docs_url"`
DownloadURL string `json:"download_url"`
Downloads Downloads `json:"downloads"`
HomePage string `json:"home_page"`
Keywords string `json:"keywords"`
License string `json:"license"`
Maintainer string `json:"maintainer"`
MaintainerEmail string `json:"maintainer_email"`
Name string `json:"name"`
PackageURL string `json:"package_url"`
Platform string `json:"platform"`
ProjectURL string `json:"project_url"`
ProjectUrls ProjectUrls `json:"project_urls"`
ReleaseURL string `json:"release_url"`
RequiresDist []string `json:"requires_dist"`
RequiresPython string `json:"requires_python"`
Summary string `json:"summary"`
Version string `json:"version"`
Yanked bool `json:"yanked"`
YankedReason string `json:"yanked_reason"`
}
type ProjectUrls ¶
type Provenance ¶
type Provenance struct {
Version int `json:"version"`
AttestationBundles []AttestationBundle `json:"attestation_bundles"`
}
PyPI seems to use a slightly custom AttestationBundle format documented at https://docs.pypi.org/api/integrity/
type Release ¶
type Release struct {
CommentText string `json:"comment_text"`
Digests Digests `json:"digests"`
Downloads int `json:"downloads"`
Filename string `json:"filename"`
HasSig bool `json:"has_sig"`
Md5Digest string `json:"md5_digest"`
Packagetype string `json:"packagetype"`
PythonVersion string `json:"python_version"`
RequiresPython string `json:"requires_python"`
Size int `json:"size"`
UploadTime string `json:"upload_time"`
UploadTimeIso8601 time.Time `json:"upload_time_iso_8601"`
URL string `json:"url"`
Yanked bool `json:"yanked"`
YankedReason string `json:"yanked_reason"`
}
type VerificationMaterials ¶
type VerificationMaterials struct {
Certificate string `json:"certificate"`
TransparencyEntries []*rekor.TransparencyLogEntry `json:"transparency_entries"`
}
func (*VerificationMaterials) UnmarshalJSON ¶
func (v *VerificationMaterials) UnmarshalJSON(bytes []byte) error
This is required as PyPI returns JSON serialized protobuf transparency entries.
type VerificationStatus ¶
type Verifier ¶
func NewVerifier ¶
func (*Verifier) Verify ¶
func (v *Verifier) Verify(ctx context.Context, project *Project, version string) ([]*VerificationStatus, error)
Example ¶
package main
import (
"context"
"log"
"github.com/DataDog/go-attestations-verifier/internal/httputil"
"github.com/DataDog/go-attestations-verifier/pkg/pypi"
)
func main() {
ctx := context.Background()
pypiClient := &pypi.Client{HTTP: httputil.DefaultClient()}
project, err := pypiClient.GetProject(ctx, "sampleproject")
if err != nil {
log.Fatal(err)
}
verifier, err := pypi.NewVerifier(pypiClient)
if err != nil {
log.Fatal(err)
}
status, err := verifier.Verify(ctx, project, "4.0.0")
if err != nil {
log.Fatal(err)
}
log.Print(status)
}
type Vulnerability ¶
Source Files
Click to show internal directories.
Click to hide internal directories.