file

package
v1.41.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 18 Imported by: 175

Documentation

Index

Constants

View Source 
const (
	ELF   ExecutableFormat = "elf"   // Executable and Linkable Format used on Unix-like systems
	MachO ExecutableFormat = "macho" // Mach object file format used on macOS and iOS
	PE    ExecutableFormat = "pe"    // Portable Executable format used on Windows

	RelocationReadOnlyNone    RelocationReadOnly = "none"    // no RELRO protection
	RelocationReadOnlyPartial RelocationReadOnly = "partial" // partial RELRO protection
	RelocationReadOnlyFull    RelocationReadOnly = "full"    // full RELRO protection
)
View Source 
const (
	// VisibleAnnotationKey is the key used to indicate if the location is visible or not at runtime
	VisibleAnnotationKey = "visible"

	// HiddenAnnotation is the value used to indicate that the location is not visible at runtime because it was deleted
	HiddenAnnotation = "false"

	// VisibleAnnotation is the value used to indicate that the location is visible at runtime
	VisibleAnnotation = "true"
)

Variables

This section is empty.

Functions

func CoordinatesSorter added in v1.24.0 

func CoordinatesSorter(layers []string) func(a, b Coordinates) int

CoordinatesSorter creates a comparison function (slices.SortFunc) for Coordinate objects based on layer order

func LocationSorter added in v1.24.0 

func LocationSorter(layers []string) func(a, b Location) int

LocationSorter creates a comparison function (slices.SortFunc) for Location objects based on layer order

Types

type ContentResolver added in v0.83.0 

type ContentResolver interface {
	FileContentsByLocation(Location) (io.ReadCloser, error)
}

ContentResolver knows how to get file content for a given Location

type CoordinateSet added in v0.83.0 

type CoordinateSet struct {
	// contains filtered or unexported fields
}

CoordinateSet provides a unique collection of Coordinates with set operations.

func NewCoordinateSet added in v0.83.0 

func NewCoordinateSet(coordinates ...Coordinates) (s CoordinateSet)

func (*CoordinateSet) Add added in v0.83.0 

func (s *CoordinateSet) Add(coordinates ...Coordinates)

func (CoordinateSet) Contains added in v0.83.0 

func (s CoordinateSet) Contains(l Coordinates) bool

func (CoordinateSet) Hash added in v0.83.0 

func (s CoordinateSet) Hash() (uint64, error)

func (CoordinateSet) Paths added in v0.83.0 

func (s CoordinateSet) Paths() []string

func (CoordinateSet) Remove added in v0.83.0 

func (s CoordinateSet) Remove(coordinates ...Coordinates)

func (CoordinateSet) ToSlice added in v0.83.0 

func (s CoordinateSet) ToSlice(sorters ...func(a, b Coordinates) int) []Coordinates

func (CoordinateSet) ToUnorderedSlice added in v1.24.0 

func (s CoordinateSet) ToUnorderedSlice() []Coordinates

type Coordinates added in v0.83.0 

type Coordinates struct {
	// RealPath is the canonical absolute form of the path accessed (all symbolic links have been followed and relative path components like '.' and '..' have been removed).
	RealPath string `json:"path" cyclonedx:"path"`

	// FileSystemID is an ID representing and entire filesystem. For container images, this is a layer digest. For directories or a root filesystem, this is blank.
	FileSystemID string `json:"layerID,omitempty" cyclonedx:"layerID"`
}

Coordinates contains the minimal information needed to describe how to find a file within any possible source object (e.g. image and directory sources)

func NewCoordinates added in v1.4.0 

func NewCoordinates(realPath, fsID string) Coordinates

func (Coordinates) GetCoordinates added in v1.14.0 

func (c Coordinates) GetCoordinates() Coordinates

func (Coordinates) ID added in v0.83.0 

func (c Coordinates) ID() artifact.ID

func (Coordinates) String added in v0.83.0 

func (c Coordinates) String() string

type Digest 

type Digest struct {
	// Algorithm specifies the hash algorithm used (e.g., "sha256", "md5").
	Algorithm string `json:"algorithm"`

	// Value is the hexadecimal string representation of the hash.
	Value string `json:"value"`
}

Digest represents a cryptographic hash of file contents.

type ELFSecurityFeatures added in v0.104.0 

type ELFSecurityFeatures struct {
	// SymbolTableStripped indicates whether debugging symbols have been removed.
	SymbolTableStripped bool `json:"symbolTableStripped" yaml:"symbolTableStripped" mapstructure:"symbolTableStripped"`

	// StackCanary indicates whether stack smashing protection is enabled.
	StackCanary *bool `json:"stackCanary,omitempty" yaml:"stackCanary" mapstructure:"stackCanary"`

	// NoExecutable indicates whether NX (no-execute) protection is enabled for the stack.
	NoExecutable bool `json:"nx" yaml:"nx" mapstructure:"nx"`

	// RelocationReadOnly indicates the RELRO protection level.
	RelocationReadOnly RelocationReadOnly `json:"relRO" yaml:"relRO" mapstructure:"relRO"`

	// PositionIndependentExecutable indicates whether the binary is compiled as PIE.
	PositionIndependentExecutable bool `json:"pie" yaml:"pie" mapstructure:"pie"`

	// DynamicSharedObject indicates whether the binary is a shared library.
	DynamicSharedObject bool `json:"dso" yaml:"dso" mapstructure:"dso"`

	// LlvmSafeStack represents a compiler-based security mechanism that separates the stack into a safe stack for storing return addresses and other critical data, and an unsafe stack for everything else, to mitigate stack-based memory corruption errors
	// see https://clang.llvm.org/docs/SafeStack.html
	LlvmSafeStack *bool `json:"safeStack,omitempty" yaml:"safeStack" mapstructure:"safeStack"`

	// ControlFlowIntegrity represents runtime checks to ensure a program's control flow adheres to the legal paths determined at compile time, thus protecting against various types of control-flow hijacking attacks
	// see https://clang.llvm.org/docs/ControlFlowIntegrity.html
	LlvmControlFlowIntegrity *bool `json:"cfi,omitempty" yaml:"cfi" mapstructure:"cfi"`

	// ClangFortifySource is a broad suite of extensions to libc aimed at catching misuses of common library functions
	// see https://android.googlesource.com/platform//bionic/+/d192dbecf0b2a371eb127c0871f77a9caf81c4d2/docs/clang_fortify_anatomy.md
	ClangFortifySource *bool `json:"fortify,omitempty" yaml:"fortify" mapstructure:"fortify"`
}

ELFSecurityFeatures captures security hardening and protection mechanisms in ELF binaries.

type Executable added in v0.104.0 

type Executable struct {
	// Format denotes either ELF, Mach-O, or PE
	Format ExecutableFormat `json:"format" yaml:"format" mapstructure:"format"`

	// HasExports indicates whether the binary exports symbols.
	HasExports bool `json:"hasExports" yaml:"hasExports" mapstructure:"hasExports"`

	// HasEntrypoint indicates whether the binary has an entry point function.
	HasEntrypoint bool `json:"hasEntrypoint" yaml:"hasEntrypoint" mapstructure:"hasEntrypoint"`

	// ImportedLibraries lists the shared libraries required by this executable.
	ImportedLibraries []string `json:"importedLibraries" yaml:"importedLibraries" mapstructure:"importedLibraries"`

	// ELFSecurityFeatures contains ELF-specific security hardening information when Format is ELF.
	ELFSecurityFeatures *ELFSecurityFeatures `json:"elfSecurityFeatures,omitempty" yaml:"elfSecurityFeatures" mapstructure:"elfSecurityFeatures"`
}

Executable contains metadata about binary files and their security features.

type ExecutableFormat added in v0.104.0 

type ExecutableFormat string

ExecutableFormat represents the binary executable format type.

type License added in v0.81.0 

type License struct {
	// Value is the raw license string as found in the file.
	Value string

	// SPDXExpression is the parsed SPDX license expression if available.
	SPDXExpression string

	// Type categorizes how the license was determined (e.g., declared, concluded -- following the same semantics as SPDX).
	Type license.Type

	LicenseEvidence *LicenseEvidence

	// Contents optionally stores the full license text.
	Contents string `hash:"ignore"`
}

License represents license information discovered within a file.

func NewLicense added in v0.81.0 

func NewLicense(value string) License

type LicenseEvidence added in v0.81.0 

type LicenseEvidence struct {
	// Confidence is a score indicating certainty of the license match.
	Confidence int

	// Offset is the byte position where the license text begins in the file.
	Offset int

	// Extent is the length in bytes of the matched license text.
	Extent int
}

LicenseEvidence contains details from license classifier analysis.

type Location added in v0.83.0 

type Location struct {
	LocationData     `cyclonedx:""`
	LocationMetadata `cyclonedx:""`
}

Location represents a path relative to a particular filesystem resolved to a specific file.Reference. This struct is used as a key in content fetching to uniquely identify a file relative to a request (the AccessPath).

func NewLocation added in v0.83.0 

func NewLocation(realPath string) Location

NewLocation creates a new Location representing a path without denoting a filesystem or FileCatalog reference.

func NewLocationFromCoordinates added in v0.83.0 

func NewLocationFromCoordinates(coordinates Coordinates) Location

NewLocationFromCoordinates creates a new location for the given Coordinates.

func NewLocationFromDirectory added in v0.83.0 

func NewLocationFromDirectory(responsePath string, fd string, ref file.Reference) Location

NewLocationFromDirectory creates a new Location representing the given path (extracted from the Reference) relative to the given directory.

func NewLocationFromImage added in v0.83.0 

func NewLocationFromImage(accessPath string, ref file.Reference, img *image.Image) Location

NewLocationFromImage creates a new Location representing the given path (extracted from the Reference) relative to the given image.

func NewVirtualLocation added in v0.83.0 

func NewVirtualLocation(realPath, accessPath string) Location

NewVirtualLocation creates a new location for a path accessed by a virtual path (a path with a symlink or hardlink somewhere in the path)

func NewVirtualLocationFromCoordinates added in v0.83.0 

func NewVirtualLocationFromCoordinates(coordinates Coordinates, accessPath string) Location

NewVirtualLocationFromCoordinates creates a new location for the given Coordinates via a virtual path.

func NewVirtualLocationFromDirectory added in v0.83.0 

func NewVirtualLocationFromDirectory(responsePath, responseAccessPath string, ref file.Reference) Location

NewVirtualLocationFromDirectory creates a new Location representing the given path (extracted from the Reference) relative to the given directory with a separate virtual access path.

func (Location) Equals added in v0.83.0 

func (l Location) Equals(other Location) bool

func (Location) Path added in v0.97.0 

func (l Location) Path() string

func (Location) String added in v0.83.0 

func (l Location) String() string

func (Location) WithAnnotation added in v0.83.0 

func (l Location) WithAnnotation(key, value string) Location

func (Location) WithoutAnnotations added in v0.83.0 

func (l Location) WithoutAnnotations() Location

type LocationData added in v0.83.0 

type LocationData struct {
	Coordinates `cyclonedx:""` // Empty string here means there is no intermediate property name, e.g. syft:locations:0:path without "coordinates"

	// AccessPath is the path used to retrieve file contents (which may or may not have hardlinks / symlinks in the path)
	AccessPath string `hash:"ignore" json:"accessPath"`
	// contains filtered or unexported fields
}

LocationData contains the core identifying information for a file location.

func (LocationData) Reference added in v0.83.0 

func (l LocationData) Reference() file.Reference

type LocationMetadata added in v0.83.0 

type LocationMetadata struct {
	Annotations map[string]string `json:"annotations,omitempty"` // Arbitrary key-value pairs that can be used to annotate a location
}

LocationMetadata provides additional contextual information about a file location.

type LocationReadCloser added in v0.83.0 

type LocationReadCloser struct {
	Location
	io.ReadCloser
}

LocationReadCloser combines a Location with a ReadCloser for accessing file content with location metadata.

func NewLocationReadCloser added in v0.83.0 

func NewLocationReadCloser(location Location, reader io.ReadCloser) LocationReadCloser

type LocationResolver added in v0.83.0 

type LocationResolver interface {
	// AllLocations returns a channel of all file references from the underlying source.
	// The implementation for this may vary, however, generally the following considerations should be made:
	// - NO symlink resolution should be performed on results
	// - returns locations for any file or directory
	AllLocations(ctx context.Context) <-chan Location
}

LocationResolver provides iteration over all file locations in a source.

type LocationSet added in v0.83.0 

type LocationSet struct {
	// contains filtered or unexported fields
}

LocationSet provides a unique collection of Locations with metadata and set operations.

func NewLocationSet added in v0.83.0 

func NewLocationSet(locations ...Location) (s LocationSet)

func (*LocationSet) Add added in v0.83.0 

func (s *LocationSet) Add(locations ...Location)

func (LocationSet) Contains added in v0.83.0 

func (s LocationSet) Contains(l Location) bool

func (*LocationSet) CoordinateSet added in v0.83.0 

func (s *LocationSet) CoordinateSet() CoordinateSet

func (*LocationSet) Empty added in v0.83.0 

func (s *LocationSet) Empty() bool

func (LocationSet) Hash added in v0.83.0 

func (s LocationSet) Hash() (uint64, error)

func (LocationSet) Remove added in v0.83.0 

func (s LocationSet) Remove(locations ...Location)

func (LocationSet) ToSlice added in v0.83.0 

func (s LocationSet) ToSlice(sorters ...func(a, b Location) int) []Location

func (LocationSet) ToUnorderedSlice added in v1.24.0 

func (s LocationSet) ToUnorderedSlice() []Location

type Locations added in v0.83.0 

type Locations []Location

Locations is a sortable slice of Location values.

func (Locations) Len added in v0.83.0 

func (l Locations) Len() int

func (Locations) Less added in v0.83.0 

func (l Locations) Less(i, j int) bool

func (Locations) Swap added in v0.83.0 

func (l Locations) Swap(i, j int)

type Metadata added in v0.83.0 

type Metadata = file.Metadata

type MetadataResolver added in v0.83.0 

type MetadataResolver interface {
	FileMetadataByLocation(Location) (Metadata, error)
}

MetadataResolver provides file metadata lookup by location.

type MockResolver added in v0.83.0 

type MockResolver struct {
	// contains filtered or unexported fields
}

MockResolver implements the FileResolver interface and is intended for use *only in test code*. It provides an implementation that can resolve local filesystem paths using only a provided discrete list of file paths, which are typically paths to test fixtures.

func NewMockResolverForPaths added in v0.83.0 

func NewMockResolverForPaths(paths ...string) *MockResolver

NewMockResolverForPaths creates a new MockResolver, where the only resolvable files are those specified by the supplied paths.

func NewMockResolverForPathsWithMetadata added in v0.83.0 

func NewMockResolverForPathsWithMetadata(metadata map[Coordinates]Metadata) *MockResolver

func (MockResolver) AllLocations added in v0.83.0 

func (r MockResolver) AllLocations(ctx context.Context) <-chan Location

func (MockResolver) FileContentsByLocation added in v0.83.0 

func (r MockResolver) FileContentsByLocation(location Location) (io.ReadCloser, error)

FileContentsByLocation fetches file contents for a single location. If the path does not exist, an error is returned.

func (MockResolver) FileMetadataByLocation added in v0.83.0 

func (r MockResolver) FileMetadataByLocation(l Location) (Metadata, error)

func (MockResolver) FilesByBasename added in v0.83.0 

func (r MockResolver) FilesByBasename(filenames ...string) ([]Location, error)

func (MockResolver) FilesByBasenameGlob added in v0.83.0 

func (r MockResolver) FilesByBasenameGlob(_ ...string) ([]Location, error)

func (MockResolver) FilesByExtension added in v0.83.0 

func (r MockResolver) FilesByExtension(extensions ...string) ([]Location, error)

func (MockResolver) FilesByGlob added in v0.83.0 

func (r MockResolver) FilesByGlob(patterns ...string) ([]Location, error)

FilesByGlob returns all Locations that match the given path glob pattern.

func (MockResolver) FilesByMIMEType added in v0.83.0 

func (r MockResolver) FilesByMIMEType(types ...string) ([]Location, error)

func (MockResolver) FilesByPath added in v0.83.0 

func (r MockResolver) FilesByPath(paths ...string) ([]Location, error)

FilesByPath returns all Locations that match the given paths.

func (MockResolver) HasPath added in v0.83.0 

func (r MockResolver) HasPath(path string) bool

HasPath indicates if the given path exists in the underlying source.

func (MockResolver) RelativeFileByPath added in v0.83.0 

func (r MockResolver) RelativeFileByPath(_ Location, path string) *Location

RelativeFileByPath returns a single Location for the given path.

func (MockResolver) String added in v0.83.0 

func (r MockResolver) String() string

String returns the string representation of the MockResolver.

func (MockResolver) Write added in v0.83.0 

func (r MockResolver) Write(_ Location, _ io.Reader) error

type PathResolver added in v0.83.0 

type PathResolver interface {
	// HasPath indicates if the given path exists in the underlying source.
	// The implementation for this may vary, however, generally the following considerations should be made:
	// - full symlink resolution should be performed on all requests
	// - returns locations for any file or directory
	HasPath(string) bool

	// FilesByPath fetches a set of file references which have the given path (for an image, there may be multiple matches).
	// The implementation for this may vary, however, generally the following considerations should be made:
	// - full symlink resolution should be performed on all requests
	// - only returns locations to files (NOT directories)
	FilesByPath(paths ...string) ([]Location, error)

	// FilesByGlob fetches a set of file references for the given glob matches
	// The implementation for this may vary, however, generally the following considerations should be made:
	// - full symlink resolution should be performed on all requests
	// - if multiple paths to the same file are found, the best single match should be returned
	// - only returns locations to files (NOT directories)
	FilesByGlob(patterns ...string) ([]Location, error)

	// FilesByMIMEType fetches a set of file references which the contents have been classified as one of the given MIME Types.
	FilesByMIMEType(types ...string) ([]Location, error)

	// RelativeFileByPath fetches a single file at the given path relative to the layer squash of the given reference.
	// This is helpful when attempting to find a file that is in the same layer or lower as another file.
	RelativeFileByPath(_ Location, path string) *Location
}

PathResolver knows how to get a Location for given string paths and globs

type RelocationReadOnly added in v0.104.0 

type RelocationReadOnly string

RelocationReadOnly indicates the RELRO security protection level applied to an ELF binary.

type Resolver added in v0.83.0 

type Resolver interface {
	ContentResolver
	PathResolver
	LocationResolver
	MetadataResolver
}

Resolver is an interface that encompasses how to get specific file references and file contents for a generic data source.

type SearchResult 

type SearchResult struct {
	// Classification identifies the type or category of the matched content.
	Classification string `json:"classification"`

	// LineNumber is the 1-indexed line number where the match was found.
	LineNumber int64 `json:"lineNumber"`

	// LineOffset is the character offset from the start of the line where the match begins.
	LineOffset int64 `json:"lineOffset"`

	// SeekPosition is the absolute byte offset from the start of the file.
	SeekPosition int64 `json:"seekPosition"`

	// Length is the size in bytes of the matched content.
	Length int64 `json:"length"`

	// Value optionally contains the actual matched content.
	Value string `json:"value,omitempty"`
}

SearchResult represents a match found during content scanning, such as secret detection.

func (SearchResult) String 

func (s SearchResult) String() string

type Selection added in v0.101.0 

type Selection string

Selection defines which files should be included during cataloging operations. 

const (
	NoFilesSelection             Selection = "none"             // no files are selected
	FilesOwnedByPackageSelection Selection = "owned-by-package" // only files owned by packages are selected
	AllFilesSelection            Selection = "all"              // all files are selected
)

type WritableResolver added in v0.83.0 

type WritableResolver interface {
	Resolver

	Write(location Location, reader io.Reader) error
}

WritableResolver extends Resolver with the ability to write file content.

Source Files

View all Source files

Directories

Path Synopsis
cataloger
executable
filecontent
filedigest
filemetadata
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.