Documentation
¶
Index ¶
- Variables
- func CPUQuota() (int, bool)
- func EffectiveMaxConcurrency(configured int) int
- func ExtractArchiveToTempDir(ctx context.Context, c malcontent.Config, path string) (string, error)
- func ExtractBz2(ctx context.Context, d, f string) error
- func ExtractDeb(ctx context.Context, d, f string) (retErr error)
- func ExtractGzip(ctx context.Context, d string, f string) error
- func ExtractRPM(ctx context.Context, d, f string) (retErr error)
- func ExtractTar(ctx context.Context, d string, f string) (err error)
- func ExtractUPX(ctx context.Context, d, f string) (err error)
- func ExtractZip(ctx context.Context, d string, f string) (err error)
- func ExtractZlib(ctx context.Context, d string, f string) error
- func ExtractZstd(ctx context.Context, d string, f string) error
- func ExtractionMethod(ext string) func(context.Context, string, string) error
- func IsValidPath(target, dir string) bool
- func OCI(ctx context.Context, path string, useAuth bool, maxImageSize int64) (string, error)
- func OCIWithConfig(ctx context.Context, path string, c *malcontent.Config) (string, error)
- func ValidateResolvedPath(target, dir, clean string) error
Constants ¶
This section is empty.
Variables ¶
var ErrExtractorPanic = errors.New("extractor panic")
ErrExtractorPanic is the sentinel wrapped by every error returned from recoverExtractor. Callers may inspect with errors.Is to branch on panic recovery without string matching.
var GzMIME = map[string]struct{}{
"application/gzip": {},
"application/gzip-compressed": {},
"application/gzipped": {},
"application/x-gunzip": {},
"application/x-gzip": {},
"application/x-gzip-compressed": {},
"gzip/document": {},
}
Functions ¶
func CPUQuota ¶ added in v1.24.0
CPUQuota returns the cgroup-derived CPU ceiling for this process, expressed as a count of logical CPUs (ceil(quota/period), floored at 1). The second return is false when no cgroup ceiling applies.
func EffectiveMaxConcurrency ¶ added in v1.24.0
EffectiveMaxConcurrency clamps the operator-configured concurrency to the minimum of itself, runtime.GOMAXPROCS(0), and the cgroup CPU quota.
func ExtractArchiveToTempDir ¶
extractArchiveToTempDir creates a temporary directory and extracts the archive file for scanning.
func ExtractBz2 ¶
Extract Bz2 extracts bzip2 files.
func ExtractDeb ¶
ExtractDeb extracts .deb packages.
func ExtractGzip ¶
extractGzip extracts .gz archives.
func ExtractRPM ¶
extractRPM extracts .rpm packages.
func ExtractTar ¶
extractTar extracts .apk and .tar* archives.
func ExtractZip ¶
ExtractZip extracts zip-format archives (.ear, .jar, .war, .whl, .zip).
func ExtractZlib ¶
extractZlib extracts extension-agnostic zlib-compressed files.
func ExtractZstd ¶ added in v1.9.0
ExtractZstd extracts .zst and .zstd archives.
func ExtractionMethod ¶
func IsValidPath ¶
isValidPath checks if the target file is within the given directory.
func OCIWithConfig ¶ added in v1.24.0
OCIWithConfig accepts a fully-populated Config for OCI transport-hardening knobs.
func ValidateResolvedPath ¶ added in v1.21.0
ValidateResolvedPath checks that the target path still resides within the extraction directory after resolving symlinks in its parent directory.
Types ¶
This section is empty.
Source Files