resolution

package
v2.0.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2025 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ChainIsDev 

func ChainIsDev(dc DependencyChain, groups map[manifest.RequirementKey][]string) bool

func ComputeChains 

func ComputeChains(g *resolve.Graph, nodes []resolve.NodeID) [][]DependencyChain

ComputeChains computes all paths from each specified NodeID to the root node.

Types

type DependencyChain 

type DependencyChain struct {
	Graph *resolve.Graph
	Edges []resolve.Edge // Edge from root node is at the end of the list
}

func (DependencyChain) At 

func (dc DependencyChain) At(index int) (resolve.VersionKey, string)

At returns the dependency information of the dependency at the specified index along the chain. Returns the resolved VersionKey of the dependency, and the version requirement string. index 0 is the end dependency (usually the vulnerability) index len(Edges)-1 is the direct dependency from the root node

func (DependencyChain) Direct 

func (dc DependencyChain) Direct() (resolve.VersionKey, string)

func (DependencyChain) End 

func (dc DependencyChain) End() (resolve.VersionKey, string)

type Difference 

type Difference struct {
	Original     *Result
	New          *Result
	RemovedVulns []Vulnerability
	AddedVulns   []Vulnerability
	manifest.Patch
}

func (Difference) Compare 

func (a Difference) Compare(b Difference) int

Compare compares ResolutionDiffs based on 'effectiveness' (best first):

Sort order:

  1. (number of fixed vulns - introduced vulns) / (number of changed direct dependencies) [descending] (i.e. more efficient first)
  2. number of fixed vulns [descending]
  3. number of changed direct dependencies [ascending]
  4. changed direct dependency name package names [ascending]
  5. size of changed direct dependency bump [ascending]

type NodeError 

type NodeError struct {
	NodeID resolve.NodeID
	Error  resolve.NodeError
}

type ResolveOpts 

type ResolveOpts struct {
	MavenManagement bool // whether to include unresolved dependencyManagement dependencies in resolved graph.
}

type Result 

type Result struct {
	Manifest        manifest.Manifest
	Graph           *resolve.Graph
	Vulns           []Vulnerability
	UnfilteredVulns []Vulnerability
}

func Resolve 

func Resolve(ctx context.Context, cl client.ResolutionClient, m manifest.Manifest, opts ResolveOpts) (*Result, error)

func (*Result) CalculateDiff 

func (res *Result) CalculateDiff(other *Result) Difference

func (*Result) Errors 

func (res *Result) Errors() []NodeError

func (*Result) FilterVulns 

func (res *Result) FilterVulns(matchFn func(Vulnerability) bool)

FilterVulns populates Vulns with the UnfilteredVulns that satisfy matchFn

type Vulnerability 

type Vulnerability struct {
	OSV     models.Vulnerability
	DevOnly bool
	// Chains are paths through requirements from direct dependency to vulnerable package.
	// A 'Problem' chain constrains the package to a vulnerable version.
	// 'NonProblem' chains re-use the vulnerable version, but would not resolve to a vulnerable version in isolation.
	ProblemChains    []DependencyChain
	NonProblemChains []DependencyChain
}

func (Vulnerability) IsDirect 

func (rv Vulnerability) IsDirect() bool

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.