osvdev

package
v2.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	QueryBatchEndpoint = "/v1/querybatch"
	QueryEndpoint      = "/v1/query"
	GetEndpoint        = "/v1/vulns"

	// DetermineVersionEndpoint is the URL for posting determineversion queries to OSV.
	DetermineVersionEndpoint = "/v1experimental/determineversion"

	// MaxQueriesPerQueryBatchRequest is a limit set in osv.dev's API, so is not configurable
	MaxQueriesPerQueryBatchRequest = 1000

	DefaultBaseURL = "https://api.osv.dev"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type BatchedQuery 

type BatchedQuery struct {
	Queries []*Query `json:"queries"`
}

BatchedQuery represents a batched query to OSV.

type BatchedResponse 

type BatchedResponse struct {
	Results []MinimalResponse `json:"results"`
}

BatchedResponse represents an unhydrated batched response from OSV.

type ClientConfig 

type ClientConfig struct {
	MaxConcurrentBatchRequests int
	MaxRetryAttempts           int
	JitterMultiplier           float64
	BackoffDurationExponential float64
	BackoffDurationMultiplier  float64
	UserAgent                  string
}

func DefaultConfig 

func DefaultConfig() ClientConfig

DefaultConfig make a default client config

type DetermineVersionHash 

type DetermineVersionHash struct {
	Path string `json:"path"`
	Hash []byte `json:"hash"`
}

DetermineVersionHash holds the per file hash and path information for determineversion.

type DetermineVersionResponse 

type DetermineVersionResponse struct {
	Matches []struct {
		Score    float64 `json:"score"`
		RepoInfo struct {
			Type    string `json:"type"`
			Address string `json:"address"`
			Tag     string `json:"tag"`
			Version string `json:"version"`
			Commit  string `json:"commit"`
		} `json:"repo_info"`
	} `json:"matches"`
}

DetermineVersionResponse is the response from the determineversions endpoint

type DetermineVersionsRequest 

type DetermineVersionsRequest struct {
	Name       string                 `json:"name"`
	FileHashes []DetermineVersionHash `json:"file_hashes"`
}

DetermineVersionsRequest is the request format to the determineversions endpoint

type HydratedBatchedResponse 

type HydratedBatchedResponse struct {
	Results []Response `json:"results"`
}

HydratedBatchedResponse represents a hydrated batched response from OSV.

type MinimalResponse 

type MinimalResponse struct {
	Vulns         []MinimalVulnerability `json:"vulns"`
	NextPageToken string                 `json:"next_page_token"`
}

MinimalResponse represents an unhydrated response from OSV.

type MinimalVulnerability 

type MinimalVulnerability struct {
	ID string `json:"id"`
}

MinimalVulnerability represents an unhydrated vulnerability entry from OSV.

type OSVClient 

type OSVClient struct {
	HTTPClient  *http.Client
	Config      ClientConfig
	BaseHostURL string
}

func DefaultClient 

func DefaultClient() *OSVClient

DefaultClient creates a new OSVClient with default settings

func (*OSVClient) ExperimentalDetermineVersion 

func (c *OSVClient) ExperimentalDetermineVersion(ctx context.Context, query *DetermineVersionsRequest) (*DetermineVersionResponse, error)

func (*OSVClient) GetVulnByID 

func (c *OSVClient) GetVulnByID(ctx context.Context, id string) (*osvschema.Vulnerability, error)

GetVulnByID is an interface to this endpoint: https://google.github.io/osv.dev/get-v1-vulns/

func (*OSVClient) Query 

func (c *OSVClient) Query(ctx context.Context, query *Query) (*Response, error)

Query is an interface to this endpoint: https://google.github.io/osv.dev/post-v1-query/ This function performs paging invisibly until the context expires, after which all pages that has already been retrieved are returned.

See if next_page_token field in the response is fully filled out to determine if there are extra pages remaining

func (*OSVClient) QueryBatch 

func (c *OSVClient) QueryBatch(ctx context.Context, queries []*Query) (*BatchedResponse, error)

QueryBatch is an interface to this endpoint: https://google.github.io/osv.dev/post-v1-querybatch/ This function performs paging invisibly until the context expires, after which all pages that has already been retrieved are returned.

See if next_page_token field in the response is fully filled out to determine if there are extra pages remaining

type Package 

type Package struct {
	PURL      string `json:"purl,omitempty"`
	Name      string `json:"name,omitempty"`
	Ecosystem string `json:"ecosystem,omitempty"`
}

Package represents a package identifier for OSV.

type Query 

type Query struct {
	Commit    string  `json:"commit,omitempty"`
	Package   Package `json:"package,omitempty"`
	Version   string  `json:"version,omitempty"`
	PageToken string  `json:"page_token,omitempty"`
}

Query represents a query to OSV.

type Response 

type Response struct {
	Vulns         []osvschema.Vulnerability `json:"vulns"`
	NextPageToken string                    `json:"next_page_token"`
}

Response represents a full response from OSV.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.