datasource

package
v2.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2026 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Overview

Package datasource provides data sources for dependency resolution used by transitive scanning and guided remediation.

Index

Constants

View Source 
const MavenCentral = "https://repo.maven.apache.org/maven2"

Variables

This section is empty.

Functions

func MakeMavenAuth 

func MakeMavenAuth(globalSettings, userSettings MavenSettingsXML) map[string]*HTTPAuthentication

func NewInsightsAlphaClient added in v2.2.4 

func NewInsightsAlphaClient(addr string, userAgent string) (pb.InsightsClient, error)

NewInsightsAlphaClient creates a deps.dev v3alpha InsightsClient with a custom address and userAgent.

func NewMavenDecoder 

func NewMavenDecoder(reader io.Reader) *xml.Decoder

NewMavenDecoder returns an xml decoder with CharsetReader and Entity set.

Types

type CachedInsightsClient 

type CachedInsightsClient struct {
	pb.InsightsClient
	// contains filtered or unexported fields
}

CachedInsightsClient is a wrapper for InsightsClient that caches requests.

func NewCachedInsightsClient 

func NewCachedInsightsClient(addr string, userAgent string) (*CachedInsightsClient, error)

func (*CachedInsightsClient) GetPackage 

func (c *CachedInsightsClient) GetPackage(ctx context.Context, in *pb.GetPackageRequest, opts ...grpc.CallOption) (*pb.Package, error)

func (*CachedInsightsClient) GetRequirements 

func (c *CachedInsightsClient) GetRequirements(ctx context.Context, in *pb.GetRequirementsRequest, opts ...grpc.CallOption) (*pb.Requirements, error)

func (*CachedInsightsClient) GetVersion 

func (c *CachedInsightsClient) GetVersion(ctx context.Context, in *pb.GetVersionRequest, opts ...grpc.CallOption) (*pb.Version, error)

func (*CachedInsightsClient) GobDecode 

func (c *CachedInsightsClient) GobDecode(b []byte) error

func (*CachedInsightsClient) GobEncode 

func (c *CachedInsightsClient) GobEncode() ([]byte, error)

type HTTPAuthMethod 

type HTTPAuthMethod int
const (
	AuthBasic HTTPAuthMethod = iota
	AuthBearer
	AuthDigest
)

type HTTPAuthentication 

type HTTPAuthentication struct {
	SupportedMethods []HTTPAuthMethod // In order of preference, only one method will be attempted.

	// AlwaysAuth determines whether to always send auth headers.
	// If false, the server must respond with a WWW-Authenticate header which will be checked for supported methods.
	// Must be set to false to use Digest authentication.
	AlwaysAuth bool

	// Shared
	Username string // Basic & Digest, plain text.
	Password string // Basic & Digest, plain text.
	// Basic
	BasicAuth string // Base64-encoded username:password. Overrides Username & Password fields if set.
	// Bearer
	BearerToken string
	// Digest
	CnonceFunc func() string // Function used to generate cnonce string for Digest. OK to leave unassigned. Mostly for use in tests.
	// contains filtered or unexported fields
}

HTTPAuthentication holds the information needed for general HTTP Authentication support. Requests made through this will automatically populate the relevant info in the Authorization headers. This is a general implementation and should be suitable for use with any ecosystem.

func (*HTTPAuthentication) Get 

func (auth *HTTPAuthentication) Get(ctx context.Context, httpClient *http.Client, url string) (*http.Response, error)

Get makes an http GET request with the given http.Client. The Authorization Header will automatically be populated according to the fields in the HTTPAuthentication.

type MavenRegistry 

type MavenRegistry struct {
	URL    string
	Parsed *url.URL

	// Information from pom.xml
	ID               string
	ReleasesEnabled  bool
	SnapshotsEnabled bool
}

type MavenRegistryAPIClient 

type MavenRegistryAPIClient struct {
	// contains filtered or unexported fields
}

func NewMavenRegistryAPIClient 

func NewMavenRegistryAPIClient(registry MavenRegistry) (*MavenRegistryAPIClient, error)

func (*MavenRegistryAPIClient) AddRegistry 

func (m *MavenRegistryAPIClient) AddRegistry(registry MavenRegistry) error

AddRegistry adds the given registry to the list of registries if it has not been added.

func (*MavenRegistryAPIClient) GetProject 

func (m *MavenRegistryAPIClient) GetProject(ctx context.Context, groupID, artifactID, version string) (maven.Project, error)

GetProject fetches a pom.xml specified by groupID, artifactID and version and parses it to maven.Project. Each registry in the list is tried until we find the project. For a snapshot version, version level metadata is used to find the extact version string. More about Maven Repository Metadata Model: https://maven.apache.org/ref/3.9.9/maven-repository-metadata/ More about Maven Metadata: https://maven.apache.org/repositories/metadata.html

func (*MavenRegistryAPIClient) GetRegistries 

func (m *MavenRegistryAPIClient) GetRegistries() (registries []MavenRegistry)

func (*MavenRegistryAPIClient) GetVersions 

func (m *MavenRegistryAPIClient) GetVersions(ctx context.Context, groupID, artifactID string) ([]maven.String, error)

GetVersions returns the list of available versions of a Maven package specified by groupID and artifactID. Versions found in all registries are unioned, then sorted by semver.

func (*MavenRegistryAPIClient) GobDecode 

func (m *MavenRegistryAPIClient) GobDecode(b []byte) error

func (*MavenRegistryAPIClient) GobEncode 

func (m *MavenRegistryAPIClient) GobEncode() ([]byte, error)

func (*MavenRegistryAPIClient) WithoutRegistries 

func (m *MavenRegistryAPIClient) WithoutRegistries() *MavenRegistryAPIClient

WithoutRegistries makes MavenRegistryAPIClient including its cache but not registries.

type MavenSettingsXML 

type MavenSettingsXML struct {
	Servers []MavenSettingsXMLServer `xml:"servers>server"`
}

func ParseMavenSettings 

func ParseMavenSettings(path string) MavenSettingsXML

type MavenSettingsXMLServer 

type MavenSettingsXMLServer struct {
	ID       string `xml:"id"`
	Username string `xml:"username"`
	Password string `xml:"password"`
}

type NpmRegistryAPIClient 

type NpmRegistryAPIClient struct {
	// contains filtered or unexported fields
}

func NewNpmRegistryAPIClient 

func NewNpmRegistryAPIClient(workdir string) (*NpmRegistryAPIClient, error)

func (*NpmRegistryAPIClient) Dependencies 

func (c *NpmRegistryAPIClient) Dependencies(ctx context.Context, pkg, version string) (NpmRegistryDependencies, error)

func (*NpmRegistryAPIClient) FullJSON 

func (c *NpmRegistryAPIClient) FullJSON(ctx context.Context, pkg, version string) (gjson.Result, error)

func (*NpmRegistryAPIClient) GobDecode 

func (c *NpmRegistryAPIClient) GobDecode(b []byte) error

func (*NpmRegistryAPIClient) GobEncode 

func (c *NpmRegistryAPIClient) GobEncode() ([]byte, error)

func (*NpmRegistryAPIClient) Versions 

func (c *NpmRegistryAPIClient) Versions(ctx context.Context, pkg string) (NpmRegistryVersions, error)

type NpmRegistryAuths 

type NpmRegistryAuths map[string]*HTTPAuthentication

NpmRegistryAuths handles npm registry authentication in a manner similar to npm-registry-fetch https://github.com/npm/npm-registry-fetch/blob/237d33b45396caa00add61e0549cf09fbf9deb4f/lib/auth.js

func (NpmRegistryAuths) GetAuth 

func (auths NpmRegistryAuths) GetAuth(uri string) *HTTPAuthentication

type NpmRegistryConfig 

type NpmRegistryConfig struct {
	ScopeURLs map[string]string // map of @scope to registry URL
	Auths     NpmRegistryAuths  // auth info per npm registry URI
}

func LoadNpmRegistryConfig 

func LoadNpmRegistryConfig(workdir string) (NpmRegistryConfig, error)

func ParseNpmRegistryInfo 

func ParseNpmRegistryInfo(npmrc NpmrcConfig) NpmRegistryConfig

func (NpmRegistryConfig) MakeRequest 

func (r NpmRegistryConfig) MakeRequest(ctx context.Context, httpClient *http.Client, urlComponents ...string) (*http.Response, error)

MakeRequest makes the http request to the corresponding npm registry api (with auth). urlComponents should be (package) or (package, version)

type NpmRegistryDependencies 

type NpmRegistryDependencies struct {
	// TODO: These maps should preserve ordering from JSON response
	Dependencies         map[string]string
	DevDependencies      map[string]string
	PeerDependencies     map[string]string
	OptionalDependencies map[string]string
	BundleDependencies   []string
}

type NpmRegistryVersions 

type NpmRegistryVersions struct {
	Versions []string
	Tags     map[string]string
}

type NpmrcConfig 

type NpmrcConfig map[string]string

type RequestCache 

type RequestCache[K comparable, V any] struct {
	// contains filtered or unexported fields
}

RequestCache is a map to cache the results of expensive functions that are called concurrently.

func NewRequestCache 

func NewRequestCache[K comparable, V any]() *RequestCache[K, V]

func (*RequestCache[K, V]) Get 

func (rq *RequestCache[K, V]) Get(key K, fn func() (V, error)) (V, error)

Get gets the value from the cache map if it's cached, otherwise it will call fn to get the value and cache it. fn will only ever be called once for a key, even if there are multiple simultaneous calls to Get before the first call is finished.

func (*RequestCache[K, V]) GetMap 

func (rq *RequestCache[K, V]) GetMap() map[K]V

GetMap gets a shallow clone of the stored cache map.

func (*RequestCache[K, V]) SetMap 

func (rq *RequestCache[K, V]) SetMap(m map[K]V)

SetMap loads (a shallow clone of) the provided map into the cache map.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.