Documentation
¶
Index ¶
- func NewGoBumpPipeline(analyzer *Analyzer) *processor.Pipeline
- type Analyzer
- func (a *Analyzer) AnalyzeBumps(deps []string, goModInfo *GoModInfo) ([]BumpAnalysis, []string)
- func (a *Analyzer) GetFetcher() *Fetcher
- func (a *Analyzer) GetParser() *Parser
- func (a *Analyzer) GetVulnerabilityScanner() *scan.VulnerabilityScanner
- func (a *Analyzer) HaveDepsChanged(existing, merged []string) bool
- type BumpAction
- type BumpAnalysis
- type Fetcher
- type GitHubFileResponse
- type GoBumpApplier
- type GoBumpProcessor
- type GoBumpResult
- type GoModInfo
- type Parser
- type ProcessorOptions
- type SecurityFix
- type VulnerabilityAnalysis
- type VulnerabilityChecker
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewGoBumpPipeline ¶
NewGoBumpPipeline creates the gobump pipeline with the critical fix
Types ¶
type Analyzer ¶
type Analyzer struct {
// contains filtered or unexported fields
}
Analyzer handles vulnerability analysis and bump logic for Go dependencies
func NewAnalyzer ¶
NewAnalyzer creates a new analyzer with the provided HTTP client
func (*Analyzer) AnalyzeBumps ¶
func (a *Analyzer) AnalyzeBumps(deps []string, goModInfo *GoModInfo) ([]BumpAnalysis, []string)
AnalyzeBumps analyzes each bump and determines whether to keep or remove it
func (*Analyzer) GetFetcher ¶
GetFetcher returns the fetcher for external use
func (*Analyzer) GetVulnerabilityScanner ¶
func (a *Analyzer) GetVulnerabilityScanner() *scan.VulnerabilityScanner
GetVulnerabilityScanner returns the vulnerability scanner for external use
func (*Analyzer) HaveDepsChanged ¶
HaveDepsChanged compares two dependency lists to determine if they're different
type BumpAction ¶
type BumpAction struct {
Action string `json:"action" yaml:"action"` // "insert", "update", "remove"
PipelineIdx int `json:"pipeline_idx" yaml:"pipeline_idx"` // pipeline index for update/remove
Dependencies []string `json:"dependencies" yaml:"dependencies"` // dependencies to insert/update with
Reason string `json:"reason" yaml:"reason"` // human-readable reason
}
BumpAction represents a planned action for go/bump pipelines
type BumpAnalysis ¶
type BumpAnalysis struct {
Module string
BumpVersion string
GoModVersion string
Action string // "keep", "remove-noop", "remove-downgrade", "remove-missing"
Reason string
}
BumpAnalysis represents the analysis result for a single bump
type Fetcher ¶
type Fetcher struct {
// contains filtered or unexported fields
}
Fetcher handles fetching go.mod and go.sum files from git repositories
func NewFetcher ¶
NewFetcher creates a new fetcher with the provided HTTP client The httpClient parameter is required and should be obtained from httpclient.NewHTTPClient()
func (*Fetcher) FetchGoMod ¶
FetchGoMod fetches go.mod content from a git repository Uses GitHub API for private repos, falls back to raw.githubusercontent.com for public repos
type GitHubFileResponse ¶
type GitHubFileResponse struct {
Content string `json:"content"`
Encoding string `json:"encoding"`
}
GitHubFileResponse represents the GitHub API response for file content
type GoBumpApplier ¶
GoBumpApplier applies go/bump pipeline changes
func NewGoBumpApplier ¶
func NewGoBumpApplier(analyzer *Analyzer) *GoBumpApplier
type GoBumpProcessor ¶
type GoBumpProcessor struct {
*processor.BaseProcessor
// Security-specific fields
VulnerabilityAnalysis *VulnerabilityAnalysis `json:"vulnerability_analysis,omitempty"`
SecurityFixes []SecurityFix `json:"security_fixes"`
ActualChangesApplied bool `json:"actual_changes_applied"`
}
GoBumpProcessor extends BaseProcessor with security-specific fields
func NewGoBumpProcessor ¶
func NewGoBumpProcessor(filePath, packageName, currentVersion string, currentEpoch int64) *GoBumpProcessor
NewGoBumpProcessor creates a new gobump processor
func (*GoBumpProcessor) AddSecurityFix ¶
func (p *GoBumpProcessor) AddSecurityFix(fix SecurityFix)
AddSecurityFix adds a security fix to the processor
func (*GoBumpProcessor) HasActualChanges ¶
func (p *GoBumpProcessor) HasActualChanges() bool
HasActualChanges returns true if actual file modifications were made (not just vulnerabilities found)
func (*GoBumpProcessor) MarkActualChangesApplied ¶
func (p *GoBumpProcessor) MarkActualChangesApplied()
MarkActualChangesApplied marks that actual changes were made to the YAML This is critical for the epoch bumping logic - epoch should only bump when file changes occur
func (*GoBumpProcessor) ToResult ¶
func (p *GoBumpProcessor) ToResult() *GoBumpResult
ToResult converts the processor state to a GoBumpResult
type GoBumpResult ¶
type GoBumpResult struct {
PackageName string `json:"package_name" yaml:"package_name"`
FilePath string `json:"file_path" yaml:"file_path"`
VulnerabilitiesFound int `json:"vulnerabilities_found" yaml:"vulnerabilities_found"`
VulnerabilitiesFixed int `json:"vulnerabilities_fixed" yaml:"vulnerabilities_fixed"`
CriticalFixed int `json:"critical_fixed" yaml:"critical_fixed"`
HighFixed int `json:"high_fixed" yaml:"high_fixed"`
SecurityFixes []SecurityFix `json:"security_fixes" yaml:"security_fixes"`
ActionsApplied []BumpAction `json:"actions_applied" yaml:"actions_applied"`
OldEpoch int64 `json:"old_epoch" yaml:"old_epoch"`
NewEpoch int64 `json:"new_epoch" yaml:"new_epoch"`
EpochChanged bool `json:"epoch_changed" yaml:"epoch_changed"`
FileWasWritten bool `json:"file_was_written" yaml:"file_was_written"`
Messages []string `json:"messages" yaml:"messages"`
Error string `json:"error,omitempty" yaml:"error,omitempty"`
}
GoBumpResult represents the result of a go bump operation
func ProcessFile ¶
func ProcessFile(ctx context.Context, filePath string, opts ProcessorOptions, analyzer *Analyzer) (*GoBumpResult, error)
ProcessFile processes a single file using the shared pipeline architecture
type GoModInfo ¶
type GoModInfo struct {
Requirements map[string]string // module -> version (direct dependencies)
AllRequirements map[string]string // module -> version (all dependencies including indirect)
Replacements map[string]*modfile.Replace // module -> replacement
}
GoModInfo contains parsed go.mod information including requirements and replacements
type Parser ¶
type Parser struct{}
Parser handles parsing go.mod and go.sum files
func (*Parser) CreateVulnScanInput ¶
CreateVulnScanInput creates a vulnerability scanner input from GoModInfo This provides a unified list of dependencies for vulnerability scanning
func (*Parser) ParseGoMod ¶
ParseGoMod parses go.mod content and extracts module requirements and replacements
func (*Parser) ParseGoModWithSum ¶
ParseGoModWithSum parses both go.mod and go.sum to get complete dependency information
type ProcessorOptions ¶
type ProcessorOptions struct {
DryRun bool `json:"dry_run" yaml:"dry_run"`
BackupSuffix string `json:"backup_suffix" yaml:"backup_suffix"`
TempDir string `json:"temp_dir" yaml:"temp_dir"`
}
ProcessorOptions configures processor behavior
type SecurityFix ¶
type SecurityFix struct {
Module string `json:"module" yaml:"module"` // Go module affected
Vulnerability string `json:"vulnerability" yaml:"vulnerability"` // CVE or vulnerability ID
OldVersion string `json:"old_version" yaml:"old_version"` // version before fix
NewVersion string `json:"new_version" yaml:"new_version"` // version after fix
Severity string `json:"severity" yaml:"severity"` // critical, high, medium, low
}
SecurityFix represents a security vulnerability fix applied
type VulnerabilityAnalysis ¶
type VulnerabilityAnalysis struct {
GoModInfo *GoModInfo `json:"go_mod_info" yaml:"go_mod_info"`
ScanResult *scan.ScanResult `json:"scan_result" yaml:"scan_result"`
VulnerabilitiesFound int `json:"vulnerabilities_found" yaml:"vulnerabilities_found"`
CriticalCount int `json:"critical_count" yaml:"critical_count"`
HighCount int `json:"high_count" yaml:"high_count"`
SecurityBumps []string `json:"security_bumps" yaml:"security_bumps"`
BumpActions []BumpAction `json:"bump_actions" yaml:"bump_actions"`
Analysis []BumpAnalysis `json:"analysis" yaml:"analysis"`
}
VulnerabilityAnalysis contains the results of scanning go dependencies
type VulnerabilityChecker ¶
VulnerabilityChecker checks for Go module vulnerabilities
func NewVulnerabilityChecker ¶
func NewVulnerabilityChecker(analyzer *Analyzer) *VulnerabilityChecker
Source Files