malindex

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 12, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const FirstRunCacheNote = "first run only — cached locally"

FirstRunCacheNote explains that the initial corpus download is stored locally.

Variables

This section is empty.

Functions

func CompiledCachePath

func CompiledCachePath(cacheDir, name string) string

func FormatIndexDownloadProgress

func FormatIndexDownloadProgress(loaded, total int) string

FormatIndexDownloadProgress formats spinner text for malicious-package index sync.

func IsMaliciousID

func IsMaliciousID(id string) bool

IsMaliciousID reports whether an advisory ID denotes a malicious-package record (OpenSSF MAL-* or PD GitHub-scan GHSCAN-MAL-*).

func NormalizeEcosystem

func NormalizeEcosystem(eco string) string

NormalizeEcosystem maps CLI/config aliases to canonical OSV ecosystem names.

func PublishedFeedSnapshotPath

func PublishedFeedSnapshotPath(cacheDir string) string

func SaveCompiledIndex

func SaveCompiledIndex(path string, entryCount int, idx *MaliciousIndex) error

func VulnPageURL

func VulnPageURL(id string) string

VulnPageURL returns the public OSV advisory page for an ID.

func WithFirstRunCacheNote

func WithFirstRunCacheNote(msg string) string

WithFirstRunCacheNote appends the first-run cache hint to a spinner message.

func WritePublishedFeedSnapshot

func WritePublishedFeedSnapshot(cacheDir, compiledPath string, idx *MaliciousIndex) error

WritePublishedFeedSnapshot stores a compact feed cache derived from the compiled index so feed/dashboard commands avoid parsing the full compiled.json on every run.

Types

type Affected

type Affected struct {
	Package  *Package `json:"package"`
	Versions []string `json:"versions"`
	Ranges   []Range  `json:"ranges"`
}

type BatchQueryRequest

type BatchQueryRequest struct {
	Queries []QueryRequest `json:"queries"`
}

type BatchQueryResponse

type BatchQueryResponse struct {
	Results []QueryResponse `json:"results"`
}

type DatabaseSpecific

type DatabaseSpecific struct {
	MaliciousPackagesOrigins []MaliciousOrigin `json:"malicious-packages-origins"`
}

type Event

type Event struct {
	Introduced   string `json:"introduced"`
	Fixed        string `json:"fixed"`
	LastAffected string `json:"last_affected"`
}

type IndexLoadProgress

type IndexLoadProgress func(loaded, total int)

type IndexLoadStatus

type IndexLoadStatus func(msg string)

type MalMatch

type MalMatch struct {
	ID        string
	Summary   string
	Published time.Time
	Modified  time.Time
}

MalMatch is a local match against the malicious package database.

type MaliciousIndex

type MaliciousIndex struct {
	// contains filtered or unexported fields
}

MaliciousIndex is an in-memory index of malicious-package advisories for local matching, lookup, and feed/search rendering.

func LoadCompiledIndex

func LoadCompiledIndex(path string, entryCount int) (*MaliciousIndex, bool)

func LoadCompiledIndexIfFresh

func LoadCompiledIndexIfFresh(path string) (*MaliciousIndex, bool)

func LoadCompiledIndexStale

func LoadCompiledIndexStale(path string) (*MaliciousIndex, bool)

LoadCompiledIndexStale returns the on-disk compiled index even when its TTL has expired. Feed rendering prefers this over scanning the modified index.

func NewEmptyMaliciousIndex

func NewEmptyMaliciousIndex() *MaliciousIndex

NewEmptyMaliciousIndex returns an empty malicious package index.

func (*MaliciousIndex) AddRecord

func (idx *MaliciousIndex) AddRecord(rec inventory.Record)

AddRecord indexes a malicious package from an inventory export record. The record's primary ID anchors the entry; remaining IDs are stored as aliases and indexed for lookup. Version coverage comes from affected_versions / all_versions. A record that sets neither (all_versions=false with an empty affected_versions list) carries no usable version coverage and is indexed without matching any pinned version, so name/ID lookups still surface it but version-pinned checks do not raise false positives.

func (*MaliciousIndex) AddVuln

func (idx *MaliciousIndex) AddVuln(vuln *Vulnerability)

AddVuln indexes a vulnerability record into the malicious package index.

func (*MaliciousIndex) ListSincePublished

func (idx *MaliciousIndex) ListSincePublished(since time.Time, ecosystem string) []SearchHit

ListSincePublished returns advisories with published >= since, newest published first.

func (*MaliciousIndex) LookupByID

func (idx *MaliciousIndex) LookupByID(id string) (SearchHit, bool)

LookupByID returns package metadata for a malicious advisory ID (primary or alias) in the compiled index.

func (*MaliciousIndex) Match

func (idx *MaliciousIndex) Match(ecosystem, name, version string) []MalMatch

Match returns matching MAL advisories for a package, or nil if clean.

func (*MaliciousIndex) PackageCount

func (idx *MaliciousIndex) PackageCount() int

func (*MaliciousIndex) QueryLocal

func (idx *MaliciousIndex) QueryLocal(ecosystem, name, version string) []*Vulnerability

QueryLocal returns synthesized Vulnerability records matching a package (and optional version) from the local index.

func (*MaliciousIndex) Search

func (idx *MaliciousIndex) Search(query, ecosystem string, limit int) SearchMatchResult

Search returns packages whose names contain query (case-insensitive). Hits are sorted by modified/published (newest first) and capped at limit. Total is the number of matches before the cap.

func (*MaliciousIndex) Vuln

func (idx *MaliciousIndex) Vuln(id string) (*Vulnerability, bool)

Vuln synthesizes a Vulnerability record for an advisory ID from the local index. It returns false when the ID is not malicious or not indexed.

type MaliciousOrigin

type MaliciousOrigin struct {
	ImportTime   string `json:"import_time"`
	ModifiedTime string `json:"modified_time"`
	Source       string `json:"source"`
}

type Package

type Package struct {
	Name      string `json:"name"`
	Ecosystem string `json:"ecosystem"`
}

type PackageQuery

type PackageQuery struct {
	Name      string `json:"name"`
	Ecosystem string `json:"ecosystem"`
}

type QueryRequest

type QueryRequest struct {
	Package *PackageQuery `json:"package,omitempty"`
	Version string        `json:"version,omitempty"`
}

type QueryResponse

type QueryResponse struct {
	Vulns []Vulnerability `json:"vulns"`
}

type Range

type Range struct {
	Type   string  `json:"type"`
	Events []Event `json:"events"`
}

type Reference

type Reference struct {
	Type string `json:"type"`
	URL  string `json:"url"`
}

type SearchHit

type SearchHit struct {
	Ecosystem string
	Name      string
	IDs       []string
	Aliases   []string
	Summary   string
	Severity  string
	Source    string
	Published time.Time
	Modified  time.Time
	Imported  time.Time
}

SearchHit is a package name match in the malicious package index.

func FilterFeedHits

func FilterFeedHits(hits []SearchHit, since time.Time, ecosystem string) []SearchHit

func LoadPublishedFeedSnapshot

func LoadPublishedFeedSnapshot(cacheDir, compiledPath string) ([]SearchHit, bool)

LoadPublishedFeedSnapshot returns recent published hits when the snapshot matches the on-disk compiled index.

type SearchMatchResult

type SearchMatchResult struct {
	Hits  []SearchHit
	Total int
}

SearchMatchResult holds capped search hits and the full match count.

type Vulnerability

type Vulnerability struct {
	ID               string           `json:"id"`
	Summary          string           `json:"summary"`
	Details          string           `json:"details"`
	Modified         string           `json:"modified"`
	Published        string           `json:"published"`
	Withdrawn        string           `json:"withdrawn"`
	Aliases          []string         `json:"aliases"`
	Affected         []Affected       `json:"affected"`
	References       []Reference      `json:"references"`
	DatabaseSpecific DatabaseSpecific `json:"database_specific"`
}

Vulnerability is the advisory record shape consumed across depx. It is no longer fetched from a remote OSV API: records are synthesized locally from the inventory index (see MaliciousIndex.Vuln), so only the fields depx renders are populated.

func MaliciousVulns

func MaliciousVulns(vulns []Vulnerability) []Vulnerability

MaliciousVulns filters a slice down to malicious-package advisories.

func (*Vulnerability) ImportedTime

func (v *Vulnerability) ImportedTime() time.Time

func (*Vulnerability) ModifiedTime

func (v *Vulnerability) ModifiedTime() time.Time

func (*Vulnerability) PackageEcosystem

func (v *Vulnerability) PackageEcosystem() string

func (*Vulnerability) PackageName

func (v *Vulnerability) PackageName() string

func (*Vulnerability) PublishedTime

func (v *Vulnerability) PublishedTime() time.Time

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL