fixtures

package

v1.6.0 Latest Latest Go to latest Published: Apr 8, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/quay/claircore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package fixtures provides definitions and helpers for working with claircore testing fixtures.

Index ¶

Constants
func ParseManifest(ctx context.Context, mt string, rd io.Reader) (iter.Seq2[ManifestRecord, error], error)
type ManifestRecord
type VulnerabilityStatus
- func (i VulnerabilityStatus) String() string

Constants ¶

View Source

const (
	MediaTypeVEX      = `application/csaf+json`
	MediaTypeManifest = `application/vnd.com.redhat.container.acceptancetest.v1+csv`
	MediaTypeBOM      = `application/spdx+json`
)

These are the known media types.

View Source

const (
	MediaTypeZstdVEX      = `application/csaf+json+zstd`
	MediaTypeZstdManifest = `application/vnd.com.redhat.container.acceptancetest.v1+csv+zstd`
	MediaTypeZstdBOM      = `application/spdx+json+zstd`
)

These are the compressed variants of the known media types

Variables ¶

This section is empty.

Functions ¶

func ParseManifest ¶

func ParseManifest(ctx context.Context, mt string, rd io.Reader) (iter.Seq2[ManifestRecord, error], error)

ParseManifest parses a vulnerability manifest from the given reader. The media type must be one of MediaTypeManifest or MediaTypeZstdManifest.

Types ¶

type ManifestRecord ¶

type ManifestRecord struct {
	ID      string
	Product string
	Status  VulnerabilityStatus
}

ManifestRecord is a single row from the vulnerability manifest.

type VulnerabilityStatus ¶

type VulnerabilityStatus uint

VulnerabilityStatus represents the expected vulnerability status for a product in acceptance test fixtures.

const (
	// StatusUnknown is the zero value and represents an unknown or unspecified status.
	// This is the implicit default per VEX spec for any product not explicitly enumerated.
	// In tests, records with this status do not cause failures if missing from results.
	StatusUnknown VulnerabilityStatus = iota // UNKNOWN

	// StatusAffected indicates the product is vulnerable.
	// In tests, this asserts the CVE+product MUST appear in results as affected.
	StatusAffected // AFFECTED

	// StatusNotAffected indicates the product is known to not be affected.
	// In tests, this asserts the CVE+product MUST appear in results as not-affected.
	// This maps to the VEX "known_not_affected" status.
	StatusNotAffected // NOT_AFFECTED

	// StatusAbsent indicates the product should not appear in results at all.
	// This is used for products that were fixed or filtered out.
	// In tests, this asserts the CVE+product MUST NOT appear in results.
	StatusAbsent // ABSENT
)

func (VulnerabilityStatus) String ¶

func (i VulnerabilityStatus) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL