Documentation
¶
Overview ¶
Package osv is the library behind the osv command line: the HTTP client, request shaping, and typed data models for the Google OSV (Open Source Vulnerabilities) API.
The Client here is the spine every command shares. It sets a real User-Agent, paces requests to stay polite, and retries transient failures (429 and 5xx) with exponential backoff.
Index ¶
Constants ¶
const BaseURL = "https://api.osv.dev/v1"
BaseURL is the OSV v1 API base URL.
const Host = "api.osv.dev"
Host is the OSV API host.
const SiteURL = "https://osv.dev"
SiteURL is the OSV web site, used by Locate.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client talks to the OSV API.
func (*Client) GetVuln ¶
GetVuln fetches a single vulnerability by ID (GHSA-xxx, CVE-xxx, or OSV-xxx).
func (*Client) Query ¶
func (c *Client) Query(ctx context.Context, ecosystem, name, version string, limit int) ([]Vuln, error)
Query returns vulnerabilities affecting the given package (and optionally version). If version is empty, all known vulnerabilities for the package are returned. If limit > 0, results are truncated to that count.
type Config ¶
type Config struct {
BaseURL string
UserAgent string
Rate time.Duration // min gap between requests
Timeout time.Duration
Retries int
}
Config holds all tunables for the OSV client.
type Domain ¶
type Domain struct{}
Domain is the OSV driver. It carries no state; the per-run client is built by newClient.
func (Domain) Info ¶
func (Domain) Info() kit.DomainInfo
Info describes the scheme, hostnames matched from pasted links, and the identity used for the binary's help and version.
type Vuln ¶
type Vuln struct {
ID string `json:"id" kit:"id"`
Summary string `json:"summary"`
Published string `json:"published"`
Modified string `json:"modified"`
Details string `json:"details,omitempty" kit:"body"`
CVSSScore string `json:"cvss_score,omitempty"`
Packages []string `json:"affected_packages,omitempty"`
}
Vuln is a flat record extracted from the OSV API response.