Documentation
¶
Overview ¶
Package vulntest provides helpers for vulncheck functionality testing.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AffectedRanges ¶ added in v0.14.0
func AffectedRanges(versions []VersionRange) []osv.Range
Types ¶
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB is a read-only vulnerability database on disk. Users can use this database with golang.org/x/vuln APIs by setting the `VULNDB` environment variable.
func NewDatabase ¶
NewDatabase returns a read-only DB containing the provided txtar-format collection of vulnerability reports. Each vulnerability report is a YAML file whose format is defined in golang.org/x/vulndb/doc/format.md. A report file name must have the id as its base name, and have .yaml as its extension.
db, err := NewDatabase(ctx, reports) ... defer db.Clean() client, err := NewClient(db) ...
The returned DB's Clean method must be called to clean up the generated database.
type Module ¶
type Module struct {
Module string `yaml:",omitempty"`
Versions []VersionRange `yaml:",omitempty"`
Packages []*Package `yaml:",omitempty"`
}
type Package ¶
type Package struct {
Package string `yaml:",omitempty"`
GOOS []string `yaml:"goos,omitempty"`
GOARCH []string `yaml:"goarch,omitempty"`
// Symbols originally identified as vulnerable.
Symbols []string `yaml:",omitempty"`
// Additional vulnerable symbols, computed from Symbols via static analysis
// or other technique.
DerivedSymbols []string `yaml:"derived_symbols,omitempty"`
}
type Reference ¶
A Reference is a link to some external resource.
For ease of typing, References are represented in the YAML as a single-element mapping of type to URL.
func (*Reference) MarshalYAML ¶
func (*Reference) UnmarshalYAML ¶
type Report ¶
type Report struct {
ID string `yaml:",omitempty"`
Modules []*Module `yaml:",omitempty"`
// Summary is a short phrase describing the vulnerability.
Summary string `yaml:",omitempty"`
// Description is the CVE description from an existing CVE. If we are
// assigning a CVE ID ourselves, use CVEMetadata.Description instead.
Description string `yaml:",omitempty"`
Published time.Time `yaml:",omitempty"`
Withdrawn *time.Time `yaml:",omitempty"`
References []*Reference `yaml:",omitempty"`
}
Report represents a vulnerability report in the vulndb. See https://go.googlesource.com/vulndb/+/refs/heads/master/doc/format.md
type Version ¶
type Version string
Version is a SemVer 2.0.0 semantic version with no leading "v" prefix, as used by OSV.
Source Files