security

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 21, 2021 License: AGPL-3.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source 
const AdvisoryArchiveURL = "https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master"

AdvisoryArchiveURL represents the advisories database URL

Variables

This section is empty.

Functions

func Format 

func Format(vulns *Vulnerabilities, format string) ([]byte, error)

Format formats the vulnerabilities in the given format

func LocateLock 

func LocateLock(path string) (io.Reader, error)

LocateLock locates a composer.lock

func ToANSI 

func ToANSI(vulns *Vulnerabilities) []byte

ToANSI returns vulnerabilities as text with ANSI code for colors

func ToJSON 

func ToJSON(vulns *Vulnerabilities) ([]byte, error)

ToJSON outputs vulnerabilities as JSON

func ToJunit added in v1.1.0 

func ToJunit(vulns *Vulnerabilities) ([]byte, error)

func ToMarkdown 

func ToMarkdown(vulns *Vulnerabilities) []byte

ToMarkdown returns vulnerabilities as Markdown

func ToYAML 

func ToYAML(vulns *Vulnerabilities) ([]byte, error)

ToYAML outputs vulnerabilities as YAML

func TryParseTime 

func TryParseTime(value string) (time.Time, bool)

TryParseTime tries to parse time using a couple of formats before giving up

Types

type Advisory 

type Advisory struct {
	Title     string             `yaml:"title"`
	Link      string             `yaml:"link"`
	CVE       string             `yaml:"cve"`
	Branches  map[string]*Branch `yaml:"branches"`
	Reference string             `yaml:"reference"`
}

Advisory represents a single security advisory

type AdvisoryDB 

type AdvisoryDB struct {
	Advisories []Advisory
	// contains filtered or unexported fields
}

AdvisoryDB stores all known security advisories

func NewDB 

func NewDB(noHTTPCalls bool, advisoryArchiveURL string) (*AdvisoryDB, error)

NewDB fetches the advisory DB from Github

func (*AdvisoryDB) Load 

func (db *AdvisoryDB) Load(advisoryArchiveURL string) error

Load Loads fetches the database from Github and reads/loads current advisories from the repository. Cache handling is delegated to http.Transport and **must** be handled appropriately.

type Branch 

type Branch struct {
	Versions []string `yaml:"versions"`
	Time     Time     `yaml:"time"`
}

Branch represents a Git branch

type Cache 

type Cache struct {
	Key  string
	Date string
	Body []byte
}

Cache stores the Github response to save bandwith

type Lock 

type Lock struct {
	Packages    []Package `json:"packages"`
	DevPackages []Package `json:"packages-dev"`
}

Lock represents a Composer lock file

func NewLock 

func NewLock(reader io.Reader) (*Lock, error)

NewLock creates a lock file wrapper

type Package 

type Package struct {
	Name    string  `json:"name"`
	Version Version `json:"version"`
	Time    Time    `json:"time,omitempty"`
}

Package represents a Composer package

type SimpleAdvisory 

type SimpleAdvisory struct {
	Title string `json:"title"`
	Link  string `json:"link"`
	CVE   string `json:"cve"`
}

SimpleAdvisory represents an advisory for export

func (SimpleAdvisory) String 

func (a SimpleAdvisory) String() string

type Time 

type Time time.Time

Time represents a Composer-like date

func (Time) Format 

func (t Time) Format(layout string) string

Format proxifies call to time.Time.Format

func (Time) MarshalJSON 

func (t Time) MarshalJSON() ([]byte, error)

MarshalJSON dumps a Composer-like date to JSON from a Go time.Time

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(data []byte) error

UnmarshalJSON parses a Composer-like date from JSON to a Go time.Time

func (*Time) UnmarshalYAML 

func (t *Time) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML parses a Composer-like date from YAML to a Go time.Time

type Version 

type Version string

Version represents a composer.json version (can be a string or an integer)

func (*Version) UnmarshalJSON 

func (v *Version) UnmarshalJSON(b []byte) error

UnmarshalJSON converts versions as integers to strings

type Vulnerabilities 

type Vulnerabilities map[string]Vulnerability

Vulnerabilities stores vulnerabilities for a lock file

func Analyze 

func Analyze(lock *Lock, db *AdvisoryDB, noDevPackages bool) *Vulnerabilities

Analyze checks if a give lock references packages with known security issues

func (*Vulnerabilities) Count 

func (v *Vulnerabilities) Count() int

Count returns the number of vulnerabilities

func (*Vulnerabilities) CountVulnerablePackages 

func (v *Vulnerabilities) CountVulnerablePackages() int

CountVulnerablePackages returns the number of packages with vulnerabilities

func (*Vulnerabilities) Get 

func (v *Vulnerabilities) Get(pkg string) *Vulnerability

Get returns the list of vulnerabilities for a given package

func (*Vulnerabilities) Keys 

func (v *Vulnerabilities) Keys() []string

Keys returns package names in alpha order

type Vulnerability 

type Vulnerability struct {
	Version    string           `json:"version"`
	Advisories []SimpleAdvisory `json:"advisories"`
}

Vulnerability represents an vulnerability

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.