Documentation
¶
Index ¶
- Variables
- func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
- func ConvertToIndirectMatches(matches []Match, p pkg.Package)
- type ByElements
- type Detail
- type Details
- type ExclusionProvider
- type Fingerprint
- type IgnoreRule
- type IgnoreRulePackage
- type IgnoredMatch
- type Match
- type MatcherType
- type Matches
- type Type
Constants ¶
This section is empty.
Variables ¶
var AllMatcherTypes = []MatcherType{ ApkMatcher, RubyGemMatcher, DpkgMatcher, RpmMatcher, JavaMatcher, PythonMatcher, DotnetMatcher, JavascriptMatcher, MsrcMatcher, PortageMatcher, GoModuleMatcher, }
var ErrCannotMerge = fmt.Errorf("unable to merge vulnerability matches")
Functions ¶
func ApplyIgnoreRules ¶
func ApplyIgnoreRules(matches Matches, rules []IgnoreRule) (Matches, []IgnoredMatch)
ApplyIgnoreRules iterates through the provided matches and, for each match, determines if the match should be ignored, by evaluating if any of the provided IgnoreRules apply to the match. If any rules apply to the match, all applicable rules are attached to the Match to form an IgnoredMatch. ApplyIgnoreRules returns two collections: the matches that are not being ignored, and the matches that are being ignored.
Types ¶
type ByElements ¶
type ByElements []Match
func (ByElements) Len ¶
func (m ByElements) Len() int
Len is the number of elements in the collection.
func (ByElements) Less ¶
func (m ByElements) Less(i, j int) bool
Less reports whether the element with index i should sort before the element with index j.
func (ByElements) Swap ¶
func (m ByElements) Swap(i, j int)
Swap swaps the elements with indexes i and j.
type Detail ¶
type Detail struct {
Type Type // The kind of match made (an exact match, fuzzy match, indirect vs direct, etc).
SearchedBy interface{} // The specific attributes that were used to search (other than package name and version) --this indicates "how" the match was made.
Found interface{} // The specific attributes on the vulnerability object that were matched with --this indicates "what" was matched on / within.
Matcher MatcherType // The matcher object that discovered the match.
Confidence float64 // The certainty of the match as a ratio (currently unused, reserved for future use).
}
type Details ¶
type Details []Detail
func (Details) Matchers ¶
func (m Details) Matchers() (tys []MatcherType)
type ExclusionProvider ¶
type ExclusionProvider interface {
GetRules(vulnerabilityID string) ([]IgnoreRule, error)
}
type Fingerprint ¶
type Fingerprint struct {
// contains filtered or unexported fields
}
func (Fingerprint) ID ¶
func (m Fingerprint) ID() string
func (Fingerprint) String ¶
func (m Fingerprint) String() string
type IgnoreRule ¶
type IgnoreRule struct {
Vulnerability string `yaml:"vulnerability" json:"vulnerability" mapstructure:"vulnerability"`
Namespace string `yaml:"namespace" json:"namespace" mapstructure:"namespace"`
FixState string `yaml:"fix-state" json:"fix-state" mapstructure:"fix-state"`
Package IgnoreRulePackage `yaml:"package" json:"package" mapstructure:"package"`
}
An IgnoreRule specifies criteria for a vulnerability match to meet in order to be ignored. Not all criteria (fields) need to be specified, but all specified criteria must be met by the vulnerability match in order for the rule to apply.
type IgnoreRulePackage ¶
type IgnoreRulePackage struct {
Name string `yaml:"name" json:"name" mapstructure:"name"`
Version string `yaml:"version" json:"version" mapstructure:"version"`
Language string `yaml:"language" json:"language" mapstructure:"language"`
Type string `yaml:"type" json:"type" mapstructure:"type"`
Location string `yaml:"location" json:"location" mapstructure:"location"`
}
IgnoreRulePackage describes the Package-specific fields that comprise the IgnoreRule.
type IgnoredMatch ¶
type IgnoredMatch struct {
Match
// AppliedIgnoreRules are the rules that were applied to the match that caused Govulners to ignore it.
AppliedIgnoreRules []IgnoreRule
}
An IgnoredMatch is a vulnerability Match that has been ignored because one or more IgnoreRules applied to the match.
type Match ¶
type Match struct {
Vulnerability vulnerability.Vulnerability // The vulnerability details of the match.
Package pkg.Package // The package used to search for a match.
Details Details // all ways in which how this particular match was made.
}
Match represents a finding in the vulnerability matching process, pairing a single package and a single vulnerability object.
func (Match) Fingerprint ¶
func (m Match) Fingerprint() Fingerprint
type MatcherType ¶
type MatcherType string
const ( UnknownMatcherType MatcherType = "UnknownMatcherType" StockMatcher MatcherType = "stock-matcher" ApkMatcher MatcherType = "apk-matcher" RubyGemMatcher MatcherType = "ruby-gem-matcher" DpkgMatcher MatcherType = "dpkg-matcher" RpmMatcher MatcherType = "rpm-matcher" JavaMatcher MatcherType = "java-matcher" PythonMatcher MatcherType = "python-matcher" DotnetMatcher MatcherType = "dotnet-matcher" JavascriptMatcher MatcherType = "javascript-matcher" MsrcMatcher MatcherType = "msrc-matcher" PortageMatcher MatcherType = "portage-matcher" GoModuleMatcher MatcherType = "go-module-matcher" )
type Matches ¶
type Matches struct {
// contains filtered or unexported fields
}
func ApplyExplicitIgnoreRules ¶
func ApplyExplicitIgnoreRules(provider ExclusionProvider, matches Matches) Matches
ApplyExplicitIgnoreRules Filters out matches meeting the criteria defined above and those within the govulners database
func NewMatches ¶
func (*Matches) AllByPkgID ¶
AllByPkgID returns a map of all matches organized by package ID
func (*Matches) GetByPkgID ¶
GetByPkgID returns a slice of potential matches from an ID
Source Files