Documentation
¶
Overview ¶
Package osv implements the OSV shared vulnerability format, as defined by https://ossf.github.io/osv-schema.
As this package is intended for use with the Go vulnerability database, only the subset of features which are used by that database are implemented (for instance, only the SEMVER affected range type is implemented).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Affected ¶
type Affected struct {
Package Package `json:"package"`
Ranges Affects `json:"ranges,omitempty"`
DatabaseSpecific DatabaseSpecific `json:"database_specific"`
EcosystemSpecific EcosystemSpecific `json:"ecosystem_specific"`
}
type Affects ¶
type Affects []AffectsRange
type AffectsRange ¶
type AffectsRange struct {
Type AffectsRangeType `json:"type"`
Events []RangeEvent `json:"events"`
}
type AffectsRangeType ¶
type AffectsRangeType string
const ( TypeUnspecified AffectsRangeType = "UNSPECIFIED" TypeGit AffectsRangeType = "GIT" TypeSemver AffectsRangeType = "SEMVER" )
type Credit ¶
type Credit struct {
Name string `json:"name,omitempty"`
Contact []string `json:"contact,omitempty"`
}
Credit represents an OSV style Credit to give credit for the Entry
type DatabaseSpecific ¶
type DatabaseSpecific struct {
URL string `json:"url"`
}
type EcosystemSpecific ¶
type EcosystemSpecific struct {
// Imports is the list of affected packages within the module.
Imports []EcosystemSpecificImport `json:"imports,omitempty"`
}
EcosystemSpecific contains additional information about the vulnerability for the Go ecosystem.
type EcosystemSpecificImport ¶
type EcosystemSpecificImport struct {
// Path is the package import path.
Path string `json:"path,omitempty"`
// GOOS is the execution operating system where the symbols appear, if
// known.
GOOS []string `json:"goos,omitempty"`
// GOARCH specifies the execution architecture where the symbols appear, if
// known.
GOARCH []string `json:"goarch,omitempty"`
// Symbols is the collection of functions and methods names affected by
// this vulnerability. Methods are listed as <recv>.<method>.
//
// If included, only programs which use these symbols will be marked as
// vulnerable. If omitted, any program which imports this module will be
// marked vulnerable.
//
// These should be the symbols initially detected or identified in the CVE
// or other source.
Symbols []string `json:"symbols,omitempty"`
}
EcosytemSpecificImport contains additional information about an affected package.
type Entry ¶
type Entry struct {
ID string `json:"id"`
Published time.Time `json:"published,omitempty"`
Modified time.Time `json:"modified,omitempty"`
Withdrawn *time.Time `json:"withdrawn,omitempty"`
Aliases []string `json:"aliases,omitempty"`
Details string `json:"details"`
Affected []Affected `json:"affected"`
References []Reference `json:"references,omitempty"`
Credits []Credit `json:"credits,omitempty"`
SchemaVersion string `json:"schema_version,omitempty"`
}
Entry represents a OSV style JSON vulnerability database entry
type RangeEvent ¶
Source Files
Click to show internal directories.
Click to hide internal directories.