Initialize module and dependencies
This commit is contained in:
dwrz
46
vendor/golang.org/x/vuln/internal/openvex/purl.go
generated
vendored
Normal file
46
vendor/golang.org/x/vuln/internal/openvex/purl.go
generated
vendored
Normal file
@@ -0,0 +1,46 @@
|
||||
// Copyright 2024 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package openvex
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/vuln/internal/govulncheck"
|
||||
)
|
||||
|
||||
// The PURL is printed as: pkg:golang/MODULE_PATH@VERSION
|
||||
// Conceptually there is no namespace and the name is entirely defined by
|
||||
// the module path. See https://github.com/package-url/purl-spec/issues/63
|
||||
// for further disucssion.
|
||||
|
||||
const suffix = "pkg:golang/"
|
||||
|
||||
type purl struct {
|
||||
name string
|
||||
version string
|
||||
}
|
||||
|
||||
func (p *purl) String() string {
|
||||
var b strings.Builder
|
||||
b.WriteString(suffix)
|
||||
b.WriteString(url.PathEscape(p.name))
|
||||
if p.version != "" {
|
||||
b.WriteString("@")
|
||||
b.WriteString(p.version)
|
||||
}
|
||||
return b.String()
|
||||
}
|
||||
|
||||
// purlFromFinding takes a govulncheck finding and generates a purl to the
|
||||
// vulnerable dependency.
|
||||
func purlFromFinding(f *govulncheck.Finding) string {
|
||||
purl := purl{
|
||||
name: f.Trace[0].Module,
|
||||
version: f.Trace[0].Version,
|
||||
}
|
||||
|
||||
return purl.String()
|
||||
}
|
||||
Reference in New Issue
Block a user