raven/vendor/golang.org/x/vuln/internal/scan/binary.go

// Copyright 2022 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package scan

import (
	"context"
	"encoding/json"
	"errors"
	"os"
	"runtime/debug"

	"golang.org/x/tools/go/packages"
	"golang.org/x/vuln/internal/buildinfo"
	"golang.org/x/vuln/internal/client"
	"golang.org/x/vuln/internal/derrors"
	"golang.org/x/vuln/internal/govulncheck"
	"golang.org/x/vuln/internal/vulncheck"
)

// runBinary detects presence of vulnerable symbols in an executable or its minimal blob representation.
func runBinary(ctx context.Context, handler govulncheck.Handler, cfg *config, client *client.Client) (err error) {
	defer derrors.Wrap(&err, "govulncheck")

	bin, err := createBin(cfg.patterns[0])
	if err != nil {
		return err
	}

	p := &govulncheck.Progress{Message: binaryProgressMessage}
	if err := handler.Progress(p); err != nil {
		return err
	}
	return vulncheck.Binary(ctx, handler, bin, &cfg.Config, client)
}

func createBin(path string) (*vulncheck.Bin, error) {
	// First check if the path points to a Go binary. Otherwise, blob
	// parsing might json decode a Go binary which takes time.
	//
	// TODO(#64716): use fingerprinting to make this precise, clean, and fast.
	mods, packageSymbols, bi, err := buildinfo.ExtractPackagesAndSymbols(path)
	if err == nil {
		var main *packages.Module
		if bi.Main.Path != "" {
			main = &packages.Module{
				Path:    bi.Main.Path,
				Version: bi.Main.Version,
			}
		}

		return &vulncheck.Bin{
			Path:       bi.Path,
			Main:       main,
			Modules:    mods,
			PkgSymbols: packageSymbols,
			GoVersion:  bi.GoVersion,
			GOOS:       findSetting("GOOS", bi),
			GOARCH:     findSetting("GOARCH", bi),
		}, nil
	}

	// Otherwise, see if the path points to a valid blob.
	bin := parseBlob(path)
	if bin != nil {
		return bin, nil
	}

	return nil, errors.New("unrecognized binary format")
}

// parseBlob extracts vulncheck.Bin from a valid blob at path.
// If it cannot recognize a valid blob, returns nil.
func parseBlob(path string) *vulncheck.Bin {
	from, err := os.Open(path)
	if err != nil {
		return nil
	}
	defer from.Close()

	dec := json.NewDecoder(from)

	var h header
	if err := dec.Decode(&h); err != nil {
		return nil // no header
	} else if h.Name != extractModeID || h.Version != extractModeVersion {
		return nil // invalid header
	}

	var b vulncheck.Bin
	if err := dec.Decode(&b); err != nil {
		return nil // no body
	}
	if dec.More() {
		return nil // we want just header and body, nothing else
	}
	return &b
}

// findSetting returns value of setting from bi if present.
// Otherwise, returns "".
func findSetting(setting string, bi *debug.BuildInfo) string {
	for _, s := range bi.Settings {
		if s.Key == setting {
			return s.Value
		}
	}
	return ""
}
Initialize module and dependencies 2026-01-04 20:57:40 +00:00			`// Copyright 2022 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package scan`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"os"`
			`"runtime/debug"`

			`"golang.org/x/tools/go/packages"`
			`"golang.org/x/vuln/internal/buildinfo"`
			`"golang.org/x/vuln/internal/client"`
			`"golang.org/x/vuln/internal/derrors"`
			`"golang.org/x/vuln/internal/govulncheck"`
			`"golang.org/x/vuln/internal/vulncheck"`
			`)`

			`// runBinary detects presence of vulnerable symbols in an executable or its minimal blob representation.`
			`func runBinary(ctx context.Context, handler govulncheck.Handler, cfg config, client client.Client) (err error) {`
			`defer derrors.Wrap(&err, "govulncheck")`

			`bin, err := createBin(cfg.patterns[0])`
			`if err != nil {`
			`return err`
			`}`

			`p := &govulncheck.Progress{Message: binaryProgressMessage}`
			`if err := handler.Progress(p); err != nil {`
			`return err`
			`}`
			`return vulncheck.Binary(ctx, handler, bin, &cfg.Config, client)`
			`}`

			`func createBin(path string) (*vulncheck.Bin, error) {`
			`// First check if the path points to a Go binary. Otherwise, blob`
			`// parsing might json decode a Go binary which takes time.`
			`//`
			`// TODO(#64716): use fingerprinting to make this precise, clean, and fast.`
			`mods, packageSymbols, bi, err := buildinfo.ExtractPackagesAndSymbols(path)`
			`if err == nil {`
			`var main *packages.Module`
			`if bi.Main.Path != "" {`
			`main = &packages.Module{`
			`Path: bi.Main.Path,`
			`Version: bi.Main.Version,`
			`}`
			`}`

			`return &vulncheck.Bin{`
			`Path: bi.Path,`
			`Main: main,`
			`Modules: mods,`
			`PkgSymbols: packageSymbols,`
			`GoVersion: bi.GoVersion,`
			`GOOS: findSetting("GOOS", bi),`
			`GOARCH: findSetting("GOARCH", bi),`
			`}, nil`
			`}`

			`// Otherwise, see if the path points to a valid blob.`
			`bin := parseBlob(path)`
			`if bin != nil {`
			`return bin, nil`
			`}`

			`return nil, errors.New("unrecognized binary format")`
			`}`

			`// parseBlob extracts vulncheck.Bin from a valid blob at path.`
			`// If it cannot recognize a valid blob, returns nil.`
			`func parseBlob(path string) *vulncheck.Bin {`
			`from, err := os.Open(path)`
			`if err != nil {`
			`return nil`
			`}`
			`defer from.Close()`

			`dec := json.NewDecoder(from)`

			`var h header`
			`if err := dec.Decode(&h); err != nil {`
			`return nil // no header`
			`} else if h.Name != extractModeID \|\| h.Version != extractModeVersion {`
			`return nil // invalid header`
			`}`

			`var b vulncheck.Bin`
			`if err := dec.Decode(&b); err != nil {`
			`return nil // no body`
			`}`
			`if dec.More() {`
			`return nil // we want just header and body, nothing else`
			`}`
			`return &b`
			`}`

			`// findSetting returns value of setting from bi if present.`
			`// Otherwise, returns "".`
			`func findSetting(setting string, bi *debug.BuildInfo) string {`
			`for _, s := range bi.Settings {`
			`if s.Key == setting {`
			`return s.Value`
			`}`
			`}`
			`return ""`
			`}`