Initialize module and dependencies
This commit is contained in:
dwrz
74
vendor/golang.org/x/vuln/internal/scan/query.go
generated
vendored
Normal file
74
vendor/golang.org/x/vuln/internal/scan/query.go
generated
vendored
Normal file
@@ -0,0 +1,74 @@
|
||||
// Copyright 2023 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package scan
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"golang.org/x/vuln/internal/client"
|
||||
"golang.org/x/vuln/internal/govulncheck"
|
||||
isem "golang.org/x/vuln/internal/semver"
|
||||
)
|
||||
|
||||
// runQuery reports vulnerabilities that apply to the queries in the config.
|
||||
func runQuery(ctx context.Context, handler govulncheck.Handler, cfg *config, c *client.Client) error {
|
||||
reqs := make([]*client.ModuleRequest, len(cfg.patterns))
|
||||
for i, query := range cfg.patterns {
|
||||
mod, ver, err := parseModuleQuery(query)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := handler.Progress(queryProgressMessage(mod, ver)); err != nil {
|
||||
return err
|
||||
}
|
||||
reqs[i] = &client.ModuleRequest{
|
||||
Path: mod, Version: ver,
|
||||
}
|
||||
}
|
||||
|
||||
resps, err := c.ByModules(ctx, reqs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ids := make(map[string]bool)
|
||||
for _, resp := range resps {
|
||||
for _, entry := range resp.Entries {
|
||||
if _, ok := ids[entry.ID]; !ok {
|
||||
err := handler.OSV(entry)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ids[entry.ID] = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func queryProgressMessage(module, version string) *govulncheck.Progress {
|
||||
return &govulncheck.Progress{
|
||||
Message: fmt.Sprintf("Looking up vulnerabilities in %s at %s...", module, version),
|
||||
}
|
||||
}
|
||||
|
||||
var modQueryRegex = regexp.MustCompile(`(.+)@(.+)`)
|
||||
|
||||
func parseModuleQuery(pattern string) (_ string, _ string, err error) {
|
||||
matches := modQueryRegex.FindStringSubmatch(pattern)
|
||||
// matches should be [module@version, module, version]
|
||||
if len(matches) != 3 {
|
||||
return "", "", fmt.Errorf("invalid query %s: must be of the form module@version", pattern)
|
||||
}
|
||||
mod, ver := matches[1], matches[2]
|
||||
if !isem.Valid(ver) {
|
||||
return "", "", fmt.Errorf("version %s is not valid semver", ver)
|
||||
}
|
||||
|
||||
return mod, ver, nil
|
||||
}
|
||||
Reference in New Issue
Block a user