commit 6666425eeffb69bb8aea9728b71ef25d8f6ac755
author Zvonimir Pavlinovic <zpavlinovic@google.com> Wed Jan 19 12:23:36 2022 -0800
committer Zvonimir Pavlinovic <zpavlinovic@google.com> Mon Jan 24 17:26:54 2022 +0000
tree 5395b6fa09801e586bd699e6f111fd0b4c83bab0
parent 7b334a16533f8c246a29e830921f71a7d549c08c

vulncheck: add witness data structures

The added data structures are based on the internal discussion and
proposed design document.

Change-Id: I07c3c8fdfcd74d7642e32d8201f1850c48375202
Reviewed-on: https://go-review.googlesource.com/c/exp/+/379574
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>
Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>

vulncheck/witness.go

diff --git a/vulncheck/witness.go b/vulncheck/witness.go
new file mode 100644
index 0000000..be3d76e
--- /dev/null
+++ b/vulncheck/witness.go
@@ -0,0 +1,21 @@
+package vulncheck
+
+// ImportChain is sequence of import paths starting with
+// a client package and ending with a package with some
+// known vulnerabilities.
+type ImportChain []*PkgNode
+
+// CallStack models a trace of function calls starting
+// with a client function or method and ending with a
+// call to a vulnerable symbol.
+type CallStack []StackEntry
+
+// StackEntry models an element of a call stack.
+type StackEntry struct {
+	// Function provides information on the function whose frame is on the stack.
+	Function *FuncNode
+
+	// Call provides information on the call site inducing this stack frame.
+	// nil when the frame represents an entry point of the stack.
+	Call *CallSite
+}