blob: 077901d13d0099c2494939e4d37c1526e2166f3a [file] [log] [blame]
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -05001// Copyright 2022 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -07005// This program runs govulncheck on a module in source mode and then
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -05006// writes the result as JSON. It is intended to be run in a sandbox.
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -07007// For running govulncheck on binaries, see cmd/compare_sandbox.
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -05008//
9// Unless it panics, this program always terminates with exit code 0.
10// If there is an error, it writes a JSON object with field "Error".
Zvonimir Pavlinovicb6a33282023-03-14 16:50:37 -070011// Otherwise, it writes a internal/govulncheck.SandboxResponse as JSON.
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050012package main
13
14import (
Maceo Thompson1dc36682023-03-09 18:34:22 +000015 "encoding/json"
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050016 "errors"
17 "flag"
18 "fmt"
19 "io"
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050020 "os"
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050021
Zvonimir Pavlinovic85d15772023-03-14 16:12:23 -070022 "golang.org/x/pkgsite-metrics/internal/govulncheck"
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050023)
24
Zvonimir Pavlinovicd732a2c2023-03-17 16:18:37 -070025// main function for govulncheck sandbox that accepts four inputs
26// in the following order:
27// - path to govulncheck
28// - govulncheck mode
29// - input module or binary to analyze
30// - full path to the vulnerability database
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050031func main() {
32 flag.Parse()
Zvonimir Pavlinovicd732a2c2023-03-17 16:18:37 -070033 run(os.Stdout, flag.Args())
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050034}
35
Zvonimir Pavlinovicd732a2c2023-03-17 16:18:37 -070036func run(w io.Writer, args []string) {
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050037
38 fail := func(err error) {
39 fmt.Fprintf(w, `{"Error": %q}`, err)
40 fmt.Fprintln(w)
41 }
42
Zvonimir Pavlinovicd732a2c2023-03-17 16:18:37 -070043 if len(args) != 4 {
44 fail(errors.New("need four args: govulncheck path, mode, input module dir or binary, full path to vuln db"))
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050045 return
46 }
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -070047
48 modeFlag := args[1]
49 if modeFlag == govulncheck.FlagBinary {
50 fail(errors.New("binaries are only analyzed in compare_sandbox"))
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050051 return
52 }
Maceo Thompsonaab7eeb2023-03-01 21:45:31 +000053
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -070054 resp, err := runGovulncheck(args[0], modeFlag, args[2], args[3])
Zvonimir Pavlinovic985587f2023-03-09 18:01:22 -080055 if err != nil {
56 fail(err)
57 return
Maceo Thompsonaab7eeb2023-03-01 21:45:31 +000058 }
Maceo Thompson1dc36682023-03-09 18:34:22 +000059 b, err := json.MarshalIndent(resp, "", "\t")
60 if err != nil {
61 fail(fmt.Errorf("json.MarshalIndent: %v", err))
62 return
63 }
64
Jonathan Amsterdam7ec1ba12023-02-13 11:45:16 -050065 w.Write(b)
66 fmt.Println()
67}
68
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -070069func runGovulncheck(govulncheckPath, modeFlag, filePath, vulnDBDir string) (*govulncheck.SandboxResponse, error) {
Maceo Thompsone3b973e2023-05-22 21:23:01 +000070 response := govulncheck.SandboxResponse{
71 Stats: govulncheck.ScanStats{},
Zvonimir Pavlinoviceac61d42023-03-08 16:29:28 -080072 }
Maceo Thompson465ecaa2023-06-27 13:24:38 -040073
Zvonimir Pavlinovic73f2fb02023-09-15 09:28:08 -070074 findings, err := govulncheck.RunGovulncheckCmd(govulncheckPath, modeFlag, "./...", filePath, vulnDBDir, &response.Stats)
Maceo Thompson1dc36682023-03-09 18:34:22 +000075 if err != nil {
76 return nil, err
77 }
Maceo Thompsone3b973e2023-05-22 21:23:01 +000078 response.Findings = findings
Maceo Thompson1dc36682023-03-09 18:34:22 +000079 return &response, nil
Maceo Thompsonaab7eeb2023-03-01 21:45:31 +000080}