gopls/internal/vulncheck/types.go - tools - Git at Google

 // Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // go:generate go run copier.go

 package vulncheck

 import (
 	"time"

 	gvc "golang.org/x/tools/gopls/internal/vulncheck/govulncheck"
 	"golang.org/x/tools/gopls/internal/vulncheck/osv"
 )

 // Result is the result of vulnerability scanning.
 type Result struct {
 	// Entries contains all vulnerabilities that are called or imported by
 	// the analyzed module. Keys are Entry.IDs.
 	Entries map[string]*osv.Entry
 	// Findings are vulnerabilities found by vulncheck or import-based analysis.
 	// Ordered by the OSV IDs and the package names.
 	Findings []*gvc.Finding

 	// Mode contains the source of the vulnerability info.
 	// Clients of the gopls.fetch_vulncheck_result command may need
 	// to interpret the vulnerabilities differently based on the
 	// analysis mode. For example, Vuln without callstack traces
 	// indicate a vulnerability that is not used if the result was
 	// from 'govulncheck' analysis mode. On the other hand, Vuln
 	// without callstack traces just implies the package with the
 	// vulnerability is known to the workspace and we do not know
 	// whether the vulnerable symbols are actually used or not.
 	Mode AnalysisMode `json:",omitempty"`

 	// AsOf describes when this Result was computed using govulncheck.
 	// It is valid only with the govulncheck analysis mode.
 	AsOf time.Time `json:",omitempty"`
 }

 type AnalysisMode string

 const (
 	ModeInvalid     AnalysisMode = "" // zero value
 	ModeGovulncheck AnalysisMode = "govulncheck"
 	ModeImports     AnalysisMode = "imports"
 )
	// Copyright 2022 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// go:generate go run copier.go

	package vulncheck

	import (
	"time"

	gvc "golang.org/x/tools/gopls/internal/vulncheck/govulncheck"
	"golang.org/x/tools/gopls/internal/vulncheck/osv"
	)

	// Result is the result of vulnerability scanning.
	type Result struct {
	// Entries contains all vulnerabilities that are called or imported by
	// the analyzed module. Keys are Entry.IDs.
	Entries map[string]*osv.Entry
	// Findings are vulnerabilities found by vulncheck or import-based analysis.
	// Ordered by the OSV IDs and the package names.
	Findings []*gvc.Finding

	// Mode contains the source of the vulnerability info.
	// Clients of the gopls.fetch_vulncheck_result command may need
	// to interpret the vulnerabilities differently based on the
	// analysis mode. For example, Vuln without callstack traces
	// indicate a vulnerability that is not used if the result was
	// from 'govulncheck' analysis mode. On the other hand, Vuln
	// without callstack traces just implies the package with the
	// vulnerability is known to the workspace and we do not know
	// whether the vulnerable symbols are actually used or not.
	Mode AnalysisMode `json:",omitempty"`

	// AsOf describes when this Result was computed using govulncheck.
	// It is valid only with the govulncheck analysis mode.
	AsOf time.Time `json:",omitempty"`
	}

	type AnalysisMode string

	const (
	ModeInvalid AnalysisMode = "" // zero value
	ModeGovulncheck AnalysisMode = "govulncheck"
	ModeImports AnalysisMode = "imports"
	)