commit 0c422e6ef772889baaf41c1760cad06fc2f0691c
author Zvonimir Pavlinovic <zpavlinovic@google.com> Wed Jan 19 12:23:36 2022 -0800
committer Julie Qiu <julie@golang.org> Wed Mar 23 19:17:13 2022 +0000
tree 4b7c40a7843f64d12c8f24b34903b55b2a1684a8
parent 8a55d1831976b6cc5a68070d7e9b402dec0a4fc1

vulncheck: add witness data structures

The added data structures are based on the internal discussion and
proposed design document.

Cherry-picked: https://go-review.googlesource.com/c/exp/+/379574

Change-Id: I59f9aff02655226cdab437e43771dd79889375b5
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/395053
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

vulncheck/witness.go

diff --git a/vulncheck/witness.go b/vulncheck/witness.go
new file mode 100644
index 0000000..8e2d420
--- /dev/null
+++ b/vulncheck/witness.go
@@ -0,0 +1,25 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package vulncheck
+
+// ImportChain is sequence of import paths starting with
+// a client package and ending with a package with some
+// known vulnerabilities.
+type ImportChain []*PkgNode
+
+// CallStack models a trace of function calls starting
+// with a client function or method and ending with a
+// call to a vulnerable symbol.
+type CallStack []StackEntry
+
+// StackEntry models an element of a call stack.
+type StackEntry struct {
+	// Function provides information on the function whose frame is on the stack.
+	Function *FuncNode
+
+	// Call provides information on the call site inducing this stack frame.
+	// nil when the frame represents an entry point of the stack.
+	Call *CallSite
+}