Google Git
Sign in
go / vuln / b5c0ef50b98894e819e250417cdf3b6c535e130a^! / .
commitb5c0ef50b98894e819e250417cdf3b6c535e130a[log] [tgz]
authorJulie Qiu <julie@golang.org>Thu Jun 02 15:55:24 2022 -0400
committerJulie Qiu <julieqiu@google.com>Mon Jun 06 13:59:52 2022 +0000
tree29bdceabecf73796d9d1b1740dd3c9863e9fa362
parentf62514f1d796275b30e3772a17e56b9c6d51b8d7 [diff]
client: update documentation

The documentation is updated to add relevant links and fix typos.

The TODO is moved to https://go.dev/issue/53224.

Change-Id: I2e68312ca4a2ea39a9108d5b43544ac955b902d3
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/410174
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

diff --git a/client/client.go b/client/client.go
index c27556a..facdbd8 100644
--- a/client/client.go
+++ b/client/client.go

@@ -5,31 +5,27 @@
 // Package client provides an interface for accessing vulnerability
 // databases, via either HTTP or local filesystem access.
 //
+// The protocol is described at https://go.dev/security/vulndb/#protocol.
+//
 // The expected database layout is the same for both HTTP and local
-// databases. The database  index is located at the root of the
+// databases. The database index is located at the root of the
 // database, and contains a list of all of the vulnerable modules
 // documented in the databse and the time the most recent vulnerability
-// was added. The index file is called indx.json, and has the
+// was added. The index file is called index.json, and has the
 // following format:
 //
 //	map[string]time.Time (DBIndex)
 //
 // Each vulnerable module is represented by an individual JSON file
 // which contains all of the vulnerabilities in that module. The path
-// for each module file is simply the import path of the module,
-// i.e. vulnerabilities in golang.org/x/crypto are contained in the
-// golang.org/x/crypto.json file. The per-module JSON files have
-// the following format:
-//
-//	[]osv.Entry
+// for each module file is simply the import path of the module.
+// For example, vulnerabilities in golang.org/x/crypto are contained in the
+// golang.org/x/crypto.json file. The per-module JSON files contain a slice of
+// https://pkg.go.dev/golang.org/x/vuln/osv#Entry.
 //
 // A single client.Client can be used to access multiple vulnerability
-// databases. When looking up vulnerable module each database is
+// databases. When looking up vulnerable modules, each database is
 // consulted, and results are merged together.
-//
-// TODO: allow filtering private module, possibly at a database level?
-// (e.g. I may want to use multiple databases, but only lookup a specific
-// module in a subset of them)
 package client
 
 import (