| commit | 2992f259b81505bc4075411a0e423d3936f2deca | [log] [tgz] |
|---|---|---|
| author | Roland Shoemaker <roland@golang.org> | Mon Mar 22 18:34:02 2021 -0700 |
| committer | Filippo Valsorda <valsorda@google.com> | Tue Apr 13 16:18:34 2021 +0200 |
| tree | afc402849a4b523652473f4762e5836b482f6754 | |
| parent | 4d3e0cc221c0c5f3786513bab21b0cfefc0611bf [diff] |
all: use the proxy for report linting Check the proxy to determine valid versions and canonical module import paths. This should provent rogue database entries that do not cleanly apply to real go.mod files. Change-Id: Iea1b531fe5bed7a0825102c6ac877a515f24c0f5 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1032616 Reviewed-by: Roland Shoemaker <bracewell@google.com>
This repository contains a handful of prototypes for the Go vulnerability database, as well as a initial set of vulnerability reports. Some of these packages can probably be coalesced, but for now are easier to work on in a more segmented fashion.
reports contains TOML security reports, the format is described in format.mdreport provides a package for parsing and linting TOML reportsosv provides a package for generating OSV-style JSON vulnerability entries from a report.Reportclient contains a client for accesing HTTP/fs based vulnerability databases, as well as a minimal caching implementationcmd/gendb provides a tool for converting TOML reports into JSON databasecmd/genhtml provides a tool for converting TOML reports into a HTML websitecmd/linter provides a tool for linting individual reportscmd/report2cve provides a tool for converting TOML reports into JSON CVEs