blob: 3c6f41958657de24d1766e49e15e6717b2b3ea61 [file] [log] [blame]
// Copyright 2024 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package idstr provides utilities for working with vulnerability
// identifier strings.
package idstr
import "regexp"
const ghsaStr = `GHSA-[^-]{4}-[^-]{4}-[^-]{4}`
var (
ghsaRE, ghsaStrict = re(ghsaStr)
)
func IsGHSA(s string) bool {
return ghsaStrict.MatchString(s)
}
func FindGHSA(s string) string {
return ghsaRE.FindString(s)
}
const cveStr = `CVE-\d{4}-\d{4,}`
var (
cveRE, cveStrict = re(cveStr)
)
func IsCVE(s string) bool {
return cveStrict.MatchString(s)
}
func FindCVE(s string) string {
return cveRE.FindString(s)
}
const goIDStr = `GO-\d{4}-\d{4,}`
var (
_, goIDStrict = re(goIDStr)
)
func IsGoID(s string) bool {
return goIDStrict.MatchString(s)
}
func re(s string) (*regexp.Regexp, *regexp.Regexp) {
return regexp.MustCompile(s), regexp.MustCompile(`^` + s + `$`)
}
// IsIdentifier returns whether the given ID is a recognized identifier
// (currently, either a GHSA, CVE, or Go ID).
func IsIdentifier(id string) bool {
return IsAliasType(id) || IsGoID(id)
}
// IsAliasType returns whether the given ID is a recognized alias type
// (currently, either a GHSA or CVE).
func IsAliasType(id string) bool {
return IsGHSA(id) || IsCVE(id)
}