golang.org/x/tools/gopls@v0.15.3/internal/vulncheck/types.go (about) 1 // Copyright 2022 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // go:generate go run copier.go 6 7 package vulncheck 8 9 import ( 10 "time" 11 12 gvc "golang.org/x/tools/gopls/internal/vulncheck/govulncheck" 13 "golang.org/x/tools/gopls/internal/vulncheck/osv" 14 ) 15 16 // Result is the result of vulnerability scanning. 17 type Result struct { 18 // Entries contains all vulnerabilities that are called or imported by 19 // the analyzed module. Keys are Entry.IDs. 20 Entries map[string]*osv.Entry 21 // Findings are vulnerabilities found by vulncheck or import-based analysis. 22 // Ordered by the OSV IDs and the package names. 23 Findings []*gvc.Finding 24 25 // Mode contains the source of the vulnerability info. 26 // Clients of the gopls.fetch_vulncheck_result command may need 27 // to interpret the vulnerabilities differently based on the 28 // analysis mode. For example, Vuln without callstack traces 29 // indicate a vulnerability that is not used if the result was 30 // from 'govulncheck' analysis mode. On the other hand, Vuln 31 // without callstack traces just implies the package with the 32 // vulnerability is known to the workspace and we do not know 33 // whether the vulnerable symbols are actually used or not. 34 Mode AnalysisMode `json:",omitempty"` 35 36 // AsOf describes when this Result was computed using govulncheck. 37 // It is valid only with the govulncheck analysis mode. 38 AsOf time.Time `json:",omitempty"` 39 } 40 41 type AnalysisMode string 42 43 const ( 44 ModeInvalid AnalysisMode = "" // zero value 45 ModeGovulncheck AnalysisMode = "govulncheck" 46 ModeImports AnalysisMode = "imports" 47 )