UNPKG

snyk-docker-plugin

Version:

Snyk CLI docker plugin

github.com/snyk/snyk-docker-plugin

snyk/snyk-docker-plugin

63 lines (62 loc) 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import * as depGraph from "@snyk/dep-graph"; import { GoModule } from "./go-module"; import { Elf } from "./types"; /** * GoBinary: Parser for Go compiled binaries * * This class extracts dependency information from Go binaries by reading ELF sections. * It implements two scanning strategies depending on binary characteristics: * - If .gopclntab exists: Extract source files → Map to packages → Report packages * - If .gopclntab missing: Extract modules from .go.buildinfo → Report all modules * * Binary Types: * * 1. Normal Go Binaries (with .gopclntab): * - Built with standard flags * - Contains .gopclntab (Go Program Counter Line Table) section * - .gopclntab maps program counter addresses to source files * * 2. Stripped Go Binaries (without .gopclntab): * - Built with -ldflags='-s -w' flag * - Removes debug symbols, symbol tables (.symtab, .strtab), and .gopclntab * * 3. CGo Go Binaries: * - Built with CGO_ENABLED=1 (calls C code) * - May or may not contain .gopclntab depending on build configuration * * ELF Sections Used: * - .go.buildinfo: Module names, versions, and build information (always present) * - .gopclntab: Source file to package mapping (missing in stripped/some CGo binaries) * */ export declare class GoBinary { name: string; modules: GoModule[]; goVersion: string; private hasPclnTab; constructor(goElfBinary: Elf); depGraph(): Promise<depGraph.DepGraph>; matchFilesToModules(files: string[]): void; } /** * Strips the "go" prefix from a Go version string and validates the format. * Returns the cleaned version (e.g., "1.21.0") or empty string if invalid. * Rejects RC/beta/devel versions since we cannot accurately match vulnerabilities * against pre-release builds. */ export declare function parseGoVersion(rawVersion: string): string; export declare function extractModuleInformation(binary: Elf): [name: string, deps: GoModule[], goVersion: string]; /** * Function finds and returns the Go version and * module version information in the executable binary * @param binary */ export interface RawBuildInfo { goVersion: string; modInfo: string; } export declare function readRawBuildInfo(binary: Elf): RawBuildInfo; export declare function determinePaths(modules: GoModule[], files: string[]): { modCachePath: string; vendorPath: string; };