feat: create osvschema go bindings package (#292)

This migrates some of the "schema" based types that currently live in `osv-scanner` over to here since they're related to the underlying OSV schema rather than the scanner specifically. Notably to help avoid dependency cycles we now have a dedicated `constants` package whose sole responsibility is to house types and constants for representing enums defined in the schema with no logic whatsoever; this will ensure that this package is always a leaf in the dependency tree, preventing circular dependencies in libraries (which notably we have now in the current `osv-scanner/models` package). This also introduces an `ecosystem` package which houses our concept of an parsed ecosystem as implicitly defined in the spec - that is, a struct made up of an ecosystem name and an optional suffix. Note the underlying `Ecosystem` type actually lives in `constants` which might seem weird at first but 1. prevents cycles as mentioned above, and 2. avoids the weird `ecosystem.Ecosystem` situation. Currently this is being introduced as a port from `osv-scanner` - the fact that there are missing constants will be addressed in a follow-up pull request, along with other changes such as updating the `validation/schema.json` and (hopefully) creating some automation to help keep everything in sync. --------- Signed-off-by: Gareth Jones <[email protected]>
ossf · Oct 29, 2024 · ad55659 · ad55659
1 parent 275b34b
commit ad55659
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 1 deletion.
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -17,10 +17,30 @@ concurrency:
 permissions: {}
 
 jobs:
+  tests_osv-go:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+    name: Run `bindings/go` unit tests
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./bindings/go
+    steps:
+      - name: Check out code
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        with:
+          persist-credentials: false
+      - name: Set up Go
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: stable
+          check-latest: true
+
+      - run: go test ./...
   tests_osv-linter:
     permissions:
       contents: read # to fetch code (actions/checkout)
-    name: Run unit tests
+    name: Run `osv-linter` unit tests
     runs-on: ubuntu-latest
     defaults:
       run:

diff --git a/bindings/go/go.mod b/bindings/go/go.mod
@@ -0,0 +1,3 @@
+module github.com/ossf/osv-schema/bindings/go
+
+go 1.22.7
diff --git a/bindings/go/osvschema/constants.go b/bindings/go/osvschema/constants.go
@@ -0,0 +1,78 @@
+package osvschema
+
+type Ecosystem string
+
+const (
+	EcosystemAlmaLinux     Ecosystem = "AlmaLinux"
+	EcosystemAlpine        Ecosystem = "Alpine"
+	EcosystemAndroid       Ecosystem = "Android"
+	EcosystemBioconductor  Ecosystem = "Bioconductor"
+	EcosystemBitnami       Ecosystem = "Bitnami"
+	EcosystemConanCenter   Ecosystem = "ConanCenter"
+	EcosystemCRAN          Ecosystem = "CRAN"
+	EcosystemCratesIO      Ecosystem = "crates.io"
+	EcosystemDebian        Ecosystem = "Debian"
+	EcosystemGitHubActions Ecosystem = "GitHub Actions"
+	EcosystemGo            Ecosystem = "Go"
+	EcosystemHex           Ecosystem = "Hex"
+	EcosystemLinux         Ecosystem = "Linux"
+	EcosystemMaven         Ecosystem = "Maven"
+	EcosystemNPM           Ecosystem = "npm"
+	EcosystemNuGet         Ecosystem = "NuGet"
+	EcosystemOSSFuzz       Ecosystem = "OSS-Fuzz"
+	EcosystemPackagist     Ecosystem = "Packagist"
+	EcosystemPhotonOS      Ecosystem = "Photon OS"
+	EcosystemPub           Ecosystem = "Pub"
+	EcosystemPyPI          Ecosystem = "PyPI"
+	EcosystemRedHat        Ecosystem = "Red Hat"
+	EcosystemRockyLinux    Ecosystem = "Rocky Linux"
+	EcosystemRubyGems      Ecosystem = "RubyGems"
+	EcosystemSwiftURL      Ecosystem = "SwiftURL"
+	EcosystemUbuntu        Ecosystem = "Ubuntu"
+)
+
+type SeverityType string
+
+const (
+	SeverityCVSSV2 SeverityType = "CVSS_V2"
+	SeverityCVSSV3 SeverityType = "CVSS_V3"
+	SeverityCVSSV4 SeverityType = "CVSS_V4"
+)
+
+type RangeType string
+
+const (
+	RangeSemVer    RangeType = "SEMVER"
+	RangeEcosystem RangeType = "ECOSYSTEM"
+	RangeGit       RangeType = "GIT"
+)
+
+type ReferenceType string
+
+const (
+	ReferenceAdvisory   ReferenceType = "ADVISORY"
+	ReferenceArticle    ReferenceType = "ARTICLE"
+	ReferenceDetection  ReferenceType = "DETECTION"
+	ReferenceDiscussion ReferenceType = "DISCUSSION"
+	ReferenceReport     ReferenceType = "REPORT"
+	ReferenceFix        ReferenceType = "FIX"
+	ReferenceIntroduced ReferenceType = "INTRODUCED"
+	ReferencePackage    ReferenceType = "PACKAGE"
+	ReferenceEvidence   ReferenceType = "EVIDENCE"
+	ReferenceWeb        ReferenceType = "WEB"
+)
+
+type CreditType string
+
+const (
+	CreditFinder               CreditType = "FINDER"
+	CreditReporter             CreditType = "REPORTER"
+	CreditAnalyst              CreditType = "ANALYST"
+	CreditCoordinator          CreditType = "COORDINATOR"
+	CreditRemediationDeveloper CreditType = "REMEDIATION_DEVELOPER" //nolint:gosec
+	CreditRemediationReviewer  CreditType = "REMEDIATION_REVIEWER"  //nolint:gosec
+	CreditRemediationVerifier  CreditType = "REMEDIATION_VERIFIER"  //nolint:gosec
+	CreditTool                 CreditType = "TOOL"
+	CreditSponsor              CreditType = "SPONSOR"
+	CreditOther                CreditType = "OTHER"
+)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		module github.com/ossf/osv-schema/bindings/go

		go 1.22.7