vex

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 12, 2022 License: Apache-2.0 Imports: 10 Imported by: 4

Documentation

Overview

Copyright 2022 Chainguard, Inc. SPDX-License-Identifier: Apache-2.0

Index

Constants

View Source 
const (

	// MIME type to record in the attestations
	MimeType = "text/vex"

	// Impact Statement constants
	StatusNotAffected        Status = "not_affected"
	StatusAffected           Status = "affected"
	StatusFixed              Status = "fixed"
	StatusUnderInvestigation Status = "under_investigation"

	// Justification constants
	ComponentNotPresent                         Justification = "component_not_present"
	VulnerableCodeNotPresent                    Justification = "vulnerable_code_not_present"
	VulnerableCodeNotInExecutePath              Justification = "vulnerable_code_not_in_execute_path"
	VulnerableCodeCannotBeControlledByAdversary Justification = "vulnerable_code_cannot_be_controlled_by_adversary"
	InlineMitigationsAlreadyExist               Justification = "inline_mitigations_already_exist"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Justification 

type Justification string

type Metadata 

type Metadata struct {
	ID                 string    `json:"id"`                // Identifier string for the VEX document
	Format             string    `json:"format"`            // VEX Format Identifier
	Author             string    `json:"author"`            // Document author
	AuthorRole         string    `json:"role"`              // Role of author
	ProductIdentifiers []string  `json:"product,omitempty"` // For spec completeness
	Timestamp          time.Time `json:"timestamp"`
}

type Statement 

type Statement struct {
	Vulnerability   string                   `json:"vulnerability"`
	Status          Status                   `json:"impact"`
	Justification   Justification            `json:"justification,omitempty"`
	ActionStatement string                   `json:"action_statement,omitempty"` // Required if status = AFFECTED
	References      []VulnerabilityReference `json:"references,omitempty"`       // Optional list
}

Statement

type Status 

type Status string

func StatusFromCSAF 

func StatusFromCSAF(csafStatus string) Status

StatusFromCSAF returns a vex status from the CSAF status

type VEX 

type VEX struct {
	Metadata
	Statements []Statement `json:"statements"`
}

func New 

func New() VEX

func OpenCSAF 

func OpenCSAF(path string, products []string) (*VEX, error)

OpenCSAF opens a CSAF document and builds a vex object from it

func OpenJSON 

func OpenJSON(path string) (*VEX, error)

OpenJSON opens a vex file in json format

func OpenYAML 

func OpenYAML(path string) (*VEX, error)

func Sort 

func Sort(docs []*VEX) []*VEX

Sort sorts a bunch of documents based on their date. VEXes should be applied sequentially in chronogical order as they capture knowledge about an artifact as it changes over time.

func (*VEX) StatementFromID 

func (vexDoc *VEX) StatementFromID(id string) *Statement

StatementFromID Returns a statement for a given vulnerability if there is one

func (*VEX) ToJSON 

func (vexDoc *VEX) ToJSON(w io.Writer) error

ToJSON serializes the VEX document to JSON and writes it to the passed writer

type VulnerabilityReference 

type VulnerabilityReference struct {
	RefType   string `json:"type"` // URL, OSV, FEDORA, etc
	Reference string `reference:"ref"`
}

VulnerabilityReference captures other identifier assinged to the CVE

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.