model

package
v1.7.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 29, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AsffRecommendation added in v1.5.0

type AsffRecommendation struct {
	Text string
}

AsffRecommendation includes the recommendation to avoid the finding

type AwsAccountInfo added in v1.5.0

type AwsAccountInfo struct {
	AwsAccountID string
	AwsRegion    string
}

AwsAccountInfo contains all the relevant information of the user AWS account

type AwsSecurityFinding added in v1.5.0

type AwsSecurityFinding struct {
	AwsAccountID  string `json:"AwsAccountId"`
	Compliance    Compliance
	CreatedAt     string
	Description   string
	GeneratorID   string `json:"GeneratorId"`
	ID            string `json:"Id"`
	ProductArn    string
	Remediation   Remediation
	Resources     []Resource
	SchemaVersion string
	Severity      Severity
	Title         string
	Types         []string
	UpdatedAt     string
	CWE           string
}

AwsSecurityFinding contains all the relevant information to build a finding

func BuildASFF added in v1.5.0

func BuildASFF(summary *model.Summary) []AwsSecurityFinding

BuildASFF builds the ASFF report

type CSVReport added in v1.5.5

type CSVReport struct {
	QueryName                   string `csv:"query_name"`
	QueryID                     string `csv:"query_id"`
	QueryURI                    string `csv:"query_uri"`
	Severity                    string `csv:"severity"`
	Platform                    string `csv:"platform"`
	CWE                         string `csv:"cwe,omitempty"`
	CloudProvider               string `csv:"cloud_provider"`
	Category                    string `csv:"category"`
	DescriptionID               string `csv:"description_id"`
	Description                 string `csv:"description"`
	CISDescriptionIDFormatted   string `csv:"cis_description_id"`
	CISDescriptionTitle         string `csv:"cis_description_title"`
	CISDescriptionTextFormatted string `csv:"cis_description_text"`
	FileName                    string `csv:"file_name"`
	SimilarityID                string `csv:"similarity_id"`
	Line                        int    `csv:"line"`
	IssueType                   string `csv:"issue_type"`
	SearchKey                   string `csv:"search_key"`
	SearchLine                  int    `csv:"search_line"`
	SearchValue                 string `csv:"search_value"`
	ExpectedValue               string `csv:"expected_value"`
	ActualValue                 string `csv:"actual_value"`
}

CSVReport struct contains all the info to create the csv report

func BuildCSVReport added in v1.5.5

func BuildCSVReport(summary *model.Summary) []CSVReport

BuildCSVReport builds the CSV report

type CodeClimateReport added in v1.5.7

type CodeClimateReport struct {
	Type        string   `json:"type"`
	CheckName   string   `json:"check_name"`
	CWE         string   `json:"cwe,omitempty"`
	Description string   `json:"description"`
	Categories  []string `json:"categories"`
	Location    location `json:"location"`
	Severity    string   `json:"severity"`
	Fingerprint string   `json:"fingerprint"`
}

CodeClimateReport struct contains all the info to create the code climate report

func BuildCodeClimateReport added in v1.5.7

func BuildCodeClimateReport(summary *model.Summary) []CodeClimateReport

BuildCodeClimateReport builds the code climate report

type Compliance added in v1.5.0

type Compliance struct {
	Status string
}

Compliance contains the status of the finding

type Component added in v1.4.9

type Component struct {
	// component tag information
	Type   string `xml:"type,attr"`
	BomRef string `xml:"bom-ref,attr"`

	// component body information
	Name            string          `xml:"name"`
	Version         string          `xml:"version"`
	Hashes          []Hash          `xml:"hashes>hash"`
	Purl            string          `xml:"purl"`
	Vulnerabilities []Vulnerability `xml:"v:vulnerabilities>v:vulnerability"`
}

Component includes the CycloneDX component structure properties considered relevant

type Components added in v1.4.9

type Components struct {
	Components []Component `xml:"component"`
}

Components is a list of components

type CycloneDxReport added in v1.4.9

type CycloneDxReport struct {
	XMLName xml.Name `xml:"bom"`

	// bom tag information
	XMLNS        string `xml:"xmlns,attr"`
	SerialNumber string `xml:"serialNumber,attr"`
	XMLNSV       string `xml:"xmlns:v,attr"`
	Version      int    `xml:"version,attr"`

	// bom body information
	Metadata   *Metadata  `xml:"metadata"`
	Components Components `xml:"components"`
}

CycloneDxReport includes all the properties considered relevant for the CycloneDX Report

func BuildCycloneDxReport added in v1.4.9

func BuildCycloneDxReport(summary *model.Summary, filePaths map[string]string) *CycloneDxReport

BuildCycloneDxReport builds the CycloneDX report

func InitCycloneDxReport added in v1.4.9

func InitCycloneDxReport() *CycloneDxReport

InitCycloneDxReport inits the CycloneDx report with no components (consequently, no vulnerabilities)

type GitlabSASTReport

type GitlabSASTReport interface {
	BuildGitlabSASTVulnerability(issue *model.QueryResult, file *model.VulnerableFile)
}

GitlabSASTReport represents a usable gitlab sast report reference

func NewGitlabSASTReport

func NewGitlabSASTReport(start, end time.Time) GitlabSASTReport

NewGitlabSASTReport initializes a new instance of GitlabSASTReport to be used

type Hash added in v1.4.9

type Hash struct {
	Alg     string `xml:"alg,attr"`
	Content string `xml:",chardata"`
}

Hash includes the algorithm used in the HASH function and the output of it (content)

type Issue added in v1.4.8

type Issue struct {
	EngineID           string      `json:"engineId"`
	RuleID             string      `json:"ruleId"`
	Severity           string      `json:"severity"`
	CWE                string      `json:"cwe,omitempty"`
	Type               string      `json:"type"`
	PrimaryLocation    *Location   `json:"primaryLocation"`
	SecondaryLocations []*Location `json:"secondaryLocations,omitempty"`
}

Issue is a single issue for SonarQube Report

type JUnitReport added in v1.4.9

type JUnitReport interface {
	GenerateTestEntry(query *model.QueryResult)
	FinishReport()
}

JUnitReport is a JUnit report representation

func NewJUnitReport added in v1.4.9

func NewJUnitReport(time string) JUnitReport

NewJUnitReport creates a new JUnit report instance

type Location added in v1.4.8

type Location struct {
	Message   string `json:"message"`
	FilePath  string `json:"filePath"`
	TextRange *Range `json:"textRange"`
}

Location is the location for the vulnerability in the SonarQube Report

type Metadata added in v1.4.9

type Metadata struct {
	Timestamp string  `xml:"timestamp"`  // the timestamp when the CycloneDX report is created
	Tools     *[]Tool `xml:"tools>tool"` // array of tools used to create the CycloneDX report
}

Metadata includes the relevant additional information about the CycloneDX report

type Range added in v1.4.8

type Range struct {
	StartLine int `json:"startLine"`
}

Range is the range for the vulnerability in the SonarQube Report

type Rating added in v1.4.9

type Rating struct {
	Severity string `xml:"v:severity"`
	Method   string `xml:"v:method"`
}

Rating includes the severity of the vulnerability and the method used to classify it

type Recommendation added in v1.4.9

type Recommendation struct {
	Recommendation string `xml:""`
}

Recommendation describes how the vulnerability should be avoided

type Remediation added in v1.5.0

type Remediation struct {
	Recommendation AsffRecommendation
}

Remediation contains the recommendation

type Resource added in v1.5.0

type Resource struct {
	ID   string `json:"Id"`
	Type string
}

Resource contains the ID and the type of the target resource

type SarifReport

type SarifReport interface {
	BuildSarifIssue(issue *model.QueryResult) string
	RebuildTaxonomies(cwes []string, guids map[string]string)
	GetGUIDFromRelationships(idx int, cweID string) string
}

SarifReport represents a usable sarif report reference

func NewSarifReport

func NewSarifReport() SarifReport

NewSarifReport creates and start a new sarif report with default values respecting SARIF schema 2.1.0

type SarifRun added in v1.3.3

type SarifRun struct {
	Tool       sarifTool       `json:"tool"`
	Results    []sarifResult   `json:"results"`
	Taxonomies []sarifTaxonomy `json:"taxonomies"`
}

SarifRun - sarifRun is a component of the SARIF report

type Severity added in v1.5.0

type Severity struct {
	Original string
	Label    string
}

Severity contains the original severity (KICS severity) and the label severity (ASFF severity)

type SonarQubeReport added in v1.4.8

type SonarQubeReport struct {
	Issues []Issue `json:"issues"`
}

SonarQubeReport is a list of issues for SonarQube Report

type SonarQubeReportBuilder added in v1.4.8

type SonarQubeReportBuilder struct {
	// contains filtered or unexported fields
}

SonarQubeReportBuilder is the builder for the SonarQubeReport struct

func NewSonarQubeRepory added in v1.4.8

func NewSonarQubeRepory() *SonarQubeReportBuilder

NewSonarQubeRepory creates a new SonarQubeReportBuilder instance

func (*SonarQubeReportBuilder) BuildReport added in v1.4.8

func (s *SonarQubeReportBuilder) BuildReport(summary *model.Summary) *SonarQubeReport

BuildReport builds the SonarQubeReport from the given QueryResults

type Source added in v1.4.9

type Source struct {
	Name string `xml:"name"`
	URL  string `xml:"url"`
}

Source includes information about the origin where the vulnerability was reported

type Tool added in v1.4.9

type Tool struct {
	Vendor  string `xml:"vendor"`
	Name    string `xml:"name"`
	Version string `xml:"version"`
}

Tool includes the information about the tool used to create the CycloneDX report

type Vulnerability added in v1.4.9

type Vulnerability struct {
	// vulnerability tag information
	Ref string `xml:"ref,attr"`

	// vulnerability body information
	ID              string           `xml:"v:id"`
	CWE             string           `xml:"v:cwe"`
	Source          Source           `xml:"v:source"`
	Ratings         []Rating         `xml:"v:ratings>v:rating"`
	Description     string           `xml:"v:description"`
	Recommendations []Recommendation `xml:"v:recommendations>v:recommendation"`
}

Vulnerability includes all the relevant information about the vulnerability

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL