format

package
v1.420.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2025 License: Apache-2.0 Imports: 6 Imported by: 10

Documentation

Index

Constants

View Source
const AUDIT_REQUIREMENT_GROUP_1_DESC = "Audit All"
View Source
const AUDIT_REQUIREMENT_GROUP_1_INDEX = 1
View Source
const AUDIT_REQUIREMENT_GROUP_2_DESC = "Spot Check"
View Source
const AUDIT_REQUIREMENT_GROUP_2_INDEX = 2
View Source
const AUDIT_REQUIREMENT_GROUP_3_DESC = "Optional"
View Source
const AUDIT_REQUIREMENT_GROUP_3_INDEX = 3

Variables

This section is empty.

Functions

func ReadAssessments added in v1.238.0

func ReadAssessments(assessmentFile io.ReadCloser) (*[]Assessment, error)

ReadAssessment loads the assessments and returns their contents

Types

type Artifact added in v1.203.0

type Artifact struct {
	Location SarifLocation `json:"location"`
	Length   int           `json:"length,omitempty"`
	MimeType string        `json:"mimeType,omitempty"`
	Encoding string        `json:"encoding,omitempty"`
}

Artifact These structs are relevant to the artifacts object

type ArtifactLocation

type ArtifactLocation struct {
	URI       string `json:"uri"`
	URIBaseId string `json:"uriBaseId,omitempty"`
	Index     int    `json:"index,omitempty"`
}

ArtifactLocation describing the path of the artifact

type Assessment added in v1.238.0

type Assessment struct {
	Vulnerability string             `json:"vulnerability"`
	Status        AssessmentStatus   `json:"status"`
	Analysis      AssessmentAnalysis `json:"analysis"`
	Purls         []Purl             `json:"purls"`
}

func (Assessment) ToImpactAnalysisResponse added in v1.248.0

func (a Assessment) ToImpactAnalysisResponse() *[]cdx.ImpactAnalysisResponse

func (Assessment) ToImpactAnalysisState added in v1.248.0

func (a Assessment) ToImpactAnalysisState() cdx.ImpactAnalysisState

func (Assessment) ToImpactJustification added in v1.248.0

func (a Assessment) ToImpactJustification() cdx.ImpactAnalysisJustification

type AssessmentAnalysis added in v1.238.0

type AssessmentAnalysis string
const (
	WaitingForFix         AssessmentAnalysis = "waitingForFix"         //"Waiting for OSS community fix"
	RiskAccepted          AssessmentAnalysis = "riskAccepted"          //"Risk Accepted"
	NotPresent            AssessmentAnalysis = "notPresent"            //"Affected parts of the OSS library are not present"
	NotUsed               AssessmentAnalysis = "notUsed"               //"Affected parts of the OSS library are not used"
	AssessmentPropagation AssessmentAnalysis = "assessmentPropagation" //"Assessment Propagation"
	FixedByDevTeam        AssessmentAnalysis = "fixedByDevTeam"        //"OSS Component fixed by development team"
	Mitigated             AssessmentAnalysis = "mitigated"             //"Mitigated by the Application"
	WronglyReported       AssessmentAnalysis = "wronglyReported"       //"Wrongly reported CVE"
)

type AssessmentStatus added in v1.238.0

type AssessmentStatus string
const (
	//NotAssessed AssessmentStatus = "notAssessed" //"Not Assessed"
	Relevant    AssessmentStatus = "relevant"    //"Relevant (True Positive)"
	NotRelevant AssessmentStatus = "notRelevant" //"Not Relevant (False Positive)"
	InProcess   AssessmentStatus = "inProcess"   //"In Process"
)

type AutomationDetails added in v1.203.0

type AutomationDetails struct {
	Id string `json:"id"`
}

AutomationDetails These structs are relevant to the automationDetails object

type CodeFlow added in v1.203.0

type CodeFlow struct {
	ThreadFlows []ThreadFlow `json:"threadFlows"`
}

CodeFlow

type ContextRegion added in v1.203.0

type ContextRegion struct {
	StartLine int           `json:"startLine,omitempty"`
	EndLine   int           `json:"endLine,omitempty"`
	Snippet   *SnippetSarif `json:"snippet,omitempty"`
}

ContextRegion provides the context for the finding

type Conversion added in v1.226.0

type Conversion struct {
	Tool       Tool       `json:"tool,omitempty"`
	Invocation Invocation `json:"invocation,omitempty"`
}

Conversion object

type DefaultConfiguration

type DefaultConfiguration struct {
	Properties DefaultProperties `json:"properties,omitempty"`
	Level      string            `json:"level,omitempty"` //This exists in the template, but not sure how it is populated. TODO.
	Enabled    bool              `json:"enabled,omitempty"`
	Rank       float64           `json:"rank,omitempty"`
}

DefaultConfiguration

type DefaultProperties

type DefaultProperties struct {
	DefaultSeverity string `json:"defaultSeverity,omitempty"`
}

DefaultProperties

type Descriptor added in v1.203.0

type Descriptor struct {
	Id string `json:"id"`
}

Descriptor

type Driver

type Driver struct {
	Name                string                `json:"name"`
	Version             string                `json:"version,omitempty"`
	GUID                string                `json:"guid,omitempty"`
	InformationUri      string                `json:"informationUri,omitempty"`
	Rules               []SarifRule           `json:"rules,omitempty"`
	SupportedTaxonomies []SupportedTaxonomies `json:"supportedTaxonomies,omitempty"`
}

Driver meta information for the scan and tool context

type Help

type Help struct {
	Text     string `json:"text,omitempty"`
	Markdown string `json:"markdown,omitempty"`
}

Help provides additional guidance to resolve the finding

type Invocation added in v1.226.0

type Invocation struct {
	CommandLine                string                       `json:"commandLine,omitempty"`
	StartTimeUtc               string                       `json:"startTimeUtc,omitempty"`
	ToolExecutionNotifications []ToolExecutionNotifications `json:"toolExecutionNotifications,omitempty"`
	ExecutionSuccessful        bool                         `json:"executionSuccessful"`
	Machine                    string                       `json:"machine,omitempty"`
	Account                    string                       `json:"account,omitempty"`
	Properties                 *InvocationProperties        `json:"properties,omitempty"`
}

Invocation These structs are relevant to the Invocation object

type InvocationProperties added in v1.203.0

type InvocationProperties struct {
	Platform string `json:"platform"`
}

InvocationProperties

type Location

type Location struct {
	PhysicalLocation PhysicalLocation `json:"physicalLocation"`
	Message          *Message         `json:"message,omitempty"`
}

Location of the finding

type Locations added in v1.203.0

type Locations struct {
	Location *Location `json:"location,omitempty"`
	Kinds    []string  `json:"kinds,omitempty"`
	Index    int       `json:"index,omitempty"`
}

Locations

type LogicalLocation

type LogicalLocation struct {
	FullyQualifiedName string `json:"fullyQualifiedName"`
}

LogicalLocation of the finding

type Message

type Message struct {
	Text string `json:"text,omitempty"`
}

Message to detail the finding

type OriginalUriBaseIds added in v1.203.0

type OriginalUriBaseIds struct {
	SrcRoot SrcRoot `json:"%SRCROOT%"`
}

OriginalUriBaseIds These structs are relevant to the originalUriBaseIds object

type ParseError added in v1.238.0

type ParseError struct {
	// contains filtered or unexported fields
}

ParseError defines an error type for assessment file parsing errors

func NewParseError added in v1.238.0

func NewParseError(message string) *ParseError

NewParseError creates a new ParseError

func (*ParseError) Error added in v1.238.0

func (e *ParseError) Error() string

Error returns the message of the ParseError

type PartialFingerprints added in v1.221.0

type PartialFingerprints struct {
	FortifyInstanceID       string `json:"fortifyInstanceID,omitempty"`
	CheckmarxSimilarityID   string `json:"checkmarxSimilarityID,omitempty"`
	PrimaryLocationLineHash string `json:"primaryLocationLineHash,omitempty"`
	PackageURLPlusCVEHash   string `json:"packageUrlPlusCveHash,omitempty"`
}

PartialFingerprints

type PhysicalLocation added in v1.203.0

type PhysicalLocation struct {
	ArtifactLocation ArtifactLocation  `json:"artifactLocation"`
	Region           Region            `json:"region"`
	ContextRegion    *ContextRegion    `json:"contextRegion,omitempty"`
	LogicalLocations []LogicalLocation `json:"logicalLocations,omitempty"`
}

PhysicalLocation

type Purl added in v1.238.0

type Purl struct {
	Purl string `json:"purl"`
}

func (Purl) ToPackageUrl added in v1.238.0

func (p Purl) ToPackageUrl() (packageurl.PackageURL, error)

type Region

type Region struct {
	StartLine   int           `json:"startLine,omitempty"`
	StartColumn int           `json:"startColumn,omitempty"`
	EndLine     int           `json:"endLine,omitempty"`
	EndColumn   int           `json:"endColumn,omitempty"`
	ByteOffset  int           `json:"byteOffset,omitempty"`
	ByteLength  int           `json:"byteLength,omitempty"`
	Snippet     *SnippetSarif `json:"snippet,omitempty"`
}

Region where the finding was detected

type RelatedLocation added in v1.203.0

type RelatedLocation struct {
	ID               int                     `json:"id"`
	PhysicalLocation RelatedPhysicalLocation `json:"physicalLocation"`
}

RelatedLocation

type RelatedPhysicalLocation added in v1.203.0

type RelatedPhysicalLocation struct {
	ArtifactLocation ArtifactLocation `json:"artifactLocation"`
	Region           RelatedRegion    `json:"region"`
}

RelatedPhysicalLocation

type RelatedRegion added in v1.203.0

type RelatedRegion struct {
	StartLine   int `json:"startLine,omitempty"`
	StartColumn int `json:"startColumn,omitempty"`
}

RelatedRegion

type Relationships

type Relationships struct {
	Target Target   `json:"target"`
	Kinds  []string `json:"kinds"`
}

Relationships

type Results

type Results struct {
	RuleID              string              `json:"ruleId"`
	RuleIndex           int                 `json:"ruleIndex,omitempty"`
	Kind                string              `json:"kind,omitempty"`
	Level               string              `json:"level,omitempty"`
	Message             *Message            `json:"message,omitempty"`
	AnalysisTarget      *ArtifactLocation   `json:"analysisTarget,omitempty"`
	Locations           []Location          `json:"locations,omitempty"`
	CodeFlows           []CodeFlow          `json:"codeFlows,omitempty"`
	RelatedLocations    []RelatedLocation   `json:"relatedLocations,omitempty"`
	PartialFingerprints PartialFingerprints `json:"partialFingerprints,omitempty"`
	Properties          *SarifProperties    `json:"properties,omitempty"`
}

Results these structs are relevant to the Results object

type Runs

type Runs struct {
	Results             []Results           `json:"results"`
	Tool                Tool                `json:"tool"`
	Invocations         []Invocation        `json:"invocations,omitempty"`
	OriginalUriBaseIds  *OriginalUriBaseIds `json:"originalUriBaseIds,omitempty"`
	Artifacts           []Artifact          `json:"artifacts,omitempty"`
	AutomationDetails   *AutomationDetails  `json:"automationDetails,omitempty"`
	ColumnKind          string              `json:"columnKind,omitempty" default:"utf16CodeUnits"`
	ThreadFlowLocations []Locations         `json:"threadFlowLocations,omitempty"`
	Taxonomies          []Taxonomies        `json:"taxonomies,omitempty"`
	Conversion          *Conversion         `json:"conversion,omitempty"`
}

Runs of a Tool and related Results

type SARIF

type SARIF struct {
	Schema  string `json:"$schema" default:"https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json"`
	Version string `json:"version" default:"2.1.0"`
	Runs    []Runs `json:"runs"`
}

SARIF format related JSON structs

type SarifLocation added in v1.203.0

type SarifLocation struct {
	Uri       string `json:"uri"`
	UriBaseId string `json:"uriBaseId"`
}

SarifLocation

type SarifProperties

type SarifProperties struct {
	// common
	RuleGUID              string  `json:"ruleGUID,omitempty"`
	InstanceID            string  `json:"instanceID,omitempty"`
	Audited               bool    `json:"audited"`
	ToolSeverity          string  `json:"toolSeverity"`
	ToolSeverityIndex     int     `json:"toolSeverityIndex"`
	ToolState             string  `json:"toolState"`
	ToolStateIndex        int     `json:"toolStateIndex"`
	ToolAuditMessage      string  `json:"toolAuditMessage"`
	UnifiedAuditState     string  `json:"unifiedAuditState,omitempty"`
	UnifiedSeverity       string  `json:"unifiedSeverity,omitempty"`
	UnifiedCriticality    float32 `json:"unifiedCriticality,omitempty"`
	UnifiedAuditUser      string  `json:"unifiedAuditUser,omitempty"`
	AuditRequirement      string  `json:"auditRequirement"`
	AuditRequirementIndex int     `json:"auditRequirementIndex"`

	// specific
	InstanceSeverity      string `json:"instanceSeverity"`
	Confidence            string `json:"confidence"`
	FortifyCategory       string `json:"fortifyCategory"`
	CheckmarxSimilarityID string `json:"checkmarxSimilarityID"`
}

SarifProperties adding additional information/context to the finding

type SarifRule

type SarifRule struct {
	ID                   string                `json:"id"`
	GUID                 string                `json:"guid,omitempty"`
	Name                 string                `json:"name,omitempty"`
	ShortDescription     *Message              `json:"shortDescription,omitempty"`
	FullDescription      *Message              `json:"fullDescription,omitempty"`
	DefaultConfiguration *DefaultConfiguration `json:"defaultConfiguration,omitempty"`
	HelpURI              string                `json:"helpUri,omitempty"`
	Help                 *Help                 `json:"help,omitempty"`
	Relationships        []Relationships       `json:"relationships,omitempty"`
	Properties           *SarifRuleProperties  `json:"properties,omitempty"`
}

SarifRule related rule use to identify the finding

type SarifRuleProperties

type SarifRuleProperties struct {
	Accuracy         string   `json:"accuracy,omitempty"`
	Impact           string   `json:"impact,omitempty"`
	Probability      string   `json:"probability,omitempty"`
	Tags             []string `json:"tags,omitempty"`
	Precision        string   `json:"precision,omitempty"`
	SecuritySeverity string   `json:"security-severity,omitempty"` //used by GHAS to defined the tag (low,medium,high)
}

SarifRuleProperties

type SnippetSarif added in v1.203.0

type SnippetSarif struct {
	Text string `json:"text"`
}

SnippetSarif holds the code snippet where the finding appears

type SrcRoot added in v1.203.0

type SrcRoot struct {
	Uri string `json:"uri"`
}

SrcRoot

type SupportedTaxonomies

type SupportedTaxonomies struct {
	Name  string `json:"name"`
	Index int    `json:"index"`
	Guid  string `json:"guid"`
}

SupportedTaxonomies

type Target

type Target struct {
	Id            string        `json:"id"`
	ToolComponent ToolComponent `json:"toolComponent"`
}

Target

type Taxa added in v1.203.0

type Taxa struct {
	Id string `json:"id"`
}

Taxa

type Taxonomies added in v1.203.0

type Taxonomies struct {
	GUID             string  `json:"guid,omitempty"`
	Name             string  `json:"name"`
	Organization     string  `json:"organization"`
	ShortDescription Message `json:"shortDescription"`
	Taxa             []Taxa  `json:"taxa"`
}

Taxonomies These structs are relevant to the taxonomies object

type ThreadFlow added in v1.203.0

type ThreadFlow struct {
	Locations []Locations `json:"locations"`
}

ThreadFlow

type Tool

type Tool struct {
	Driver     Driver   `json:"driver"`
	Extensions []Driver `json:"extensions,omitempty"`
}

Tool these structs are relevant to the Tool object

type ToolComponent

type ToolComponent struct {
	Name string `json:"name"`
	Guid string `json:"guid"`
}

ToolComponent

type ToolExecutionNotifications added in v1.203.0

type ToolExecutionNotifications struct {
	Message    Message    `json:"message"`
	Descriptor Descriptor `json:"descriptor"`
}

ToolExecutionNotifications

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL