api

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 31, 2022 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Assets discovered by Redcon.
	DiscoveredAssetsGroupName = "security-team-discovered-assets"
	// Assets discovered by the Common Platform.
	CPDiscoveredAssetsGroupName = "cp-discovered-assets"
	WebScanningAssetsGroupName  = "web-scanning"
)
View Source
const DiscoveredAssetsGroupSuffix = "-discovered-assets"

DiscoveredAssetsGroupSuffix is used by the Merge Discovered Assets feature to restrict the discovery onboarding to Groups with a name containing that suffix.

Variables

View Source
var (
	// ErrInvalidProgramGroupPolicy is returned when any of the groups of
	// policies in a program does not have
	ErrInvalidProgramGroupPolicy = errors.New("the program must have, at least, one asset and one checktype")

	// ErrNoProgramsGroupsPolicies is returned when there are any policy group
	// with, at least, one asset and checktype.
	ErrNoProgramsGroupsPolicies = errors.New("no PoliciesGroups defined in the current program")
)
View Source
var DefaultROLFP = &ROLFP{
	Reputation: 1,
	Operation:  1,
	Legal:      1,
	Financial:  1,
	Personal:   1,
	Scope:      2,
	IsEmpty:    false,
}
View Source
var ErrROLFPInvalidText = "invalid ROLFP representation"

Functions

func ContextWithUser

func ContextWithUser(ctx context.Context, u User) context.Context

func ValidAssetType

func ValidAssetType(assetTypeName string) bool

ValidAssetType indicates if the asset type name exists in Vulcan.

Types

type Asset

type Asset struct {
	ID                string             `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	TeamID            string             `json:"team_id" validate:"required"`
	Team              *Team              `json:"team,omitempty"` // This line is infered from column name "team_id".
	AssetTypeID       string             `json:"asset_type_id" validate:"required"`
	AssetType         *AssetType         `json:"asset_type"` // This line is infered from column name "asset_type_id".
	Identifier        string             `json:"identifier" validate:"required"`
	Alias             string             `json:"alias"`
	Options           *string            `json:"options"`
	EnvironmentalCVSS *string            `json:"environmental_cvss"`
	ROLFP             *ROLFP             `json:"rolfp" sql:"DEFAULT:'R:1/O:1/L:1/F:1/P:1+S:2'"`
	Scannable         *bool              `json:"scannable" gorm:"default:true"`
	AssetGroups       []*AssetGroup      `json:"groups"`      // This line is infered from other tables.
	AssetAnnotations  []*AssetAnnotation `json:"annotations"` // This line is infered from other tables.
	CreatedAt         time.Time          `json:"-"`
	UpdatedAt         time.Time          `json:"-"`
	ClassifiedAt      *time.Time         `json:"classified_at"`
}

func (Asset) ToResponse

func (a Asset) ToResponse() AssetResponse

func (Asset) Validate

func (a Asset) Validate() error

type AssetAnnotation

type AssetAnnotation struct {
	AssetID   string    `gorm:"primary_key" json:"asset_id" validate:"required"`
	Asset     *Asset    `json:"asset"` // This line is infered from column name "asset_id".
	Key       string    `gorm:"primary_key" json:"key" validate:"required"`
	Value     string    `json:"value"`
	CreatedAt time.Time `json:"-"`
	UpdatedAt time.Time `json:"-"`
}

func (AssetAnnotation) Validate

func (an AssetAnnotation) Validate() error

type AssetAnnotations

type AssetAnnotations []*AssetAnnotation

func (AssetAnnotations) ToMap

func (AssetAnnotations) ToResponse

func (ans AssetAnnotations) ToResponse() AssetAnnotationsResponse

type AssetAnnotationsMap

type AssetAnnotationsMap map[string]string

func (AssetAnnotationsMap) Matches

func (ans AssetAnnotationsMap) Matches(annotations AssetAnnotationsMap, prefix string) bool

Matches returns true if the current object exactly matches (both key and value) the asset annotation map passed as parameter. If a prefix is specified, only the keys matching the prefix are evaluated

func (AssetAnnotationsMap) Merge

func (ans AssetAnnotationsMap) Merge(annotations AssetAnnotationsMap, prefix string) AssetAnnotationsMap

Merge takes an annotation map as input and merges it into the "base" annotation map, giving priority to the values of the former. If a prefix is specified, elements from the "base" map whose keys match the prefix are discarded

func (AssetAnnotationsMap) ToModel

func (anm AssetAnnotationsMap) ToModel() AssetAnnotations

type AssetAnnotationsResponse

type AssetAnnotationsResponse struct {
	Annotations AssetAnnotationsMap `json:"annotations"`
}

type AssetCreationResponse

type AssetCreationResponse struct {
	ID                string            `json:"id,omitempty"`
	Identifier        string            `json:"identifier"`
	AssetType         AssetTypeResponse `json:"type"` // This line is infered from column name "asset_type_id".
	Alias             string            `json:"alias"`
	Options           *string           `json:"options"`
	EnvironmentalCVSS *string           `json:"environmental_cvss"`
	ROLFP             *ROLFP            `json:"rolfp"`
	Scannable         *bool             `json:"scannable"`
	ClassifiedAt      *time.Time        `json:"classified_at"`
	Status            interface{}       `json:"status,omitempty"`
}

type AssetGroup

type AssetGroup struct {
	AssetID   string    `gorm:"primary_key;AUTO_INCREMENT" json:"asset_id" validate:"required"`
	Asset     *Asset    `json:"asset"` // This line is infered from column name "asset_id".
	GroupID   string    `gorm:"primary_key;AUTO_INCREMENT" json:"group_id" validate:"required"`
	Group     *Group    `json:"group"` // This line is infered from column name "group_id".
	CreatedAt time.Time `json:"-"`
	UpdatedAt time.Time `json:"-"`
}

func (AssetGroup) TableName

func (AssetGroup) TableName() string

Overwrite gorm default pluralized table name convention

func (AssetGroup) ToResponse

func (ag AssetGroup) ToResponse() AssetGroupResponse

func (AssetGroup) Validate

func (ag AssetGroup) Validate() error

type AssetGroupResponse

type AssetGroupResponse struct {
	Asset AssetResponse `json:"asset"`
	Group GroupResponse `json:"group"`
}

type AssetMergeOperations

type AssetMergeOperations struct {
	// Create assets that didn't exist yet in the team.
	Create []Asset
	// Associate already existing asset to the discovery group.
	Assoc []Asset
	// Update assets that were already existing (e.g. the scannable field or
	// the annotations)
	Update []Asset
	// Deassociate assets that haven't been discovered in the current discovery
	// operation, but that belong to other groups.
	Deassoc []Asset
	// Delete assets that haven't been discovered in the current discovery
	// operation and do not belong to other groups.
	Del []Asset

	// The team where the operations will be performed.
	TeamID string
	// The discovery group.
	Group Group
}

AssetMergeOperations defines a set of operations to perform when merging a list of assets requested by a discovery service.

type AssetResponse

type AssetResponse struct {
	ID                string              `json:"id"`
	AssetType         AssetTypeResponse   `json:"type"` // This line is infered from column name "asset_type_id".
	Identifier        string              `json:"identifier"`
	Alias             string              `json:"alias"`
	Options           *string             `json:"options"`
	EnvironmentalCVSS *string             `json:"environmental_cvss"`
	ROLFP             *ROLFP              `json:"rolfp"`
	Scannable         *bool               `json:"scannable"`
	ClassifiedAt      *time.Time          `json:"classified_at"`
	Groups            []*GroupResponse    `json:"groups"`
	Annotations       AssetAnnotationsMap `json:"annotations"`
}

type AssetType

type AssetType struct {
	ID     string   `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	Name   string   `json:"name"`
	Assets []*Asset `json:"assets"` // This line is infered from other tables.
}

func (AssetType) ToResponse

func (at AssetType) ToResponse() AssetTypeResponse

type AssetTypeResponse

type AssetTypeResponse struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type AssetsGroupResponse

type AssetsGroupResponse struct {
	Assets []AssetResponse `json:"assets"`
	Group  GroupResponse   `json:"group"`
}

type AuthService

type AuthService interface {
	AuthTenant(ctx context.Context, request interface{}) (tenant interface{}, passThrough bool, err error)
	AuthRol(ctx context.Context, tenant interface{}) (bool, error)
}

AuthService defines the exposed functions of an authorization service.

type ChecktypeSetting

type ChecktypeSetting struct {
	ID            string     `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	PolicyID      string     `json:"policy_id"`
	Policy        *Policy    `json:"policy"` // This line is infered from column name "policy_id".
	CheckTypeName string     `json:"checktype_name"`
	Options       *string    `json:"options"`
	CreatedAt     *time.Time `json:"-"`
	UpdatedAt     *time.Time `json:"-"`
}

func (ChecktypeSetting) ToResponse

func (ChecktypeSetting) Validate

func (c ChecktypeSetting) Validate() error

type ChecktypeSettingResponse

type ChecktypeSettingResponse struct {
	ID            string `json:"id"`
	CheckTypeName string `json:"checktype_name"`
	Options       string `json:"options"`
}

type CreateTarget

type CreateTarget struct {
	Identifier string   `json:"identifier"`
	Teams      []string `json:"teams"`
}

CreateTarget specifies the payload for the vulnerability DB create target endpoint.

type Finding

type Finding struct {
	Finding vulndb.FindingExpanded `json:"finding"`
}

Finding represents the response data returned from the vulnerability DB for the get finding request.

type FindingOverwrite

type FindingOverwrite struct {
	ID             string    `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	UserID         string    `json:"user_id" validate:"required"`
	User           *User     `json:"user,omitempty"` // This line is infered from column name "user_id".
	FindingID      string    `json:"finding_id" validate:"required"`
	StatusPrevious string    `json:"status_previous" validate:"required"`
	Status         string    `json:"status" validate:"required"`
	Notes          string    `json:"notes" validate:"required"`
	TeamID         string    `json:"team_id" validate:"required"`
	CreatedAt      time.Time `json:"-"`
}

func (FindingOverwrite) ToResponse

type FindingOverwriteResponse

type FindingOverwriteResponse struct {
	ID             string    `json:"id"`
	User           string    `json:"user"`
	FindingID      string    `json:"finding_id"`
	StatusPrevious string    `json:"status_previous"`
	Status         string    `json:"status"`
	Notes          string    `json:"notes"`
	TeamID         string    `json:"team_id"`
	CreatedAt      time.Time `json:"created_at"`
}

type FindingsIssuesList

type FindingsIssuesList struct {
	Issues     []vulndb.IssueSummary `json:"issues"`
	Pagination PaginationInfo        `json:"pagination"`
}

FindingsIssuesList represents the response data returned from the vulnerability DB for the issues summary request.

type FindingsLabels

type FindingsLabels struct {
	Labels []string `json:"labels"`
}

FindingsLabels represents the response data returned from the vulnerability DB for the list labels request.

type FindingsList

type FindingsList struct {
	Findings   []vulndb.FindingExpanded `json:"findings"`
	Pagination PaginationInfo           `json:"pagination"`
}

FindingsList represents the response data returned from the vulnerability DB for a findings requests.

type FindingsParams

type FindingsParams struct {
	Team            string
	Status          string
	MinScore        float64
	MaxScore        float64
	AtDate          string
	MinDate         string
	MaxDate         string
	SortBy          string
	IssueID         string
	TargetID        string
	Identifier      string
	IdentifierMatch bool
	Identifiers     string
	Labels          string
}

FindingsParams represents the group of parameters that can be used to customize the call to retrieve the list of findings.

type FindingsTargetsList

type FindingsTargetsList struct {
	Targets    []vulndb.TargetSummary `json:"targets"`
	Pagination PaginationInfo         `json:"pagination"`
}

FindingsTargetsList represents the response data returned from the vulnerability DB for the targets summary request.

type GlobalProgramsMetadata

type GlobalProgramsMetadata struct {
	TeamID    string `gorm:"primary_key"`
	Program   string `gorm:"primary_key"`
	Autosend  *bool
	Disabled  *bool
	Cron      string `gorm:"-" json:"cron"` // A program can have empty cron expression, e.g: a program to be run on demand.
	CreatedAt *time.Time
	UpdatedAt *time.Time
}

GlobalProgramsMetadata defines the shape of the metadata stored per team for a given global program.

type GlobalStatsParams added in v1.1.0

type GlobalStatsParams struct {
	Team        string
	Teams       string
	MinDate     string
	MaxDate     string
	AtDate      string
	MinScore    float64
	MaxScore    float64
	Identifiers string
	Labels      string
}

GlobalStatsParams represents the group of parameters that can be used to customize the call to retrieve the global statistics.

type Group

type Group struct {
	ID          string        `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	TeamID      string        `json:"team_id"`
	Team        *Team         `json:"team"` // This line is infered from column name "team_id".
	Name        string        `json:"name" validate:"required"`
	Options     string        `json:"options"`
	AssetGroup  []*AssetGroup `json:"asset_group"` // This line is infered from other tables.
	Description *string       `json:"description,omitempty"`
	CreatedAt   time.Time     `json:"-"`
	UpdatedAt   time.Time     `json:"-"`
}

func (Group) ToResponse

func (g Group) ToResponse() *GroupResponse

func (Group) Validate

func (g Group) Validate() error

type GroupResponse

type GroupResponse struct {
	ID          string  `json:"id"`
	Name        string  `json:"name"`
	Description *string `json:"description"`
	Options     string  `json:"options"`
	AssetsCount *int    `json:"assets_count,omitempty"`
}

type Healthcheck

type Healthcheck struct {
	Status string `json:"status" validate:"required"`
}

Healthcheck ....

func (Healthcheck) ToResponse

func (h Healthcheck) ToResponse() HealthcheckResponse

ToResponse ...

type HealthcheckResponse

type HealthcheckResponse struct {
	Status string `json:"status"`
}

HealthcheckResponse ...

type Job

type Job struct {
	ID        string `gorm:"primary_key:true"`
	TeamID    string `gorm:"Column:team_id"`
	Operation string `validate:"required"`
	// Status possible values are:
	// - PENDING
	// - RUNNING
	// - DONE
	Status JobStatus  `validate:"required"`
	Result *JobResult `gorm:"Column:result"`

	CreatedAt time.Time
	UpdatedAt time.Time
}

Job contains the status information of an asynchronous operation.

In case of non-global operations it also contains the team ID associated to the operation.

func (Job) ToResponse

func (j Job) ToResponse() *JobResponse

func (Job) Validate

func (j Job) Validate() error

type JobResponse

type JobResponse struct {
	ID        string            `json:"id"`
	TeamID    string            `json:"team_id,omitempty"`
	Operation string            `json:"operation"`
	Status    JobStatus         `json:"status"`
	Result    JobResultResponse `json:"result"`
}

JobResponse represents the data for a Job that is returned as a response to Job queries through the API.

type JobResult

type JobResult struct {
	Data  json.RawMessage `json:"data"`
	Error string          `json:"error"`
}

JobResult represents the result of a job. Data and Error fields are unstructured JSON fields which content may vary per each operation.

func (*JobResult) Scan

func (j *JobResult) Scan(value interface{}) error

Scan scans value into Jsonb, implements sql.Scanner interface. This method is necessary for GORM to known how to receive/save it into the database. Reference: https://gorm.io/docs/data_types.html

func (*JobResult) Value

func (j *JobResult) Value() (driver.Value, error)

Value returns json value, implements driver.Valuer interface. This method is necessary for GORM to known how to receive/save it into the database. Reference: https://gorm.io/docs/data_types.html

type JobResultResponse

type JobResultResponse struct {
	Data  string `json:"data"`
	Error string `json:"error"`
}

type JobStatus

type JobStatus string
const (
	// JobStatusPending defines the status of a pending Job.
	JobStatusPending JobStatus = "PENDING"
	// JobStatusRunning defines the status of a running Job.
	JobStatusRunning JobStatus = "RUNNING"
	// JobStatusDone defines the status of a done Job.
	JobStatusDone JobStatus = "DONE"
)

type JobsClient

type JobsClient interface {
	MergeDiscoveredAssets(ctx context.Context, teamID string, assets []Asset, groupName string) error
	FindJob(ctx context.Context, jobID string) (*Job, error)
	UpdateJob(ctx context.Context, job Job) (*Job, error)
}

JobsClient defines the API service layer methods exposd by the JobsRunner.

type JobsRunner

type JobsRunner struct {
	Client JobsClient
}

JobsRunner is a dependency used by the CDC parser to execute async API jobs, providing a limited access to the API service layer.

type MemberResponse

type MemberResponse struct {
	User UserResponse `json:"user"`
	Role Role         `json:"role"`
}

type Pagination

type Pagination struct {
	Page int `json:"page"`
	Size int `json:"size"`
}

Pagination represents the pagination data requested.

type PaginationInfo

type PaginationInfo struct {
	Limit  int  `json:"limit"`
	Offset int  `json:"offset"`
	Total  int  `json:"total"`
	More   bool `json:"more"`
}

PaginationInfo represents the pagination data provided for each vulnerability DB response.

type Policy

type Policy struct {
	ID                     string                    `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	TeamID                 string                    `json:"team_id"`
	Team                   *Team                     `json:"team"` // This line is infered from other tables.
	Name                   string                    `json:"name" validate:"required"`
	ChecktypeSettings      []*ChecktypeSetting       `json:"checktype_settings"` // This line is infered from other tables.
	ProgramsGroupsPolicies []*ProgramsGroupsPolicies `json:"program_policies"`   // This line is infered from other tables.
	Description            *string                   `json:"description,omitempty"`
	CreatedAt              *time.Time                `json:"-"`
	UpdatedAt              *time.Time                `json:"-"`
}

func (Policy) TableName

func (Policy) TableName() string

func (Policy) ToResponse

func (p Policy) ToResponse() *PolicyResponse

type PolicyGroup

type PolicyGroup struct {
	Group  *GroupResponse  `json:"group"`
	Policy *PolicyResponse `json:"policy"`
}

type PolicyResponse

type PolicyResponse struct {
	ID                     string  `json:"id"`
	Name                   string  `json:"name"`
	Description            *string `json:"description,omitempty"`
	CheckTypeSettingsCount int     `json:"settings_count"`
}

type Program

type Program struct {
	ID                     string `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	TeamID                 string
	Team                   *Team
	ProgramsGroupsPolicies []*ProgramsGroupsPolicies `json:"program_policies" validate:"required"`
	Name                   string                    `json:"name" validate:"required"`
	Cron                   string                    `gorm:"-" json:"cron"` // A program can have empty cron expression, e.g: a program to be run on demand.
	Autosend               *bool                     `json:"autosend"`
	Disabled               *bool                     `json:"disabled"`
	Global                 *bool                     `gorm:"-" json:"global"`
	CreatedAt              *time.Time                `json:"-"`
	UpdatedAt              *time.Time                `json:"-"`
}

func (Program) ToResponse

func (p Program) ToResponse() *ProgramResponse

func (Program) ValidateGroupsPolicies

func (p Program) ValidateGroupsPolicies() error

ValidateGroupsPolicies validates that at least one of the groups policies in a program have, at least, one asset and one checktype.

type ProgramResponse

type ProgramResponse struct {
	ID           string           `json:"id"`
	Name         string           `json:"name"`
	Global       bool             `json:"global"`
	Schedule     ScheduleResponse `json:"schedule"`
	Autosend     bool             `json:"autosend"`
	Disabled     bool             `json:"disabled"`
	PolicyGroups []PolicyGroup    `json:"policy_groups"`
}

type ProgramsGroupsPolicies

type ProgramsGroupsPolicies struct {
	ProgramID string `gorm:"primary_key" json:"program_id" validate:"required"`
	Program   *Program
	PolicyID  string `gorm:"primary_key" json:"policy_id" validate:"required"`
	Policy    *Policy
	GroupID   string `gorm:"primary_key" json:"group_id" validate:"required"`
	Group     *Group
}

ProgramsGroupsPolicies defines the association between a group and a policy in a program.

func (ProgramsGroupsPolicies) Validate

func (p ProgramsGroupsPolicies) Validate() error

Validate that the ProgramsGroupsPolicies have, at least, one asset and one checktype in the groups policies list.

type ROLFP

type ROLFP struct {
	Reputation byte
	Operation  byte
	Legal      byte
	Financial  byte
	Personal   byte
	Scope      byte
	IsEmpty    bool
}

ROLFP stores the vector containing the dimensions we use to classify the impact of an asset.

func (ROLFP) Level

func (r ROLFP) Level() byte

Level return the corresponding level of the ROLFP according to the following rules: Level 0: Accounts meeting none of the ROLFP criteria. Level 1: Accounts meeting 1 or 2 of the ROLFP criteria. Level 2: Accounts either:

Meeting 3 or more of the ROLFP criteria.
With unknown scope, that is scope 2

If the rolfp is empty the level will be 2.

func (ROLFP) MarshalJSON

func (r ROLFP) MarshalJSON() ([]byte, error)

MarshalJSON marshals a ROLFP to JSON.

func (*ROLFP) MarshalText

func (r *ROLFP) MarshalText() (text []byte, err error)

MarshalText marshals the receiver into its text representation.

func (*ROLFP) Scan

func (r *ROLFP) Scan(value interface{}) error

func (ROLFP) String

func (r ROLFP) String() string

String returns the representation of the ROLFP in the form: R:0/O:0/L:0/F:0/P:0+S:0

func (*ROLFP) UnmarshalJSON

func (r *ROLFP) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals a ROLFP encoded in the form: R:0/O:0/L:0/F:0/P:0+S:0.

func (*ROLFP) UnmarshalText

func (r *ROLFP) UnmarshalText(txt []byte) error

UnmarshalText unmarsharls the text representation of a ROLFP into the receiver. The function will override any value stored in the fields of the receiver with the values in the txt param.

func (*ROLFP) Validate

func (r *ROLFP) Validate() error

Validate validates the values stored in the receiver are in the specified range: 0 to 1 for Reputation, Operation, Legal, Financial and Personal 0. range: 0 to 2 for Scope.

func (*ROLFP) Value

func (r *ROLFP) Value() (driver.Value, error)

Value returns the value of the ROLFP encoded to be persisted as a string.

type Recipient

type Recipient struct {
	TeamID    string    `json:"team_id" gorm:"primary_key"`
	Email     string    `json:"email" gorm:"primary_key"`
	CreatedAt time.Time `json:"-"`
	UpdatedAt time.Time `json:"-"`
}

func (Recipient) ToResponse

func (r Recipient) ToResponse() *RecipientResponse

type RecipientResponse

type RecipientResponse struct {
	Email string `json:"email"`
}

type Report

type Report struct {
	ID             string     `json:"id"`
	ScanID         string     `json:"scan_id"`
	ProgramName    string     `json:"program_name"`
	Report         string     `json:"report"`
	ReportJson     string     `json:"report_json"`
	EmailBody      string     `json:"email_body"`
	DeliveredTo    string     `json:"delivered_to"`
	UpdateStatusAt *time.Time `json:"update_status_at"`
	Status         string     `json:"status"`
	Risk           *int       `json:"risk"`
	CreatedAt      *time.Time `json:"-"`
	UpdatedAt      *time.Time `json:"-"`
}

func (Report) ToEmailResponse

func (r Report) ToEmailResponse() *ReportEmailResponse

func (Report) ToResponse

func (r Report) ToResponse() *ReportResponse

type ReportEmailResponse

type ReportEmailResponse struct {
	EmailBody string `json:"email_body"`
}

type ReportResponse

type ReportResponse struct {
	ReportID    string `json:"report_id"`
	ScanID      string `json:"scan_id"`
	ProgramName string `json:"program_name"`
	Report      string `json:"report"`
	ReportJson  string `json:"report_json"`
	Status      string `json:"status"`
	DeliveredTo string `json:"delivered_to"`
	Risk        *int   `json:"risk"`
}

type Role

type Role string
const (
	Owner  Role = "owner"
	Member Role = "member"
)

func (Role) Valid

func (role Role) Valid() bool

type Scan

type Scan struct {
	ID            string     `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	ProgramID     string     `json:"program_id" validate:"required"`
	Program       *Program   `json:"program"`
	ScheduledTime *time.Time `json:"scheduled_time"`
	StartTime     *time.Time `json:"start_time"`
	EndTime       *time.Time `json:"end_time"`
	Progress      *float32   `json:"progress"`
	Status        string     `json:"status"`
	CheckCount    *int       `json:"check_count,omitempty"`
	RequestedBy   string     `json:"requested_by"`
	ReportLink    string     `json:"report_link"`
}

func (Scan) ToResponse

func (s Scan) ToResponse() *ScanResponse

type ScanResponse

type ScanResponse struct {
	ID            string           `json:"id"`
	StartTime     *time.Time       `json:"start_time"`
	Endtime       *time.Time       `json:"end_time"`
	ScheduledTime *time.Time       `json:"scheduled_time"`
	Progress      *float32         `json:"progress"`
	CheckCount    *int             `json:"check_count,omitempty"`
	Status        string           `json:"status"`
	RequestedBy   string           `json:"requested_by"`
	ReportLink    string           `json:"report_link,omitempty"`
	Program       *ProgramResponse `json:"program"`
}

type ScheduleResponse

type ScheduleResponse struct {
	Cron string `json:"cron"`
}

type StatsAssets

type StatsAssets struct {
	Assets vulndb.StatsAssetsSeverity `json:"assets"`
}

StatsAssets represents the stats for assets grouped by severity.

type StatsCoverage

type StatsCoverage struct {
	Coverage float64 `json:"coverage"`
}

type StatsCurrentExposure

type StatsCurrentExposure struct {
	Exposure vulndb.StatsExposure `json:"current_exposure"`
}

StatsCurrentExposure represents the current exposure time stats by different averages.

type StatsExposure

type StatsExposure struct {
	Exposure vulndb.StatsExposure `json:"exposure"`
}

StatsExposure represents the exposure time stats by different averages.

type StatsFixed

type StatsFixed struct {
	FixedIssues vulndb.StatsIssueSeverity `json:"fixed_issues"`
}

StatsFixed represents the stats for fixed issues grouped by severity.

type StatsMTTR

type StatsMTTR struct {
	MTTR vulndb.StatsMTTRSeverity `json:"mttr"`
}

StatsMTTR represents the mean time to remediation stats by issue severity.

type StatsOpen

type StatsOpen struct {
	OpenIssues vulndb.StatsIssueSeverity `json:"open_issues"`
}

StatsOpen represents the stats for open issues grouped by severity.

type StatsParams

type StatsParams struct {
	Team        string
	Teams       string
	MinDate     string
	MaxDate     string
	AtDate      string
	MinScore    float64
	MaxScore    float64
	Identifiers string
	Labels      string
}

StatsParams represents the group of parameters that can be used to customize the call to retrieve the statistics.

type Status

type Status struct {
	Code int `json:"code"`
}

type Target

type Target struct {
	Target vulndb.Target `json:"target"`
}

Target represents the response data returned from the vulnerability DB for the create target request.

type TargetsList

type TargetsList struct {
	Targets    []vulndb.Target `json:"targets"`
	Pagination PaginationInfo  `json:"pagination"`
}

TargetsList represents the response data returned from the vulnerability DB for the targets list request.

type TargetsParams

type TargetsParams struct {
	Team            string
	Identifier      string
	IdentifierMatch bool
}

TargetsParams represents the group of parameters that can be used to customize the call to retrieve the list of targets.

type Team

type Team struct {
	ID          string      `gorm:"primary_key;AUTO_INCREMENT" json:"id" sql:"DEFAULT:gen_random_uuid()"`
	Name        string      `json:"name" validate:"required"`
	Description string      `json:"description"`
	Tag         string      `json:"tag" validate:"required"`
	CreatedAt   *time.Time  `json:"-"`
	UpdatedAt   *time.Time  `json:"-"`
	Assets      []*Asset    `json:"assets"`    // This line is infered from other tables.
	UserTeam    []*UserTeam `json:"user_team"` // This line is infered from other tables.
	Groups      []*Group
}

func (Team) ToResponse

func (t Team) ToResponse() *TeamResponse

type TeamMembersReponse

type TeamMembersReponse struct {
	Team    *TeamResponse    `json:"team"`
	Members []MemberResponse `json:"members"`
}

type TeamResponse

type TeamResponse struct {
	ID          string `json:"id"`
	Name        string `json:"name"`
	Description string `json:"description"`
	Tag         string `json:"tag"`
}

type Token

type Token struct {
	Token        string    `json:"token"`
	Email        string    `json:"email"`
	Hash         string    `json:"hash"`
	CreationTime time.Time `json:"creation_time"`
}

Token represents a personal API token

type UpdateFinding

type UpdateFinding struct {
	Status *string `json:"status"`
}

UpdateFinding represents the payload submitted to update a finding.

type User

type User struct {
	ID        string `gorm:"primary_key:true"`
	Firstname string
	Lastname  string
	Email     string `validate:"required"`
	APIToken  string `gorm:"Column:api_token"`
	Active    *bool  `gorm:"default:true"`
	Admin     *bool  `gorm:"default:false"`
	Observer  *bool  `gorm:"default:false"`
	LastLogin *time.Time
	// A user can belong to multiple teams
	UserTeams []*UserTeam

	CreatedAt time.Time
	UpdatedAt time.Time
}

User ...

func UserFromContext

func UserFromContext(ctx context.Context) (User, error)

func (User) ToResponse

func (u User) ToResponse() *UserResponse

type UserResponse

type UserResponse struct {
	ID        string     `json:"id"`
	Firstname string     `json:"firstname"`
	Lastname  string     `json:"lastname"`
	Email     string     `json:"email"`
	Admin     *bool      `json:"admin"`
	Observer  *bool      `json:"observer"`
	Active    *bool      `json:"active"`
	LastLogin *time.Time `json:"last_login"`
}

type UserStore

type UserStore interface {
	Create(User) (User, error)
	Update(User) (User, error)
	FindByID(string) (User, error)
	FindByEmail(string) (User, error)
}

UserStore contains methods to manage teams in data store

type UserTeam

type UserTeam struct {
	UserID    string    `gorm:"primary_key;AUTO_INCREMENT" json:"user_id" validate:"required"`
	User      *User     `json:"user" validate:"-"`
	TeamID    string    `gorm:"primary_key;AUTO_INCREMENT" json:"team_id" validate:"required"`
	Team      *Team     `json:"team" validate:"-"`
	Role      Role      `json:"role"`
	CreatedAt time.Time `json:"-"`
	UpdatedAt time.Time `json:"-"`
}

UserTeam ...

func (UserTeam) TableName

func (UserTeam) TableName() string

func (UserTeam) ToResponse

func (ut UserTeam) ToResponse() *MemberResponse

type VulcanitoService

type VulcanitoService interface {
	// Healthcheck
	Healthcheck(ctx context.Context) error

	// Jobs
	FindJob(ctx context.Context, jobID string) (*Job, error)
	UpdateJob(ctx context.Context, job Job) (*Job, error)

	// Users
	ListUsers(ctx context.Context) ([]*User, error)
	CreateUser(ctx context.Context, user User) (*User, error)
	UpdateUser(ctx context.Context, user User) (*User, error)
	FindUser(ctx context.Context, userID string) (*User, error)
	DeleteUser(ctx context.Context, userID string) error

	GenerateAPIToken(ctx context.Context, userID string) (*Token, error)

	// Teams
	CreateTeam(ctx context.Context, team Team, ownerEmail string) (*Team, error)
	UpdateTeam(ctx context.Context, team Team) (*Team, error)
	FindTeam(ctx context.Context, teamID string) (*Team, error)
	FindTeamByTag(ctx context.Context, tag string) (*Team, error)
	DeleteTeam(ctx context.Context, teamID string) error
	ListTeams(ctx context.Context) ([]*Team, error)
	FindTeamsByUser(ctx context.Context, userID string) ([]*Team, error)
	FindTeamsByTags(ctx context.Context, tags []string) ([]*Team, error)

	// TeamMembers
	FindTeamMember(ctx context.Context, teamID string, userID string) (*UserTeam, error)
	CreateTeamMember(ctx context.Context, teamUser UserTeam) (*UserTeam, error)
	UpdateTeamMember(ctx context.Context, teamUser UserTeam) (*UserTeam, error)
	DeleteTeamMember(ctx context.Context, teamID string, userID string) error

	// Recipients
	UpdateRecipients(ctx context.Context, teamID string, emails []string) error
	ListRecipients(ctx context.Context, teamID string) ([]*Recipient, error)

	// Assets
	ListAssets(ctx context.Context, teamID string, asset Asset) ([]*Asset, error)
	CreateAssets(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation) ([]Asset, error)
	CreateAssetsMultiStatus(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation) ([]AssetCreationResponse, error)
	MergeDiscoveredAssets(ctx context.Context, teamID string, assets []Asset, groupName string) error
	MergeDiscoveredAssetsAsync(ctx context.Context, teamID string, assets []Asset, groupName string) (*Job, error)
	FindAsset(ctx context.Context, asset Asset) (*Asset, error)
	UpdateAsset(ctx context.Context, asset Asset) (*Asset, error)
	DeleteAsset(ctx context.Context, asset Asset) error
	DeleteAllAssets(ctx context.Context, teamID string) error
	GetAssetType(ctx context.Context, assetTypeName string) (*AssetType, error)

	// Asset Annotations
	ListAssetAnnotations(ctx context.Context, teamID string, assetID string) ([]*AssetAnnotation, error)
	CreateAssetAnnotations(ctx context.Context, teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	UpdateAssetAnnotations(ctx context.Context, teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	PutAssetAnnotations(ctx context.Context, teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	DeleteAssetAnnotations(ctx context.Context, teamID string, assedID string, annotations []*AssetAnnotation) error

	ListGroups(ctx context.Context, teamID, groupName string) ([]*Group, error)
	CreateGroup(ctx context.Context, group Group) (*Group, error)
	FindGroup(ctx context.Context, group Group) (*Group, error)
	UpdateGroup(ctx context.Context, group Group) (*Group, error)
	DeleteGroup(ctx context.Context, group Group) error

	GroupAsset(ctx context.Context, assetGroup AssetGroup, teamID string) (*AssetGroup, error)
	UngroupAsset(ctx context.Context, assetGroup AssetGroup, teamID string) error
	ListAssetGroup(ctx context.Context, assetGroup AssetGroup, teamID string) ([]*Asset, error)

	ListPrograms(ctx context.Context, teamID string) ([]*Program, error)
	CreateProgram(ctx context.Context, program Program, teamID string) (*Program, error)
	FindProgram(ctx context.Context, programID string, teamID string) (*Program, error)
	UpdateProgram(ctx context.Context, program Program, teamID string) (*Program, error)
	DeleteProgram(ctx context.Context, program Program, teamID string) error

	// Schedules
	CreateSchedule(ctx context.Context, programID string, cronExpr string, teamID string) (*Program, error)
	DeleteSchedule(ctx context.Context, programID string, teamID string) (*Program, error)
	ScheduleGlobalProgram(ctx context.Context, programID string, cronExpr string) error

	ListPolicies(ctx context.Context, teamID string) ([]*Policy, error)
	CreatePolicy(ctx context.Context, policy Policy) (*Policy, error)
	FindPolicy(ctx context.Context, policyID string) (*Policy, error)
	UpdatePolicy(ctx context.Context, policy Policy) (*Policy, error)
	DeletePolicy(ctx context.Context, policy Policy) error

	ListChecktypeSetting(ctx context.Context, policyID string) ([]*ChecktypeSetting, error)
	CreateChecktypeSetting(ctx context.Context, setting ChecktypeSetting) (*ChecktypeSetting, error)
	FindChecktypeSetting(ctx context.Context, policyID, checktypeSettingID string) (*ChecktypeSetting, error)
	UpdateChecktypeSetting(ctx context.Context, checktypeSetting ChecktypeSetting) (*ChecktypeSetting, error)
	DeleteChecktypeSetting(ctx context.Context, checktypeSettingID string) error

	ListScans(ctx context.Context, teamID string, programID string) ([]*Scan, error)
	CreateScan(ctx context.Context, scan Scan, teamID string) (*Scan, error)
	FindScan(ctx context.Context, scanID, teamID string) (*Scan, error)
	AbortScan(ctx context.Context, scanID string, teamID string) (*Scan, error)
	UpdateScan(ctx context.Context, scan Scan) (*Scan, error)
	DeleteScan(ctx context.Context, scan Scan) error

	FindReport(ctx context.Context, scanID string) (*Report, error)
	SendReport(ctx context.Context, scanID, teamID string) error
	GenerateReport(ctx context.Context, teamID, teamName, scanID string, autosend bool) error
	RunGenerateReport(ctx context.Context, autosend bool, scanID, programName, teamID, teamName string) error
	ProcessScanCheckNotification(ctx context.Context, msg []byte) error

	SendDigestReport(ctx context.Context, teamID string, startDate string, endDate string) error

	// Stats
	StatsCoverage(ctx context.Context, teamID string) (*StatsCoverage, error)

	// VulnerabilityDB Stats
	ListFindings(ctx context.Context, params FindingsParams, pagination Pagination) (*FindingsList, error)
	ListFindingsIssues(ctx context.Context, params FindingsParams, pagination Pagination) (*FindingsIssuesList, error)
	ListFindingsByIssue(ctx context.Context, params FindingsParams, pagination Pagination) (*FindingsList, error)
	ListFindingsTargets(ctx context.Context, params FindingsParams, pagination Pagination) (*FindingsTargetsList, error)
	ListFindingsByTarget(ctx context.Context, params FindingsParams, pagination Pagination) (*FindingsList, error)
	ListFindingsLabels(ctx context.Context, params FindingsParams) (*FindingsLabels, error)
	FindFinding(ctx context.Context, findingID string) (*Finding, error)
	CreateFindingOverwrite(ctx context.Context, findingOverwrite FindingOverwrite) error
	ListFindingOverwrites(ctx context.Context, findingID string) ([]*FindingOverwrite, error)
	StatsMTTR(ctx context.Context, params StatsParams) (*StatsMTTR, error)
	StatsExposure(ctx context.Context, params StatsParams) (*StatsExposure, error)
	StatsCurrentExposure(ctx context.Context, params StatsParams) (*StatsCurrentExposure, error)
	StatsOpen(ctx context.Context, params StatsParams) (*StatsOpen, error)
	StatsFixed(ctx context.Context, params StatsParams) (*StatsFixed, error)
	StatsAssets(ctx context.Context, params StatsParams) (*StatsAssets, error)
}

VulcanitoService represents all operations provided by Vulcanito

type VulcanitoStore

type VulcanitoStore interface {
	Close() error

	NotFoundError(err error) bool

	Healthcheck() error

	FindJob(jobID string) (*Job, error)
	UpdateJob(job Job) (*Job, error)

	CreateUserIfNotExists(userData saml.UserData) error

	ListUsers() ([]*User, error)
	CreateUser(user User) (*User, error)
	UpdateUser(user User) (*User, error)
	FindUserByID(userID string) (*User, error)
	FindUserByEmail(email string) (*User, error)
	DeleteUserByID(userID string) error

	CreateTeam(team Team, ownerEmail string) (*Team, error)
	UpdateTeam(team Team) (*Team, error)
	FindTeam(teamID string) (*Team, error)
	FindTeamByIDForUser(ID, userID string) (*UserTeam, error)
	FindTeamsByUser(userID string) ([]*Team, error)
	FindTeamByName(name string) (*Team, error)
	FindTeamByTag(tag string) (*Team, error)
	FindTeamsByTags(tags []string) ([]*Team, error)
	FindTeamByProgram(programID string) (*Team, error)
	DeleteTeam(teamID string) error
	ListTeams() ([]*Team, error)

	CreateTeamMember(teamMember UserTeam) (*UserTeam, error)
	DeleteTeamMember(teamID string, userID string) error
	FindTeamMember(teamID string, userID string) (*UserTeam, error)
	UpdateTeamMember(teamMember UserTeam) (*UserTeam, error)

	UpdateRecipients(teamID string, emails []string) error
	ListRecipients(teamID string) ([]*Recipient, error)

	ListAssets(teamID string, asset Asset) ([]*Asset, error)
	FindAsset(teamID, assetID string) (*Asset, error)
	CreateAsset(asset Asset, groups []Group) (*Asset, error)
	CreateAssets(assets []Asset, groups []Group) ([]Asset, error)
	DeleteAsset(asset Asset) error
	DeleteAllAssets(teamID string) error
	UpdateAsset(asset Asset) (*Asset, error)
	MergeAssets(mergeOps AssetMergeOperations) error
	MergeAssetsAsync(teamID string, assets []Asset, groupName string) (*Job, error)

	GetAssetType(assetTypeName string) (*AssetType, error)

	ListAssetAnnotations(teamID string, assetID string) ([]*AssetAnnotation, error)
	CreateAssetAnnotations(teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	UpdateAssetAnnotations(teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	PutAssetAnnotations(teamID string, assetID string, annotations []*AssetAnnotation) ([]*AssetAnnotation, error)
	DeleteAssetAnnotations(teamID string, assetID string, annotations []*AssetAnnotation) error

	CreateGroup(group Group) (*Group, error)
	ListGroups(teamID, groupName string) ([]*Group, error)
	UpdateGroup(group Group) (*Group, error)
	DeleteGroup(group Group) error
	FindGroup(group Group) (*Group, error)
	// FindGroupInfo returns the info of the specified group
	// without loading the assets and teams associated to it.
	FindGroupInfo(group Group) (*Group, error)
	// DisjoinAssetsInGroups returns assets belonging to a team that are in a given
	// group but not in other groups.
	DisjoinAssetsInGroups(teamID, inGroupID string, notInGroupIDs []string) ([]*Asset, error)

	CountAssetsInGroups(teamID string, groupIDs []string) (int, error)

	GroupAsset(assetsGroup AssetGroup, teamID string) (*AssetGroup, error)
	ListAssetGroup(assetGroup AssetGroup, teamID string) ([]*AssetGroup, error)
	UngroupAssets(assetGroup AssetGroup, teamID string) error

	ListPrograms(teamID string) ([]*Program, error)
	CreateProgram(program Program, teamID string) (*Program, error)
	FindProgram(programID string, teamID string) (*Program, error)
	UpdateProgram(program Program, teamID string) (*Program, error)
	DeleteProgram(program Program, teamID string) error

	ListPolicies(teamID string) ([]*Policy, error)
	CreatePolicy(policy Policy) (*Policy, error)
	FindPolicy(policyID string) (*Policy, error)
	UpdatePolicy(policy Policy) (*Policy, error)
	DeletePolicy(policy Policy) error

	ListChecktypeSetting(policyID string) ([]*ChecktypeSetting, error)
	CreateChecktypeSetting(setting ChecktypeSetting) (*ChecktypeSetting, error)
	FindChecktypeSetting(checktypeSettingID string) (*ChecktypeSetting, error)
	UpdateChecktypeSetting(checktypeSetting ChecktypeSetting) (*ChecktypeSetting, error)
	DeleteChecktypeSetting(checktypeSettingID string) error

	FindGlobalProgramMetadata(programID string, teamID string) (*GlobalProgramsMetadata, error)
	UpsertGlobalProgramMetadata(teamID, program string, defaultAutosend bool, defaultDisabled bool, defaultCron string, autosend *bool, disabled *bool, cron *string) error
	DeleteProgramMetadata(program string) error

	CreateFindingOverwrite(findingOverwrite FindingOverwrite) error
	ListFindingOverwrites(findingID string) ([]*FindingOverwrite, error)
}

Directories

Path Synopsis
cdc

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL