Documentation ¶
Index ¶
- Constants
- type Advisory
- type Cvss
- type CvssMetrics
- type Diff
- type DiffReader
- type DiffReason
- type Fix
- type FixState
- type ID
- type IDReader
- type IDWriter
- type PackageExclusionConstraint
- type Store
- type StoreReader
- type StoreWriter
- type Vulnerability
- type VulnerabilityExclusionConstraint
- type VulnerabilityMatchExclusion
- type VulnerabilityMatchExclusionConstraint
- type VulnerabilityMatchExclusionStore
- type VulnerabilityMatchExclusionStoreReader
- type VulnerabilityMatchExclusionStoreWriter
- type VulnerabilityMetadata
- type VulnerabilityMetadataStore
- type VulnerabilityMetadataStoreReader
- type VulnerabilityMetadataStoreWriter
- type VulnerabilityReference
- type VulnerabilityStore
- type VulnerabilityStoreReader
- type VulnerabilityStoreWriter
Constants ¶
const SchemaVersion = 4
const VulnerabilityStoreFileName = "vulnerability.db"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Advisory ¶
Advisory represents published statements regarding a vulnerability (and potentially about it's resolution).
type Cvss ¶
type Cvss struct { // VendorMetadata captures non-standard CVSS fields that vendors can sometimes // include when providing CVSS information. This vendor-specific metadata type // allows to capture that data for persisting into the database VendorMetadata interface{} `json:"vendor_metadata"` Metrics CvssMetrics `json:"metrics"` Vector string `json:"vector"` // A textual representation of the metric values used to determine the score Version string `json:"version"` // The version of the CVSS spec, for example 2.0, 3.0, or 3.1 }
Cvss contains select Common Vulnerability Scoring System fields for a vulnerability.
type CvssMetrics ¶
type CvssMetrics struct { // BaseScore ranges from 0 - 10 and defines qualities intrinsic to the severity of a vulnerability. BaseScore float64 `json:"base_score"` // ExploitabilityScore is a pointer to avoid having a 0 value by default. // It is an indicator of how easy it may be for an attacker to exploit // a vulnerability ExploitabilityScore *float64 `json:"exploitability_score"` // ImpactScore represents the effects of an exploited vulnerability // relative to compromise in confidentiality, integrity, and availability. // It is an optional parameter, so that is why it is a pointer instead of // a regular field ImpactScore *float64 `json:"impact_score"` }
CvssMetrics are the quantitative values that make up a CVSS score.
func NewCvssMetrics ¶
func NewCvssMetrics(baseScore, exploitabilityScore, impactScore float64) CvssMetrics
type Diff ¶
type Diff struct { Reason DiffReason `json:"reason"` ID string `json:"id"` Namespace string `json:"namespace"` Packages []string `json:"packages"` }
type DiffReader ¶
type DiffReader interface {
DiffStore(s StoreReader) (*[]Diff, error)
}
type DiffReason ¶
type DiffReason = string
const ( DiffAdded DiffReason = "added" DiffChanged DiffReason = "changed" DiffRemoved DiffReason = "removed" )
type Fix ¶
type Fix struct { Versions []string `json:"versions"` // The version(s) which this particular vulnerability was fixed in State FixState `json:"state"` }
Fix represents all information about known fixes for a stated vulnerability.
type ID ¶
type ID struct { // BuildTimestamp is the timestamp used to define the age of the DB, ideally including the age of the data // contained in the DB, not just when the DB file was created. BuildTimestamp time.Time `json:"build_timestamp"` SchemaVersion int `json:"schema_version"` }
ID represents identifying information for a DB and the data it contains.
type PackageExclusionConstraint ¶
type PackageExclusionConstraint struct { Name string `json:"name,omitempty"` // Package name Language string `json:"language,omitempty"` // The language ecosystem for a package Type string `json:"type,omitempty"` // Package type Version string `json:"version,omitempty"` // Package version Location string `json:"location,omitempty"` // Package location ExtraFields map[string]interface{} `json:"-"` }
PackageExclusionConstraint describes criteria for excluding a match based on package components
func (*PackageExclusionConstraint) UnmarshalJSON ¶
func (p *PackageExclusionConstraint) UnmarshalJSON(data []byte) error
func (PackageExclusionConstraint) Usable ¶
func (p PackageExclusionConstraint) Usable() bool
type Store ¶
type Store interface { StoreReader StoreWriter }
type StoreReader ¶
type StoreReader interface { IDReader DiffReader VulnerabilityStoreReader VulnerabilityMetadataStoreReader VulnerabilityMatchExclusionStoreReader }
type StoreWriter ¶
type StoreWriter interface { IDWriter VulnerabilityStoreWriter VulnerabilityMetadataStoreWriter VulnerabilityMatchExclusionStoreWriter Close() }
type Vulnerability ¶
type Vulnerability struct { ID string `json:"id"` // The identifier of the vulnerability or advisory PackageName string `json:"package_name"` // The name of the package that is vulnerable Namespace string `json:"namespace"` // The ecosystem where the package resides VersionConstraint string `json:"version_constraint"` // The version range which the given package is vulnerable VersionFormat string `json:"version_format"` // The format which all version fields should be interpreted as CPEs []string `json:"cpes"` // The CPEs which are considered vulnerable RelatedVulnerabilities []VulnerabilityReference `json:"related_vulnerabilities"` // Other Vulnerabilities that are related to this one (e.g. GHSA relate to CVEs, or how distro CVE relates to NVD record) Fix Fix `json:"fix"` // All information about fixed versions Advisories []Advisory `json:"advisories"` // Any vendor advisories about fixes or other notifications about this vulnerability }
Vulnerability represents the minimum data fields necessary to perform package-to-vulnerability matching. This can represent a CVE, 3rd party advisory, or any source that relates back to a CVE.
func (*Vulnerability) Equal ¶
func (v *Vulnerability) Equal(vv Vulnerability) bool
type VulnerabilityExclusionConstraint ¶
type VulnerabilityExclusionConstraint struct { Namespace string `json:"namespace,omitempty"` // Vulnerability namespace FixState FixState `json:"fix_state,omitempty"` // Vulnerability fix state ExtraFields map[string]interface{} `json:"-"` }
VulnerabilityExclusionConstraint describes criteria for excluding a match based on additional vulnerability components
func (*VulnerabilityExclusionConstraint) UnmarshalJSON ¶
func (v *VulnerabilityExclusionConstraint) UnmarshalJSON(data []byte) error
func (VulnerabilityExclusionConstraint) Usable ¶
func (v VulnerabilityExclusionConstraint) Usable() bool
type VulnerabilityMatchExclusion ¶
type VulnerabilityMatchExclusion struct { ID string `json:"id"` // The identifier of the vulnerability or advisory Constraints []VulnerabilityMatchExclusionConstraint `json:"constraints,omitempty"` // The constraints under which the exclusion applies Justification string `json:"justification"` // Justification for the exclusion }
VulnerabilityMatchExclusion represents the minimum data fields necessary to automatically filter certain vulnerabilities from match results based on the specified constraints.
type VulnerabilityMatchExclusionConstraint ¶
type VulnerabilityMatchExclusionConstraint struct { Vulnerability VulnerabilityExclusionConstraint `json:"vulnerability,omitempty"` // Vulnerability exclusion criteria Package PackageExclusionConstraint `json:"package,omitempty"` // Package exclusion criteria ExtraFields map[string]interface{} `json:"-"` }
VulnerabilityMatchExclusionConstraint describes criteria for which matches should be excluded
func (*VulnerabilityMatchExclusionConstraint) UnmarshalJSON ¶
func (c *VulnerabilityMatchExclusionConstraint) UnmarshalJSON(data []byte) error
func (VulnerabilityMatchExclusionConstraint) Usable ¶
func (c VulnerabilityMatchExclusionConstraint) Usable() bool
type VulnerabilityMatchExclusionStore ¶
type VulnerabilityMatchExclusionStore interface { VulnerabilityMatchExclusionStoreReader VulnerabilityMatchExclusionStoreWriter }
type VulnerabilityMatchExclusionStoreReader ¶
type VulnerabilityMatchExclusionStoreReader interface {
GetVulnerabilityMatchExclusion(id string) ([]VulnerabilityMatchExclusion, error)
}
type VulnerabilityMatchExclusionStoreWriter ¶
type VulnerabilityMatchExclusionStoreWriter interface {
AddVulnerabilityMatchExclusion(exclusion ...VulnerabilityMatchExclusion) error
}
type VulnerabilityMetadata ¶
type VulnerabilityMetadata struct { ID string `json:"id"` // The identifier of the vulnerability or advisory Namespace string `json:"namespace"` // Where this entry is valid within DataSource string `json:"data_source"` // A URL where the data was sourced from RecordSource string `json:"record_source"` // The source of the vulnerability information (relative to the immediate upstream in the enterprise feedgroup) Severity string `json:"severity"` // How severe the vulnerability is (valid values are defined by upstream sources currently) URLs []string `json:"urls"` // URLs to get more information about the vulnerability or advisory Description string `json:"description"` // Description of the vulnerability Cvss []Cvss `json:"cvss"` // Common Vulnerability Scoring System values }
VulnerabilityMetadata represents all vulnerability data that is not necessary to perform package-to-vulnerability matching.
func (*VulnerabilityMetadata) Equal ¶
func (v *VulnerabilityMetadata) Equal(vv VulnerabilityMetadata) bool
type VulnerabilityMetadataStore ¶
type VulnerabilityMetadataStore interface { VulnerabilityMetadataStoreReader VulnerabilityMetadataStoreWriter }
type VulnerabilityMetadataStoreReader ¶
type VulnerabilityMetadataStoreReader interface { GetVulnerabilityMetadata(id, namespace string) (*VulnerabilityMetadata, error) GetAllVulnerabilityMetadata() (*[]VulnerabilityMetadata, error) }
type VulnerabilityMetadataStoreWriter ¶
type VulnerabilityMetadataStoreWriter interface {
AddVulnerabilityMetadata(metadata ...VulnerabilityMetadata) error
}
type VulnerabilityReference ¶
type VulnerabilityStore ¶
type VulnerabilityStore interface { VulnerabilityStoreReader VulnerabilityStoreWriter }
type VulnerabilityStoreReader ¶
type VulnerabilityStoreReader interface { // GetVulnerabilityNamespaces retrieves unique list of vulnerability namespaces GetVulnerabilityNamespaces() ([]string, error) // GetVulnerability retrieves vulnerabilities by namespace and package GetVulnerability(namespace, packageName string) ([]Vulnerability, error) GetAllVulnerabilities() (*[]Vulnerability, error) }
type VulnerabilityStoreWriter ¶
type VulnerabilityStoreWriter interface { // AddVulnerability inserts a new record of a vulnerability into the store AddVulnerability(vulnerabilities ...Vulnerability) error }