Documentation
¶
Index ¶
- Constants
- func ExtractExploitPocURL(url []string) (string, []string)
- func GetCvss(c []Cvss) (float64, float64, string)
- type Advisory
- type Cvss
- type CvssMetrics
- type Fix
- type FixState
- type IDModel
- type Vulnerability
- type VulnerabilityDBModel
- type VulnerabilityMatchExclusionModel
- type VulnerabilityMetadata
- type VulnerabilityMetadataModel
- type VulnerabilityModel
- type VulnerabilityReference
Constants ¶
View Source
const ( DefaultCVSSCritical = 9.0 DefaultCVSSHigh = 7.0 DefaultCVSSMedium = 5.0 DefaultCVSSLow = 2.0 )
View Source
const (
IDTableName = "id"
)
View Source
const (
VulnerabilityMatchExclusionTableName = "vulnerability_match_exclusion"
)
View Source
const (
VulnerabilityMetadataTableName = "vulnerability_metadata"
)
View Source
const (
VulnerabilityTableName = "vulnerability"
)
Variables ¶
This section is empty.
Functions ¶
func ExtractExploitPocURL ¶
Types ¶
type Advisory ¶
Advisory represents published statements regarding a vulnerability (and potentially about it's resolution).
type Cvss ¶
type Cvss struct {
// VendorMetadata captures non-standard CVSS fields that vendors can sometimes
// include when providing CVSS information. This vendor-specific metadata type
// allows to capture that data for persisting into the database
VendorMetadata interface{} `json:"vendor_metadata"`
Metrics CvssMetrics `json:"metrics"`
Vector string `json:"vector"` // A textual representation of the metric values used to determine the score
Version string `json:"version"` // The version of the CVSS spec, for example 2.0, 3.0, or 3.1
Source string `json:"source"` // Identifies the organization that provided the score
Type string `json:"type"` // Whether the source is a `primary` or `secondary` source
}
Cvss contains select Common Vulnerability Scoring System fields for a vulnerability.
type CvssMetrics ¶
type CvssMetrics struct {
// BaseScore ranges from 0 - 10 and defines qualities intrinsic to the severity of a vulnerability.
BaseScore float64 `json:"base_score"`
// ExploitabilityScore is a pointer to avoid having a 0 value by default.
// It is an indicator of how easy it may be for an attacker to exploit
// a vulnerability
ExploitabilityScore *float64 `json:"exploitability_score"`
// ImpactScore represents the effects of an exploited vulnerability
// relative to compromise in confidentiality, integrity, and availability.
// It is an optional parameter, so that is why it is a pointer instead of
// a regular field
ImpactScore *float64 `json:"impact_score"`
}
CvssMetrics are the quantitative values that make up a CVSS score.
type Fix ¶
type Fix struct {
Versions []string `json:"versions"` // The version(s) which this particular vulnerability was fixed in
State FixState `json:"state"`
}
Fix represents all information about known fixes for a stated vulnerability.
type IDModel ¶
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"` // The identifier of the vulnerability or advisory
PackageName string `json:"package_name"` // The name of the package that is vulnerable
Namespace string `json:"namespace"` // The ecosystem where the package resides
VersionConstraint string `json:"version_constraint"` // The version range which the given package is vulnerable
VersionFormat string `json:"version_format"` // The format which all version fields should be interpreted as
CPEs []string `json:"cpes"` // The CPEs which are considered vulnerable
RelatedVulnerabilities []VulnerabilityReference `json:"related_vulnerabilities"` // Other Vulnerabilities that are related to this one (e.g. GHSA relate to CVEs, or how distro CVE relates to NVD record)
Fix Fix `json:"fix"` // All information about fixed versions
Advisories []Advisory `json:"advisories"` // Any vendor advisories about fixes or other notifications about this vulnerability
}
Vulnerability represents the minimum data fields necessary to perform package-to-vulnerability matching. This can represent a CVE, 3rd party advisory, or any source that relates back to a CVE.
type VulnerabilityDBModel ¶
type VulnerabilityDBModel struct {
VulnerabilityModel []VulnerabilityModel `json:"vulnerability_model"`
VulnerabilityMetadataModel []VulnerabilityMetadataModel `json:"vulnerability_metadata_model"`
IDModel IDModel `json:"id_model"`
}
type VulnerabilityMatchExclusionModel ¶
type VulnerabilityMatchExclusionModel struct {
PK uint64 `gorm:"primary_key;auto_increment;"`
ID string `gorm:"column:id; index:get_vulnerability_match_exclusion_index"`
Constraints sqlite.NullString `gorm:"column:constraints; default:null"`
Justification string `gorm:"column:justification"`
}
VulnerabilityMatchExclusionModel is a struct used to serialize db.VulnerabilityMatchExclusion information into a sqlite3 DB.
func (VulnerabilityMatchExclusionModel) TableName ¶
func (VulnerabilityMatchExclusionModel) TableName() string
TableName returns the table which all db.VulnerabilityMatchExclusion model instances are stored into.
type VulnerabilityMetadata ¶
type VulnerabilityMetadataModel ¶
type VulnerabilityMetadataModel struct {
ID string `gorm:"primary_key; column:id;"`
Namespace string `gorm:"primary_key; column:namespace;"`
DataSource string `gorm:"column:data_source"`
RecordSource string `gorm:"column:record_source"`
Severity string `gorm:"column:severity"`
URLs sqlite.NullString `gorm:"column:urls; default:null"`
Description string `gorm:"column:description"`
Cvss sqlite.NullString `gorm:"column:cvss; default:null"`
CISAKEV bool `gorm:"column:cisakev"`
EPSSScore float64 `gorm:"column:epss"`
}
VulnerabilityMetadataModel is a struct used to serialize db.VulnerabilityMetadata information into a sqlite3 DB.
func (*VulnerabilityMetadataModel) Inflate ¶
func (m *VulnerabilityMetadataModel) Inflate() (VulnerabilityMetadata, error)
Inflate generates a db.VulnerabilityMetadataModel object from the serialized model instance.
func (*VulnerabilityMetadataModel) TableName ¶
func (m *VulnerabilityMetadataModel) TableName() string
TableName returns the table which all db.VulnerabilityMetadata model instances are stored into.
type VulnerabilityModel ¶
type VulnerabilityModel struct {
PK uint64 `gorm:"primary_key;auto_increment;"`
ID string `gorm:"column:id"`
PackageName string `gorm:"column:package_name; index:get_vulnerability_index"`
Namespace string `gorm:"column:namespace; index:get_vulnerability_index"`
PackageQualifiers sqlite.NullString `gorm:"column:package_qualifiers"`
VersionConstraint string `gorm:"column:version_constraint"`
VersionFormat string `gorm:"column:version_format"`
CPEs sqlite.NullString `gorm:"column:cpes; default:null"`
RelatedVulnerabilities sqlite.NullString `gorm:"column:related_vulnerabilities; default:null"`
FixedInVersions sqlite.NullString `gorm:"column:fixed_in_versions; default:null"`
FixState string `gorm:"column:fix_state"`
Advisories sqlite.NullString `gorm:"column:advisories; default:null"`
}
VulnerabilityModel is a struct used to serialize db.Vulnerability information into a sqlite3 DB.
func (*VulnerabilityModel) Inflate ¶
func (m *VulnerabilityModel) Inflate() (Vulnerability, error)
Inflate generates a db.Vulnerability object from the serialized model instance.
func (*VulnerabilityModel) TableName ¶
func (m *VulnerabilityModel) TableName() string
TableName returns the table which all db.Vulnerability model instances are stored into.
type VulnerabilityReference ¶
Source Files
Click to show internal directories.
Click to hide internal directories.