Documentation ¶
Index ¶
- Constants
- Variables
- type AffectedProcess
- type Alert
- type AlertDict
- type Changelog
- type Confidence
- type Confidences
- type Container
- type Cpe
- type CveContent
- type CveContentCpes
- type CveContentCvss
- type CveContentRefs
- type CveContentStr
- type CveContentType
- type CveContentTypes
- type CveContents
- func (v CveContents) Cpes(myFamily string) (values []CveContentCpes)
- func (v CveContents) CweIDs(myFamily string) (values []CveContentStr)
- func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
- func (v CveContents) References(myFamily string) (values []CveContentRefs)
- func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr)
- func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr)
- type Cvss
- type CvssType
- type CweDict
- type CweDictEntry
- type DetectionMethod
- type DistroAdvisories
- type DistroAdvisory
- type Exploit
- type GitHubSecurityAlert
- type GitHubSecurityAlerts
- type Kernel
- type LibraryFixedIn
- type LibraryFixedIns
- type LibraryScanner
- type LibraryScanners
- type NeedRestartProcess
- type Package
- type PackageFixStatus
- type PackageFixStatuses
- type Packages
- type Platform
- type Reference
- type References
- type ScanResult
- func (r ScanResult) FilterByCvssOver(over float64) ScanResult
- func (r ScanResult) FilterIgnoreCves() ScanResult
- func (r ScanResult) FilterIgnorePkgs() ScanResult
- func (r ScanResult) FilterInactiveWordPressLibs() ScanResult
- func (r ScanResult) FilterUnfixed() ScanResult
- func (r ScanResult) FormatAlertSummary() string
- func (r ScanResult) FormatExploitCveSummary() string
- func (r ScanResult) FormatServerName() (name string)
- func (r ScanResult) FormatTextReportHeadedr() string
- func (r ScanResult) FormatUpdatablePacksSummary() string
- func (r ScanResult) IsContainer() bool
- func (r ScanResult) IsDeepScanMode() bool
- func (r ScanResult) ReportFileName() (name string)
- func (r ScanResult) ReportKeyName() (name string)
- func (r ScanResult) ServerInfo() string
- func (r ScanResult) ServerInfoTui() string
- type ScanResults
- type SrcPackage
- type SrcPackages
- type VulnInfo
- func (v VulnInfo) AttackVector() string
- func (v VulnInfo) Cvss2CalcURL() string
- func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss)
- func (v VulnInfo) Cvss3CalcURL() string
- func (v VulnInfo) Cvss3Scores() (values []CveContentCvss)
- func (v VulnInfo) FormatMaxCvssScore() string
- func (v VulnInfo) MaxCvss2Score() CveContentCvss
- func (v VulnInfo) MaxCvss3Score() CveContentCvss
- func (v VulnInfo) MaxCvssScore() CveContentCvss
- func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr)
- func (v VulnInfo) PatchStatus(packs Packages) string
- func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr)
- func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr)
- func (v VulnInfo) VendorLinks(family string) map[string]string
- type VulnInfos
- func (v VulnInfos) CountGroupBySeverity() map[string]int
- func (v VulnInfos) Find(f func(VulnInfo) bool) VulnInfos
- func (v VulnInfos) FindScoredVulns() VulnInfos
- func (v VulnInfos) FormatCveSummary() string
- func (v VulnInfos) FormatFixedStatus(packs Packages) string
- func (v VulnInfos) ToSortedSlice() (sorted []VulnInfo)
- type WordPressPackages
- type WpPackage
- type WpPackageFixStats
- type WpPackageFixStatus
- type WpPackages
Constants ¶
const ( // CpeNameMatchStr is a String representation of CpeNameMatch CpeNameMatchStr = "CpeNameMatch" // YumUpdateSecurityMatchStr is a String representation of YumUpdateSecurityMatch YumUpdateSecurityMatchStr = "YumUpdateSecurityMatch" // PkgAuditMatchStr is a String representation of PkgAuditMatch PkgAuditMatchStr = "PkgAuditMatch" // OvalMatchStr is a String representation of OvalMatch OvalMatchStr = "OvalMatch" // RedHatAPIStr is a String representation of RedHatAPIMatch RedHatAPIStr = "RedHatAPIMatch" // DebianSecurityTrackerMatchStr is a String representation of DebianSecurityTrackerMatch DebianSecurityTrackerMatchStr = "DebianSecurityTrackerMatch" // TrivyMatchStr is a String representation of Trivy TrivyMatchStr = "TrivyMatch" // ChangelogExactMatchStr is a String representation of ChangelogExactMatch ChangelogExactMatchStr = "ChangelogExactMatch" // ChangelogLenientMatchStr is a String representation of ChangelogLenientMatch ChangelogLenientMatchStr = "ChangelogLenientMatch" // GitHubMatchStr is a String representation of GitHubMatch GitHubMatchStr = "GitHubMatch" // WPVulnDBMatchStr is a String representation of WordPress VulnDB scanning WPVulnDBMatchStr = "WPVulnDBMatch" // FailedToGetChangelog is a String representation of FailedToGetChangelog FailedToGetChangelog = "FailedToGetChangelog" // FailedToFindVersionInChangelog is a String representation of FailedToFindVersionInChangelog FailedToFindVersionInChangelog = "FailedToFindVersionInChangelog" )
const ( // WPCore is a type `core` in WPPackage struct WPCore = "core" // WPPlugin is a type `plugin` in WPPackage struct WPPlugin = "plugin" // WPTheme is a type `theme` in WPPackage struct WPTheme = "theme" // Inactive is a inactive status in WPPackage struct Inactive = "inactive" )
const JSONVersion = 4
JSONVersion is JSON Version
Variables ¶
var ( // CpeNameMatch is a ranking how confident the CVE-ID was deteted correctly CpeNameMatch = Confidence{100, CpeNameMatchStr, 1} // YumUpdateSecurityMatch is a ranking how confident the CVE-ID was deteted correctly YumUpdateSecurityMatch = Confidence{100, YumUpdateSecurityMatchStr, 2} // PkgAuditMatch is a ranking how confident the CVE-ID was deteted correctly PkgAuditMatch = Confidence{100, PkgAuditMatchStr, 2} // OvalMatch is a ranking how confident the CVE-ID was deteted correctly OvalMatch = Confidence{100, OvalMatchStr, 0} // RedHatAPIMatch ranking how confident the CVE-ID was deteted correctly RedHatAPIMatch = Confidence{100, RedHatAPIStr, 0} // DebianSecurityTrackerMatch ranking how confident the CVE-ID was deteted correctly DebianSecurityTrackerMatch = Confidence{100, DebianSecurityTrackerMatchStr, 0} // TrivyMatch ranking how confident the CVE-ID was deteted correctly TrivyMatch = Confidence{100, TrivyMatchStr, 0} // ChangelogExactMatch is a ranking how confident the CVE-ID was deteted correctly ChangelogExactMatch = Confidence{95, ChangelogExactMatchStr, 3} // ChangelogLenientMatch is a ranking how confident the CVE-ID was deteted correctly ChangelogLenientMatch = Confidence{50, ChangelogLenientMatchStr, 4} // GitHubMatch is a ranking how confident the CVE-ID was deteted correctly GitHubMatch = Confidence{97, GitHubMatchStr, 2} // WPVulnDBMatch is a ranking how confident the CVE-ID was deteted correctly WPVulnDBMatch = Confidence{100, WPVulnDBMatchStr, 0} )
var AllCveContetTypes = CveContentTypes{ Nvd, NvdXML, Jvn, RedHat, RedHatAPI, Debian, Ubuntu, Amazon, SUSE, DebianSecurityTracker, WPVulnDB, Trivy, }
AllCveContetTypes has all of CveContentTypes
var LibraryMap = map[string]string{
"package-lock.json": "node",
"yarn.lock": "node",
"Gemfile.lock": "ruby",
"Cargo.lock": "rust",
"composer.lock": "php",
"Pipfile.lock": "python",
"poetry.lock": "python",
}
LibraryMap is filename and library type
Functions ¶
This section is empty.
Types ¶
type AffectedProcess ¶ added in v0.5.0
type AffectedProcess struct { PID string `json:"pid,omitempty"` Name string `json:"name,omitempty"` ListenPorts []string `json:"listenPorts,omitempty"` }
AffectedProcess keep a processes information affected by software update
type Alert ¶ added in v0.9.0
type Alert struct { URL string `json:"url,omitempty"` Title string `json:"title,omitempty"` Team string `json:"team,omitempty"` }
Alert has XCERT alert information
type AlertDict ¶ added in v0.6.2
AlertDict has target cve's JPCERT and USCERT alert data
func (AlertDict) FormatSource ¶ added in v0.6.2
FormatSource returns which source has this alert
type Changelog ¶ added in v0.3.0
type Changelog struct { Contents string `json:"contents"` Method DetectionMethod `json:"method"` }
Changelog has contents of changelog and how to get it. Method: models.detectionMethodStr
type Confidence ¶ added in v0.3.0
type Confidence struct { Score int `json:"score"` DetectionMethod DetectionMethod `json:"detectionMethod"` SortOrder int `json:"-"` }
Confidence is a ranking how confident the CVE-ID was deteted correctly Score: 0 - 100
func (Confidence) String ¶ added in v0.3.0
func (c Confidence) String() string
type Confidences ¶ added in v0.5.0
type Confidences []Confidence
Confidences is a list of Confidence
func (*Confidences) AppendIfMissing ¶ added in v0.5.0
func (cs *Confidences) AppendIfMissing(confidence Confidence)
AppendIfMissing appends confidence to the list if missiong
func (Confidences) SortByConfident ¶ added in v0.5.0
func (cs Confidences) SortByConfident() Confidences
SortByConfident sorts Confidences
type Container ¶ added in v0.1.4
type Container struct { ContainerID string `json:"containerID"` Name string `json:"name"` Image string `json:"image"` Type string `json:"type"` UUID string `json:"uuid"` }
Container has Container information
type CveContent ¶ added in v0.4.0
type CveContent struct { Type CveContentType `json:"type"` CveID string `json:"cveID"` Title string `json:"title"` Summary string `json:"summary"` Cvss2Score float64 `json:"cvss2Score"` Cvss2Vector string `json:"cvss2Vector"` Cvss2Severity string `json:"cvss2Severity"` Cvss3Score float64 `json:"cvss3Score"` Cvss3Vector string `json:"cvss3Vector"` Cvss3Severity string `json:"cvss3Severity"` SourceLink string `json:"sourceLink"` Cpes []Cpe `json:"cpes,omitempty"` References References `json:"references,omitempty"` CweIDs []string `json:"cweIDs,omitempty"` Published time.Time `json:"published"` LastModified time.Time `json:"lastModified"` Mitigation string `json:"mitigation"` // RedHat API Optional map[string]string `json:"optional,omitempty"` }
CveContent has abstraction of various vulnerability information
func ConvertJvnToModel ¶ added in v0.4.0
func ConvertJvnToModel(cveID string, jvn *cvedict.Jvn) *CveContent
ConvertJvnToModel convert JVN to CveContent
func ConvertNvdJSONToModel ¶ added in v0.5.0
func ConvertNvdJSONToModel(cveID string, nvd *cvedict.NvdJSON) *CveContent
ConvertNvdJSONToModel convert NVD to CveContent
func (CveContent) Empty ¶ added in v0.4.0
func (c CveContent) Empty() bool
Empty checks the content is empty
type CveContentCpes ¶ added in v0.4.0
type CveContentCpes struct { Type CveContentType Value []Cpe }
CveContentCpes has CveContentType and Value
type CveContentCvss ¶ added in v0.4.0
type CveContentCvss struct { Type CveContentType `json:"type"` Value Cvss `json:"value"` }
CveContentCvss has CVSS information
type CveContentRefs ¶ added in v0.4.0
type CveContentRefs struct { Type CveContentType Value []Reference }
CveContentRefs has CveContentType and Cpes
type CveContentStr ¶ added in v0.4.0
type CveContentStr struct { Type CveContentType Value string }
CveContentStr has CveContentType and Value
type CveContentType ¶ added in v0.4.0
type CveContentType string
CveContentType is a source of CVE information
const ( // NvdXML is NvdXML NvdXML CveContentType = "nvdxml" // Nvd is Nvd Nvd CveContentType = "nvd" // Jvn is Jvn Jvn CveContentType = "jvn" // RedHat is RedHat RedHat CveContentType = "redhat" // RedHatAPI is RedHat RedHatAPI CveContentType = "redhat_api" // DebianSecurityTracker is Debian Secury tracker DebianSecurityTracker CveContentType = "debian_security_tracker" // Debian is Debian Debian CveContentType = "debian" // Ubuntu is Ubuntu Ubuntu CveContentType = "ubuntu" // Oracle is Oracle Linux Oracle CveContentType = "oracle" // Amazon is Amazon Linux Amazon CveContentType = "amazon" // SUSE is SUSE Linux SUSE CveContentType = "suse" // Microsoft is Microsoft Microsoft CveContentType = "microsoft" // WPVulnDB is WordPress WPVulnDB CveContentType = "wpvulndb" // Trivy is Trivy Trivy CveContentType = "trivy" // Unknown is Unknown Unknown CveContentType = "unknown" )
func NewCveContentType ¶ added in v0.4.0
func NewCveContentType(name string) CveContentType
NewCveContentType create CveContentType
type CveContentTypes ¶ added in v0.4.0
type CveContentTypes []CveContentType
CveContentTypes has slide of CveContentType
func (CveContentTypes) Except ¶ added in v0.4.0
func (c CveContentTypes) Except(excepts ...CveContentType) (excepted CveContentTypes)
Except returns CveContentTypes except for given args
type CveContents ¶ added in v0.4.0
type CveContents map[CveContentType]CveContent
CveContents has CveContent
func NewCveContents ¶ added in v0.4.0
func NewCveContents(conts ...CveContent) CveContents
NewCveContents create CveContents
func (CveContents) Cpes ¶ added in v0.4.0
func (v CveContents) Cpes(myFamily string) (values []CveContentCpes)
Cpes returns affected CPEs of this Vulnerability
func (CveContents) CweIDs ¶ added in v0.4.0
func (v CveContents) CweIDs(myFamily string) (values []CveContentStr)
CweIDs returns related CweIDs of the vulnerability
func (CveContents) Except ¶ added in v0.4.0
func (v CveContents) Except(exceptCtypes ...CveContentType) (values CveContents)
Except returns CveContents except given keys for enumeration
func (CveContents) References ¶ added in v0.4.0
func (v CveContents) References(myFamily string) (values []CveContentRefs)
References returns References
func (CveContents) SourceLinks ¶ added in v0.4.0
func (v CveContents) SourceLinks(lang, myFamily, cveID string) (values []CveContentStr)
SourceLinks returns link of source
func (CveContents) UniqCweIDs ¶ added in v0.5.0
func (v CveContents) UniqCweIDs(myFamily string) (values []CveContentStr)
UniqCweIDs returns Uniq CweIDs
type Cvss ¶ added in v0.4.0
type Cvss struct { Type CvssType `json:"type"` Score float64 `json:"score"` CalculatedBySeverity bool `json:"calculatedBySeverity"` Vector string `json:"vector"` Severity string `json:"severity"` }
Cvss has CVSS Score
type CweDictEntry ¶ added in v0.5.0
type CweDictEntry struct { En *cwe.Cwe `json:"en,omitempty"` Ja *cwe.Cwe `json:"ja,omitempty"` OwaspTopTen2017 string `json:"owaspTopTen2017"` CweTopTwentyfive2019 string `json:"cweTopTwentyfive2019"` SansTopTwentyfive string `json:"sansTopTwentyfive"` }
CweDictEntry is a entry of CWE
type DetectionMethod ¶ added in v0.4.0
type DetectionMethod string
DetectionMethod indicates - How to detect the CveID - How to get the changelog difference between installed and candidate version
type DistroAdvisories ¶ added in v0.8.0
type DistroAdvisories []DistroAdvisory
DistroAdvisories is a list of DistroAdvisory
func (*DistroAdvisories) AppendIfMissing ¶ added in v0.8.0
func (advs *DistroAdvisories) AppendIfMissing(adv *DistroAdvisory) bool
AppendIfMissing appends if missing
type DistroAdvisory ¶
type DistroAdvisory struct { AdvisoryID string `json:"advisoryID"` Severity string `json:"severity"` Issued time.Time `json:"issued"` Updated time.Time `json:"updated"` Description string `json:"description"` }
DistroAdvisory has Amazon Linux, RHEL, FreeBSD Security Advisory information.
func (DistroAdvisory) Format ¶ added in v0.4.0
func (p DistroAdvisory) Format() string
Format the distro advisory information
type Exploit ¶ added in v0.6.0
type Exploit struct { ExploitType exploitmodels.ExploitType `json:"exploitType"` ID string `json:"id"` URL string `json:"url"` Description string `json:"description"` DocumentURL *string `json:"documentURL,omitempty"` ShellCodeURL *string `json:"shellCodeURL,omitempty"` BinaryURL *string `json:"binaryURL,omitempty"` }
Exploit :
type GitHubSecurityAlert ¶ added in v0.6.3
type GitHubSecurityAlert struct { PackageName string `json:"packageName"` FixedIn string `json:"fixedIn"` AffectedRange string `json:"affectedRange"` Dismissed bool `json:"dismissed"` DismissedAt time.Time `json:"dismissedAt"` DismissReason string `json:"dismissReason"` }
GitHubSecurityAlert has detected CVE-ID, PackageName, Status fetched via GitHub API
type GitHubSecurityAlerts ¶ added in v0.6.3
type GitHubSecurityAlerts []GitHubSecurityAlert
GitHubSecurityAlerts is a list of GitHubSecurityAlert
func (GitHubSecurityAlerts) Add ¶ added in v0.6.3
func (g GitHubSecurityAlerts) Add(alert GitHubSecurityAlert) GitHubSecurityAlerts
Add adds given arg to the slice and return the slice (immutable)
func (GitHubSecurityAlerts) Names ¶ added in v0.7.0
func (g GitHubSecurityAlerts) Names() (names []string)
Names return a slice of lib names
type Kernel ¶ added in v0.4.0
type Kernel struct { Release string `json:"release"` Version string `json:"version"` RebootRequired bool `json:"rebootRequired"` }
Kernel has the Release, version and whether need restart
type LibraryFixedIn ¶ added in v0.8.0
type LibraryFixedIn struct { Key string `json:"key,omitempty"` Name string `json:"name,omitempty"` FixedIn string `json:"fixedIn,omitempty"` Path string `json:"path,omitempty"` }
LibraryFixedIn has library fixed information
type LibraryFixedIns ¶ added in v0.8.0
type LibraryFixedIns []LibraryFixedIn
LibraryFixedIns is a list of Library's FixedIn
func (LibraryFixedIns) Names ¶ added in v0.9.5
func (lfs LibraryFixedIns) Names() (names []string)
Names return a slice of names
type LibraryScanner ¶ added in v0.8.0
LibraryScanner has libraries information
func (LibraryScanner) GetLibraryKey ¶ added in v0.8.0
func (s LibraryScanner) GetLibraryKey() string
GetLibraryKey returns target library key
func (LibraryScanner) Scan ¶ added in v0.8.0
func (s LibraryScanner) Scan() ([]VulnInfo, error)
Scan : scan target library
type LibraryScanners ¶ added in v0.9.5
type LibraryScanners []LibraryScanner
LibraryScanners is an array of LibraryScanner
type NeedRestartProcess ¶ added in v0.5.0
type NeedRestartProcess struct { PID string `json:"pid"` Path string `json:"path"` ServiceName string `json:"serviceName"` InitSystem string `json:"initSystem"` HasInit bool `json:"-"` }
NeedRestartProcess keep a processes information affected by software update
type Package ¶ added in v0.4.0
type Package struct { Name string `json:"name"` Version string `json:"version"` Release string `json:"release"` NewVersion string `json:"newVersion"` NewRelease string `json:"newRelease"` Arch string `json:"arch"` Repository string `json:"repository"` Changelog Changelog `json:"changelog"` AffectedProcs []AffectedProcess `json:",omitempty"` NeedRestartProcs []NeedRestartProcess `json:",omitempty"` }
Package has installed binary packages.
func (Package) FQPN ¶ added in v0.5.0
FQPN returns Fully-Qualified-Package-Name name-version-release.arch
func (Package) FormatChangelog ¶ added in v0.4.0
FormatChangelog formats the changelog
func (Package) FormatNewVer ¶ added in v0.4.0
FormatNewVer returns package version-release
func (Package) FormatVersionFromTo ¶ added in v0.4.0
func (p Package) FormatVersionFromTo(stat PackageFixStatus) string
FormatVersionFromTo formats installed and new package version
type PackageFixStatus ¶ added in v0.7.0
type PackageFixStatus struct { Name string `json:"name,omitempty"` NotFixedYet bool `json:"notFixedYet,omitempty"` FixState string `json:"fixState,omitempty"` FixedIn string `json:"fixedIn,omitempty"` }
PackageFixStatus has name and other status abount the package
type PackageFixStatuses ¶ added in v0.7.0
type PackageFixStatuses []PackageFixStatus
PackageFixStatuses is a list of PackageStatus
func (PackageFixStatuses) Names ¶ added in v0.7.0
func (ps PackageFixStatuses) Names() (names []string)
Names return a slice of package names
func (PackageFixStatuses) Store ¶ added in v0.7.0
func (ps PackageFixStatuses) Store(pkg PackageFixStatus) PackageFixStatuses
Store insert given pkg if missing, update pkg if exists
type Packages ¶ added in v0.4.0
Packages is Map of Package { "package-name": Package }
func NewPackages ¶ added in v0.4.0
NewPackages create Packages
func (Packages) FindByFQPN ¶ added in v0.5.0
FindByFQPN search a package by Fully-Qualified-Package-Name
func (Packages) MergeNewVersion ¶ added in v0.4.0
MergeNewVersion merges candidate version information to the receiver struct
type Platform ¶ added in v0.1.5
type Platform struct { Name string `json:"name"` // aws or azure or gcp or other... InstanceID string `json:"instanceID"` }
Platform has platform information
type Reference ¶ added in v0.4.0
type Reference struct { Source string `json:"source"` Link string `json:"link"` RefID string `json:"refID"` }
Reference has a related link of the CVE
type ScanResult ¶
type ScanResult struct { JSONVersion int `json:"jsonVersion"` Lang string `json:"lang"` ServerUUID string `json:"serverUUID"` ServerName string `json:"serverName"` // TOML Section key Family string `json:"family"` Release string `json:"release"` Container Container `json:"container"` Platform Platform `json:"platform"` IPv4Addrs []string `json:"ipv4Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast) IPv6Addrs []string `json:"ipv6Addrs,omitempty"` // only global unicast address (https://golang.org/pkg/net/#IP.IsGlobalUnicast) IPSIdentifiers map[config.IPS]string `json:"ipsIdentifiers,omitempty"` ScannedAt time.Time `json:"scannedAt"` ScanMode string `json:"scanMode"` ScannedVersion string `json:"scannedVersion"` ScannedRevision string `json:"scannedRevision"` ScannedBy string `json:"scannedBy"` ScannedVia string `json:"scannedVia"` ScannedIPv4Addrs []string `json:"scannedIpv4Addrs,omitempty"` ScannedIPv6Addrs []string `json:"scannedIpv6Addrs,omitempty"` ReportedAt time.Time `json:"reportedAt"` ReportedVersion string `json:"reportedVersion"` ReportedRevision string `json:"reportedRevision"` ReportedBy string `json:"reportedBy"` Errors []string `json:"errors"` Warnings []string `json:"warnings"` ScannedCves VulnInfos `json:"scannedCves"` RunningKernel Kernel `json:"runningKernel"` Packages Packages `json:"packages"` SrcPackages SrcPackages `json:",omitempty"` WordPressPackages *WordPressPackages `json:",omitempty"` LibraryScanners LibraryScanners `json:"libraries,omitempty"` CweDict CweDict `json:"cweDict,omitempty"` Optional map[string]interface{} `json:",omitempty"` Config struct { Scan config.Config `json:"scan"` Report config.Config `json:"report"` } `json:"config"` }
ScanResult has the result of scanned CVE information.
func (ScanResult) FilterByCvssOver ¶ added in v0.2.0
func (r ScanResult) FilterByCvssOver(over float64) ScanResult
FilterByCvssOver is filter function.
func (ScanResult) FilterIgnoreCves ¶ added in v0.4.0
func (r ScanResult) FilterIgnoreCves() ScanResult
FilterIgnoreCves is filter function.
func (ScanResult) FilterIgnorePkgs ¶ added in v0.5.0
func (r ScanResult) FilterIgnorePkgs() ScanResult
FilterIgnorePkgs is filter function.
func (ScanResult) FilterInactiveWordPressLibs ¶ added in v0.7.0
func (r ScanResult) FilterInactiveWordPressLibs() ScanResult
FilterInactiveWordPressLibs is filter function.
func (ScanResult) FilterUnfixed ¶ added in v0.4.1
func (r ScanResult) FilterUnfixed() ScanResult
FilterUnfixed is filter function.
func (ScanResult) FormatAlertSummary ¶ added in v0.6.2
func (r ScanResult) FormatAlertSummary() string
FormatAlertSummary returns a summary of XCERT alerts
func (ScanResult) FormatExploitCveSummary ¶ added in v0.6.0
func (r ScanResult) FormatExploitCveSummary() string
FormatExploitCveSummary returns a summary of exploit cve
func (ScanResult) FormatServerName ¶ added in v0.3.0
func (r ScanResult) FormatServerName() (name string)
FormatServerName returns server and container name
func (ScanResult) FormatTextReportHeadedr ¶ added in v0.4.0
func (r ScanResult) FormatTextReportHeadedr() string
FormatTextReportHeadedr returns header of text report
func (ScanResult) FormatUpdatablePacksSummary ¶ added in v0.5.0
func (r ScanResult) FormatUpdatablePacksSummary() string
FormatUpdatablePacksSummary returns a summary of updatable packages
func (ScanResult) IsContainer ¶ added in v0.5.0
func (r ScanResult) IsContainer() bool
IsContainer returns whether this ServerInfo is about container
func (ScanResult) IsDeepScanMode ¶ added in v0.5.0
func (r ScanResult) IsDeepScanMode() bool
IsDeepScanMode checks if the scan mode is deep scan mode.
func (ScanResult) ReportFileName ¶ added in v0.2.0
func (r ScanResult) ReportFileName() (name string)
ReportFileName returns the filename on localhost without extension
func (ScanResult) ReportKeyName ¶ added in v0.2.0
func (r ScanResult) ReportKeyName() (name string)
ReportKeyName returns the name of key on S3, Azure-Blob without extension
func (ScanResult) ServerInfo ¶ added in v0.1.4
func (r ScanResult) ServerInfo() string
ServerInfo returns server name one line
func (ScanResult) ServerInfoTui ¶ added in v0.1.4
func (r ScanResult) ServerInfoTui() string
ServerInfoTui returns server information for TUI sidebar
type SrcPackage ¶ added in v0.4.1
type SrcPackage struct { Name string `json:"name"` Version string `json:"version"` Arch string `json:"arch"` BinaryNames []string `json:"binaryNames"` }
SrcPackage has installed source package information. Debian based Linux has both of package and source information in dpkg. OVAL database often includes a source version (Not a binary version), so it is also needed to capture source version for OVAL version comparison. https://github.com/future-architect/vuls/issues/504
func (*SrcPackage) AddBinaryName ¶ added in v0.4.1
func (s *SrcPackage) AddBinaryName(name string)
AddBinaryName add the name if not exists
type SrcPackages ¶ added in v0.4.1
type SrcPackages map[string]SrcPackage
SrcPackages is Map of SrcPackage { "package-name": SrcPackage }
func (SrcPackages) FindByBinName ¶ added in v0.5.0
func (s SrcPackages) FindByBinName(name string) (*SrcPackage, bool)
FindByBinName finds by bin-package-name
type VulnInfo ¶ added in v0.2.0
type VulnInfo struct { CveID string `json:"cveID,omitempty"` Confidences Confidences `json:"confidences,omitempty"` AffectedPackages PackageFixStatuses `json:"affectedPackages,omitempty"` DistroAdvisories DistroAdvisories `json:"distroAdvisories,omitempty"` // for Aamazon, RHEL, FreeBSD CveContents CveContents `json:"cveContents,omitempty"` Exploits []Exploit `json:"exploits,omitempty"` AlertDict AlertDict `json:"alertDict,omitempty"` CpeURIs []string `json:"cpeURIs,omitempty"` // CpeURIs related to this CVE defined in config.toml GitHubSecurityAlerts GitHubSecurityAlerts `json:"gitHubSecurityAlerts,omitempty"` WpPackageFixStats WpPackageFixStats `json:"wpPackageFixStats,omitempty"` LibraryFixedIns LibraryFixedIns `json:"libraryFixedIns,omitempty"` VulnType string `json:"vulnType,omitempty"` }
VulnInfo has a vulnerability information and unsecure packages
func (VulnInfo) AttackVector ¶ added in v0.5.0
AttackVector returns attack vector string
func (VulnInfo) Cvss2CalcURL ¶ added in v0.4.0
Cvss2CalcURL returns CVSS v2 caluclator's URL
func (VulnInfo) Cvss2Scores ¶ added in v0.4.0
func (v VulnInfo) Cvss2Scores(myFamily string) (values []CveContentCvss)
Cvss2Scores returns CVSS V2 Scores
func (VulnInfo) Cvss3CalcURL ¶ added in v0.4.0
Cvss3CalcURL returns CVSS v3 caluclator's URL
func (VulnInfo) Cvss3Scores ¶ added in v0.4.0
func (v VulnInfo) Cvss3Scores() (values []CveContentCvss)
Cvss3Scores returns CVSS V3 Score
func (VulnInfo) FormatMaxCvssScore ¶ added in v0.4.0
FormatMaxCvssScore returns Max CVSS Score
func (VulnInfo) MaxCvss2Score ¶ added in v0.4.0
func (v VulnInfo) MaxCvss2Score() CveContentCvss
MaxCvss2Score returns Max CVSS V2 Score
func (VulnInfo) MaxCvss3Score ¶ added in v0.4.0
func (v VulnInfo) MaxCvss3Score() CveContentCvss
MaxCvss3Score returns Max CVSS V3 Score
func (VulnInfo) MaxCvssScore ¶ added in v0.4.0
func (v VulnInfo) MaxCvssScore() CveContentCvss
MaxCvssScore returns max CVSS Score If there is no CVSS Score, return Severity as a numerical value.
func (VulnInfo) Mitigations ¶ added in v0.5.0
func (v VulnInfo) Mitigations(myFamily string) (values []CveContentStr)
Mitigations returns mitigations
func (VulnInfo) PatchStatus ¶ added in v0.5.0
PatchStatus returns fixed or unfixed string
func (VulnInfo) Summaries ¶ added in v0.4.0
func (v VulnInfo) Summaries(lang, myFamily string) (values []CveContentStr)
Summaries returns summaries
func (VulnInfo) Titles ¶ added in v0.4.0
func (v VulnInfo) Titles(lang, myFamily string) (values []CveContentStr)
Titles returns tilte (TUI)
type VulnInfos ¶ added in v0.2.0
VulnInfos has a map of VulnInfo Key: CveID
func (VulnInfos) CountGroupBySeverity ¶ added in v0.4.0
CountGroupBySeverity summarize the number of CVEs group by CVSSv2 Severity
func (VulnInfos) FindScoredVulns ¶ added in v0.4.0
FindScoredVulns return scored vulnerabilities
func (VulnInfos) FormatCveSummary ¶ added in v0.4.0
FormatCveSummary summarize the number of CVEs group by CVSSv2 Severity
func (VulnInfos) FormatFixedStatus ¶ added in v0.5.0
FormatFixedStatus summarize the number of cves are fixed.
func (VulnInfos) ToSortedSlice ¶ added in v0.4.0
ToSortedSlice returns slice of VulnInfos that is sorted by Score, CVE-ID
type WordPressPackages ¶ added in v0.7.0
type WordPressPackages []WpPackage
WordPressPackages has Core version, plugins and themes.
func (WordPressPackages) CoreVersion ¶ added in v0.7.0
func (w WordPressPackages) CoreVersion() string
CoreVersion returns the core version of the installed WordPress
func (WordPressPackages) Find ¶ added in v0.7.0
func (w WordPressPackages) Find(name string) (ps *WpPackage, found bool)
Find searches by specified name
func (WordPressPackages) Plugins ¶ added in v0.7.0
func (w WordPressPackages) Plugins() (ps []WpPackage)
Plugins returns a slice of plugins of the installed WordPress
func (WordPressPackages) Themes ¶ added in v0.7.0
func (w WordPressPackages) Themes() (ps []WpPackage)
Themes returns a slice of themes of the installed WordPress
type WpPackage ¶ added in v0.7.0
type WpPackage struct { Name string `json:"name,omitempty"` Status string `json:"status,omitempty"` // active, inactive or must-use Update string `json:"update,omitempty"` // available or none Version string `json:"version,omitempty"` Type string `json:"type,omitempty"` // core, plugin, theme }
WpPackage has a details of plugin and theme
type WpPackageFixStats ¶ added in v0.7.0
type WpPackageFixStats []WpPackageFixStatus
WpPackageFixStats is a list of WpPackageFixStatus
func (WpPackageFixStats) Names ¶ added in v0.7.0
func (ws WpPackageFixStats) Names() (names []string)
Names return a slice of names
type WpPackageFixStatus ¶ added in v0.7.0
type WpPackageFixStatus struct { Name string `json:"name,omitempty"` FixedIn string `json:"fixedIn,omitempty"` }
WpPackageFixStatus is used in Vulninfo.WordPress
type WpPackages ¶ added in v0.7.0
type WpPackages []WpPackage
WpPackages has a list of WpPackage
func (WpPackages) Add ¶ added in v0.7.0
func (g WpPackages) Add(pkg WpPackage) WpPackages
Add adds given arg to the slice and return the slice (immutable)