Documentation ¶
Index ¶
- Constants
- Variables
- func CVE5timestampToRFC3339(timestamp string) (string, error)
- func CVEIsDisputed(v *Vulnerability, cveList string) (modified string, e error)
- func ClassifyReferenceLink(link string, tag string) string
- type Affected
- type AffectedPackage
- type AffectedRange
- type Event
- type PackageInfo
- type Reference
- type References
- type Severity
- type Vulnerability
- type VulnsCVEListError
Constants ¶
const CVEListBasePath = "cves"
Variables ¶
var ErrVulnNotACVE = errors.New("not a CVE")
Functions ¶
func CVE5timestampToRFC3339 ¶
func CVEIsDisputed ¶
func CVEIsDisputed(v *Vulnerability, cveList string) (modified string, e error)
CVEIsDisputed will return if the underlying CVE is disputed. It returns the CVE's CNA container's dateUpdated value if it is disputed. This can be used to set the Withdrawn field. It consults a local clone of https://github.com/CVEProject/cvelistV5 found in the location specified by cveList
func ClassifyReferenceLink ¶
Types ¶
type Affected ¶
type Affected struct { Package *AffectedPackage `json:"package,omitempty"` Ranges []AffectedRange `json:"ranges" yaml:"ranges"` Versions []string `json:"versions,omitempty" yaml:"versions,omitempty"` EcosystemSpecific map[string]string `json:"ecosystem_specific,omitempty" yaml:"ecosystem_specific,omitempty"` }
func (*Affected) AttachExtractedVersionInfo ¶
func (affected *Affected) AttachExtractedVersionInfo(version cves.VersionInfo)
AttachExtractedVersionInfo converts the cves.VersionInfo struct to OSV GIT and ECOSYSTEM AffectedRanges and AffectedPackage.
type AffectedPackage ¶
type AffectedRange ¶
type Event ¶
type Event struct { Introduced string `json:"introduced,omitempty" yaml:"introduced,omitempty"` Fixed string `json:"fixed,omitempty" yaml:"fixed,omitempty"` Limit string `json:"limit,omitempty" yaml:"limit,omitempty"` LastAffected string `json:"last_affected,omitempty" yaml:"last_affected,omitempty"` }
type PackageInfo ¶
type PackageInfo struct { PkgName string `json:"pkg_name,omitempty" yaml:"pkg_name,omitempty"` Ecosystem string `json:"ecosystem,omitempty" yaml:"ecosystem,omitempty"` PURL string `json:"purl,omitempty" yaml:"purl,omitempty"` VersionInfo cves.VersionInfo `json:"fixed_version,omitempty" yaml:"fixed_version,omitempty"` EcosystemSpecific map[string]string `json:"ecosystem_specific,omitempty" yaml:"ecosystem_specific,omitempty"` }
PackageInfo is an intermediate struct to ease generating Vulnerability structs.
type References ¶
type References []Reference
func ClassifyReferences ¶
func ClassifyReferences(refs []cves.Reference) (references References)
Annotates reference links based on their tags or the shape of them.
func (References) Len ¶
func (r References) Len() int
func (References) Less ¶
func (r References) Less(i, j int) bool
func (References) Swap ¶
func (r References) Swap(i, j int)
type Vulnerability ¶
type Vulnerability struct { ID string `json:"id" yaml:"id"` Withdrawn string `json:"withdrawn,omitempty" yaml:"withdrawn,omitempty"` Summary string `json:"summary,omitempty" yaml:"summary,omitempty"` Severity []Severity `json:"severity,omitempty" yaml:"severity,omitempty"` Details string `json:"details" yaml:"details"` Affected []Affected `json:"affected" yaml:"affected"` References []Reference `json:"references" yaml:"references"` Aliases []string `json:"aliases,omitempty" yaml:"aliases,omitempty"` Modified string `json:"modified" yaml:"modified"` Published string `json:"published" yaml:"published"` }
func FromCVE ¶
FromCVE creates a minimal OSV object from a given CVEItem and id. Leaves affected and version fields empty to be filled in later with AddPkgInfo
func (*Vulnerability) AddPkgInfo ¶
func (v *Vulnerability) AddPkgInfo(pkgInfo PackageInfo)
AddPkgInfo converts a PackageInfo struct to the corresponding AffectedRanges and adds them to the OSV vulnerability object.
func (*Vulnerability) AddSeverity ¶
func (v *Vulnerability) AddSeverity(CVEImpact *cves.CVEItemMetrics)
AddSeverity adds CVSS3 severity information to the OSV vulnerability object. It uses the highest available CVSS 3.x Primary score from the underlying CVE record.
type VulnsCVEListError ¶
func (*VulnsCVEListError) Error ¶
func (e *VulnsCVEListError) Error() string