vulns

package
v0.0.0-...-bd0df63 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const CVEListBasePath = "cves"

Variables

View Source 
var ErrVulnNotACVE = errors.New("not a CVE")

Functions

func CVE5timestampToRFC3339 

func CVE5timestampToRFC3339(timestamp string) (string, error)

func CVEIsDisputed 

func CVEIsDisputed(v *Vulnerability, cveList string) (modified string, e error)

CVEIsDisputed will return if the underlying CVE is disputed. It returns the CVE's CNA container's dateUpdated value if it is disputed. This can be used to set the Withdrawn field. It consults a local clone of https://github.com/CVEProject/cvelistV5 found in the location specified by cveList 

func ClassifyReferenceLink(link string, tag string) string

Types

type Affected 

type Affected struct {
	Package           *AffectedPackage  `json:"package,omitempty"`
	Ranges            []AffectedRange   `json:"ranges" yaml:"ranges"`
	Versions          []string          `json:"versions,omitempty" yaml:"versions,omitempty"`
	EcosystemSpecific map[string]string `json:"ecosystem_specific,omitempty" yaml:"ecosystem_specific,omitempty"`
}

func (*Affected) AttachExtractedVersionInfo 

func (affected *Affected) AttachExtractedVersionInfo(version cves.VersionInfo)

AttachExtractedVersionInfo converts the cves.VersionInfo struct to OSV GIT and ECOSYSTEM AffectedRanges and AffectedPackage.

type AffectedPackage 

type AffectedPackage struct {
	Name      string `json:"name,omitempty" yaml:"name"`
	Ecosystem string `json:"ecosystem,omitempty" yaml:"ecosystem"`
	Purl      string `json:"purl,omitempty" yaml:"purl,omitempty"`
}

type AffectedRange 

type AffectedRange struct {
	Type   string  `json:"type" yaml:"type"`
	Repo   string  `json:"repo,omitempty" yaml:"repo,omitempty"`
	Events []Event `json:"events" yaml:"events"`
}

type Event 

type Event struct {
	Introduced   string `json:"introduced,omitempty" yaml:"introduced,omitempty"`
	Fixed        string `json:"fixed,omitempty" yaml:"fixed,omitempty"`
	Limit        string `json:"limit,omitempty" yaml:"limit,omitempty"`
	LastAffected string `json:"last_affected,omitempty" yaml:"last_affected,omitempty"`
}

type PackageInfo 

type PackageInfo struct {
	PkgName           string            `json:"pkg_name,omitempty" yaml:"pkg_name,omitempty"`
	Ecosystem         string            `json:"ecosystem,omitempty" yaml:"ecosystem,omitempty"`
	PURL              string            `json:"purl,omitempty" yaml:"purl,omitempty"`
	VersionInfo       cves.VersionInfo  `json:"fixed_version,omitempty" yaml:"fixed_version,omitempty"`
	EcosystemSpecific map[string]string `json:"ecosystem_specific,omitempty" yaml:"ecosystem_specific,omitempty"`
}

PackageInfo is an intermediate struct to ease generating Vulnerability structs.

func (*PackageInfo) ToJSON 

func (pi *PackageInfo) ToJSON(w io.Writer) error

type Reference 

type Reference struct {
	Type string `json:"type" yaml:"type"`
	URL  string `json:"url" yaml:"url"`
}

type References 

type References []Reference

func ClassifyReferences 

func ClassifyReferences(refs []cves.Reference) (references References)

Annotates reference links based on their tags or the shape of them.

func (References) Len 

func (r References) Len() int

func (References) Less 

func (r References) Less(i, j int) bool

func (References) Swap 

func (r References) Swap(i, j int)

type Severity 

type Severity struct {
	Type  string `json:"type" yaml:"type"`
	Score string `json:"score" yaml:"score"`
}

type Vulnerability 

type Vulnerability struct {
	ID         string      `json:"id" yaml:"id"`
	Withdrawn  string      `json:"withdrawn,omitempty" yaml:"withdrawn,omitempty"`
	Summary    string      `json:"summary,omitempty" yaml:"summary,omitempty"`
	Severity   []Severity  `json:"severity,omitempty" yaml:"severity,omitempty"`
	Details    string      `json:"details" yaml:"details"`
	Affected   []Affected  `json:"affected" yaml:"affected"`
	References []Reference `json:"references" yaml:"references"`
	Aliases    []string    `json:"aliases,omitempty" yaml:"aliases,omitempty"`
	Modified   string      `json:"modified" yaml:"modified"`
	Published  string      `json:"published" yaml:"published"`
}

func FromCVE 

func FromCVE(id cves.CVEID, cve cves.CVE) (*Vulnerability, []string)

FromCVE creates a minimal OSV object from a given CVEItem and id. Leaves affected and version fields empty to be filled in later with AddPkgInfo

func FromJSON 

func FromJSON(r io.Reader) (*Vulnerability, error)

func FromYAML 

func FromYAML(r io.Reader) (*Vulnerability, error)

func (*Vulnerability) AddPkgInfo 

func (v *Vulnerability) AddPkgInfo(pkgInfo PackageInfo)

AddPkgInfo converts a PackageInfo struct to the corresponding AffectedRanges and adds them to the OSV vulnerability object.

func (*Vulnerability) AddSeverity 

func (v *Vulnerability) AddSeverity(CVEImpact *cves.CVEItemMetrics)

AddSeverity adds CVSS3 severity information to the OSV vulnerability object. It uses the highest available CVSS 3.x Primary score from the underlying CVE record.

func (*Vulnerability) ToJSON 

func (v *Vulnerability) ToJSON(w io.Writer) error

func (*Vulnerability) ToYAML 

func (v *Vulnerability) ToYAML(w io.Writer) error

type VulnsCVEListError 

type VulnsCVEListError struct {
	URL string
	Err error
}

func (*VulnsCVEListError) Error 

func (e *VulnsCVEListError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.