results

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: Apache-2.0 Imports: 21 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	RootIndex                  = 0
	DirectDependencyIndex      = 1
	DirectDependencyPathLength = 2
)

Variables

View Source 
var (
	ErrResetConvertor    = fmt.Errorf("reset must be called before parsing new scan results metadata")
	ErrNoTargetConvertor = fmt.Errorf("ParseNewTargetResults must be called before starting to parse issues")
)

Functions

func AppendUniqueImpactPaths 

func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, multipleRoots bool) [][]services.ImpactPathNode

appendImpactPathsWithoutDuplicates appends the elements of a source [][]ImpactPathNode struct to a target [][]ImpactPathNode, without adding any duplicate elements. This implementation uses the ComponentId field of the ImpactPathNode struct to check for duplicates, as it is guaranteed to be unique.

func AppendUniqueImpactPathsForMultipleRoots 

func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode

AppendUniqueImpactPathsForMultipleRoots appends the source impact path to the target impact path while avoiding duplicates. Specifically, it is designed for handling multiple root projects, such as Maven or Gradle, by comparing each pair of paths and identifying the path that is closest to the direct dependency.

func ApplyHandlerToJasIssues added in v1.14.0 

func ApplyHandlerToJasIssues(runs []*sarif.Run, entitledForJas bool, handler ParseJasFunc) error

Allows to iterate over the provided SARIF runs and call the provided handler for each issue to process it.

func ApplyHandlerToLicenses added in v1.14.0 

func ApplyHandlerToLicenses(target ScanTarget, licenses []services.License, handler ParseLicensesFunc) error

ApplyHandlerToLicenses allows to iterate over the provided licenses and call the provided handler for each component/package with a license to process it.

func ApplyHandlerToScaViolations added in v1.14.0 

func ApplyHandlerToScaViolations(target ScanTarget, violations []services.Violation, entitledForJas bool, applicabilityRuns []*sarif.Run, securityHandler ParseScaViolationFunc, licenseHandler ParseScaViolationFunc, operationalRiskHandler ParseScaViolationFunc) (watches []string, failBuild bool, err error)

Allows to iterate over the provided SCA violations and call the provided handler for each impacted component/package with a violation to process it.

func ApplyHandlerToScaVulnerabilities added in v1.14.0 

func ApplyHandlerToScaVulnerabilities(target ScanTarget, vulnerabilities []services.Vulnerability, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseScaVulnerabilityFunc) error

ApplyHandlerToScaVulnerabilities allows to iterate over the provided SCA security vulnerabilities and call the provided handler for each impacted component/package with a vulnerability to process it.

func CheckIfFailBuild 

func CheckIfFailBuild(results []services.ScanResponse) bool

In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned.

func ConvertCvesWithApplicability 

func ConvertCvesWithApplicability(cves []services.Cve, entitledForJas bool, applicabilityRuns []*sarif.Run, components map[string]services.Component) (convertedCves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus)

func ConvertPolicesToString added in v1.14.0 

func ConvertPolicesToString(policies []services.Policy) []string

func FindMaxCVEScore 

func FindMaxCVEScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cves []formats.CveRow) (string, error)

FindMaxCVEScore returns the maximum CVSS score of the given CVEs or score based on severity and applicability status if not exists.

func GetApplicableCveStatus 

func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sarif.Run, cves []formats.CveRow) jasutils.ApplicabilityStatus

func GetCveApplicabilityField 

func GetCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Run, components map[string]services.Component) *formats.Applicability

func GetCveScore 

func GetCveScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cve formats.CveRow) (float32, error)

GetCveScore returns the CVSS score of the given CVE or score based on severity and applicability status if not exists.

func GetDependencyId 

func GetDependencyId(depName, version string) string

func GetIssueIdentifier 

func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string, delimiter string) string

func GetIssueTechnology added in v1.14.0 

func GetIssueTechnology(responseTechnology string, targetTech techutils.Technology) techutils.Technology

Resolve the actual technology from multiple sources:

func GetResultPropertyMetadata 

func GetResultPropertyMetadata(result *sarif.Result) string

func GetResultPropertyTokenValidation 

func GetResultPropertyTokenValidation(result *sarif.Result) string

func GetRuleUndeterminedReason 

func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string

func GetScaIssueId 

func GetScaIssueId(depName, version, issueId string) string

func GetUniqueKey 

func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string

GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"

func GetViolatedLicenses 

func GetViolatedLicenses(allowedLicenses []string, licenses []services.License) (violatedLicenses []services.Violation)

func NewFailBuildError 

func NewFailBuildError() error

func ScanResultsToRuns added in v1.14.0 

func ScanResultsToRuns(results []ScanResult[[]*sarif.Run]) (runs []*sarif.Run)

func SplitComponents 

func SplitComponents(target string, impactedPackages map[string]services.Component) (impactedPackagesNames, impactedPackagesVersions, impactedPackagesTypes []string, fixedVersions [][]string, directComponents [][]formats.ComponentRow, impactPaths [][][]formats.ComponentRow, err error)

Types

type JasScanResults added in v1.14.0 

type JasScanResults struct {
	SecretsScanResults []ScanResult[[]*sarif.Run] `json:"secrets,omitempty"`
	IacScanResults     []ScanResult[[]*sarif.Run] `json:"iac,omitempty"`
	SastScanResults    []ScanResult[[]*sarif.Run] `json:"sast,omitempty"`
}

type JasScansResults 

type JasScansResults struct {
	JasVulnerabilities       JasScanResults             `json:"jas_vulnerabilities,omitempty"`
	JasViolations            JasScanResults             `json:"jas_violations,omitempty"`
	ApplicabilityScanResults []ScanResult[[]*sarif.Run] `json:"contextual_analysis,omitempty"`
}

func (*JasScansResults) AddApplicabilityScanResults added in v1.14.0 

func (jsr *JasScansResults) AddApplicabilityScanResults(exitCode int, runs ...*sarif.Run)

func (*JasScansResults) AddJasScanResults added in v1.14.0 

func (jsr *JasScansResults) AddJasScanResults(scanType jasutils.JasScanType, vulnerabilitiesRuns []*sarif.Run, violationsRuns []*sarif.Run, exitCode int)

func (*JasScansResults) GetApplicabilityScanResults added in v1.14.0 

func (jsr *JasScansResults) GetApplicabilityScanResults() (results []*sarif.Run)

func (*JasScansResults) GetViolationsResults added in v1.14.0 

func (jsr *JasScansResults) GetViolationsResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) GetVulnerabilitiesResults added in v1.14.0 

func (jsr *JasScansResults) GetVulnerabilitiesResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) HasFindings 

func (jsr *JasScansResults) HasFindings() bool

func (*JasScansResults) HasFindingsByType 

func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool

func (*JasScansResults) HasInformation 

func (jsr *JasScansResults) HasInformation() bool

func (*JasScansResults) HasInformationByType 

func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool

type ParseJasFunc 

type ParseJasFunc func(run *sarif.Run, rule *sarif.ReportingDescriptor, severity severityutils.Severity, result *sarif.Result, location *sarif.Location) error

type ParseLicensesFunc 

type ParseLicensesFunc func(license services.License, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaViolationFunc 

type ParseScaViolationFunc func(violation services.Violation, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaVulnerabilityFunc 

type ParseScaVulnerabilityFunc func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ResultContext added in v1.14.0 

type ResultContext struct {
	// If watches are provided, the scan will be performed only with the provided watches.
	Watches []string `json:"watches,omitempty"`
	// (Resource) If repo_path is provided, the scan will be performed on the repository's watches.
	RepoPath string `json:"repo_path,omitempty"`
	// (Resource) If projectKey is provided we will fetch the watches defined on the project.
	ProjectKey string `json:"project_key,omitempty"`
	// (Resource) If gitRepository is provided we will fetch the watches defined on the git repository.
	GitRepoHttpsCloneUrl string `json:"git_repo_key,omitempty"`
	// If non of the above is provided or requested, the results will include vulnerabilities
	IncludeVulnerabilities bool `json:"include_vulnerabilities"`
	// If requested, the results will include licenses
	IncludeLicenses bool `json:"include_licenses"`
	// The active watches defined on the project_key and git_repository values above that were fetched from the platform
	PlatformWatches *xrayApi.ResourcesWatchesBody `json:"platform_watches,omitempty"`
}

We have three types of results: vulnerabilities, violations and licenses. If the user provides a violation context (watches, repo_path, project_key, git_repo_key) the results will only include violations. If the user provides a violation context and requests vulnerabilities, the results will include both vulnerabilities and violations. If the user doesn't provide a violation context, the results will include vulnerabilities. Only one (Resource) field can be provided at a time. License information can be provided in all cases if requested.

func (*ResultContext) HasViolationContext added in v1.14.0 

func (rc *ResultContext) HasViolationContext() bool

type ScaScanResults 

type ScaScanResults struct {
	IsMultipleRootProject *bool `json:"is_multiple_root_project,omitempty"`
	// Target of the scan
	Descriptors []string `json:"descriptors,omitempty"`
	// Sca scan results
	XrayResults []ScanResult[services.ScanResponse] `json:"xray_scan,omitempty"`
}

func (*ScaScanResults) HasFindings 

func (ssr *ScaScanResults) HasFindings() bool

func (*ScaScanResults) HasInformation 

func (ssr *ScaScanResults) HasInformation() bool

type ScanResult added in v1.14.0 

type ScanResult[T interface{}] struct {
	Scan       T   `json:"scan"`
	StatusCode int `json:"status_code,omitempty"`
}

func (*ScanResult[T]) IsScanFailed added in v1.14.0 

func (sr *ScanResult[T]) IsScanFailed() bool

type ScanTarget 

type ScanTarget struct {
	// Physical location of the target: Working directory (audit) / binary to scan (scan / docker scan)
	Target string `json:"target,omitempty"`
	// Logical name of the target (build name / module name / docker image name...)
	Name string `json:"name,omitempty"`
	// Optional field (not used only in build scan) to provide the technology of the target
	Technology techutils.Technology `json:"technology,omitempty"`
}

func (ScanTarget) Copy 

func (st ScanTarget) Copy(newTarget string) ScanTarget

func (ScanTarget) String 

func (st ScanTarget) String() (str string)

type SecurityCommandResults 

type SecurityCommandResults struct {
	// General fields describing the command metadata
	XrayVersion      string            `json:"xray_version"`
	XscVersion       string            `json:"xsc_version,omitempty"`
	EntitledForJas   bool              `json:"jas_entitled"`
	SecretValidation bool              `json:"secret_validation,omitempty"`
	CmdType          utils.CommandType `json:"command_type"`
	ResultContext    ResultContext     `json:"result_context,omitempty"`
	StartTime        time.Time         `json:"start_time"`
	// MultiScanId is a unique identifier that is used to group multiple scans together.
	MultiScanId string `json:"multi_scan_id,omitempty"`
	// Results for each target in the command
	Targets []*TargetResults `json:"targets"`

	// GeneralError that occurred during the command execution
	GeneralError error `json:"general_error,omitempty"`
	// contains filtered or unexported fields
}

SecurityCommandResults is a struct that holds the results of a security scan/audit command.

func NewCommandResults 

func NewCommandResults(cmdType utils.CommandType) *SecurityCommandResults

func (*SecurityCommandResults) AddGeneralError added in v1.12.4 

func (r *SecurityCommandResults) AddGeneralError(err error, allowSkippingError bool) *SecurityCommandResults

--- Aggregated results for all targets --- Adds a general error to the command results in different phases of its execution. Notice that in some usages we pass constant 'false' to the 'allowSkippingError' parameter in some places, where we wish to force propagation of the error when it occurs.

func (*SecurityCommandResults) GetErrors 

func (r *SecurityCommandResults) GetErrors() (err error)

func (*SecurityCommandResults) GetScaScansXrayResults 

func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*SecurityCommandResults) GetTargets added in v1.14.0 

func (r *SecurityCommandResults) GetTargets() (targets []ScanTarget)

func (*SecurityCommandResults) GetTargetsPaths 

func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)

func (*SecurityCommandResults) GetTechnologies 

func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology

func (*SecurityCommandResults) HasFindings 

func (r *SecurityCommandResults) HasFindings() bool

func (*SecurityCommandResults) HasInformation 

func (r *SecurityCommandResults) HasInformation() bool

func (*SecurityCommandResults) HasJasScansResults added in v1.14.0 

func (r *SecurityCommandResults) HasJasScansResults(scanType jasutils.JasScanType) bool

func (*SecurityCommandResults) HasMultipleTargets 

func (r *SecurityCommandResults) HasMultipleTargets() bool

In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan).

func (*SecurityCommandResults) HasViolationContext added in v1.14.0 

func (r *SecurityCommandResults) HasViolationContext() bool

Is the result includes violations

func (*SecurityCommandResults) IncludesLicenses added in v1.14.0 

func (r *SecurityCommandResults) IncludesLicenses() bool

Is the result includes licenses

func (*SecurityCommandResults) IncludesVulnerabilities added in v1.14.0 

func (r *SecurityCommandResults) IncludesVulnerabilities() bool

Is the result includes vulnerabilities

func (*SecurityCommandResults) NewScanResults 

func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults

func (*SecurityCommandResults) SetEntitledForJas added in v1.12.4 

func (r *SecurityCommandResults) SetEntitledForJas(entitledForJas bool) *SecurityCommandResults

func (*SecurityCommandResults) SetMultiScanId 

func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults

func (*SecurityCommandResults) SetResultsContext added in v1.14.0 

func (r *SecurityCommandResults) SetResultsContext(context ResultContext) *SecurityCommandResults

func (*SecurityCommandResults) SetSecretValidation added in v1.12.4 

func (r *SecurityCommandResults) SetSecretValidation(secretValidation bool) *SecurityCommandResults

func (*SecurityCommandResults) SetStartTime added in v1.13.2 

func (r *SecurityCommandResults) SetStartTime(startTime time.Time) *SecurityCommandResults

func (*SecurityCommandResults) SetXrayVersion added in v1.12.4 

func (r *SecurityCommandResults) SetXrayVersion(xrayVersion string) *SecurityCommandResults

func (*SecurityCommandResults) SetXscVersion added in v1.13.2 

func (r *SecurityCommandResults) SetXscVersion(xscVersion string) *SecurityCommandResults

type TargetResults 

type TargetResults struct {
	ScanTarget
	// All scan results for the target
	ScaResults *ScaScanResults  `json:"sca_scans,omitempty"`
	JasResults *JasScansResults `json:"jas_scans,omitempty"`
	// Errors that occurred during the scans
	Errors []error `json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func (*TargetResults) AddTargetError added in v1.12.4 

func (sr *TargetResults) AddTargetError(err error, allowSkippingError bool) error

func (*TargetResults) GetErrors 

func (sr *TargetResults) GetErrors() (err error)

func (*TargetResults) GetJasScansResults 

func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*TargetResults) GetScaScansXrayResults 

func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*TargetResults) GetScanIds 

func (sr *TargetResults) GetScanIds() []string

func (*TargetResults) GetTechnologies 

func (sr *TargetResults) GetTechnologies() []techutils.Technology

func (*TargetResults) GetWatches 

func (sr *TargetResults) GetWatches() []string

func (*TargetResults) HasFindings 

func (sr *TargetResults) HasFindings() bool

func (*TargetResults) HasInformation 

func (sr *TargetResults) HasInformation() bool

func (*TargetResults) HasJasScansResults added in v1.14.0 

func (sr *TargetResults) HasJasScansResults(scanType jasutils.JasScanType) bool

func (*TargetResults) NewScaScanResults 

func (sr *TargetResults) NewScaScanResults(errorCode int, responses ...services.ScanResponse) *ScaScanResults

func (*TargetResults) SetDescriptors 

func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults

Source Files

View all Source files

Directories

Path Synopsis
sarifparser
simplejsonparser
summaryparser
tableparser

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.