results

package
v1.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2024 License: Apache-2.0 Imports: 19 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	RootIndex                  = 0
	DirectDependencyIndex      = 1
	DirectDependencyPathLength = 2
)

Variables

View Source 
var (
	ErrResetConvertor    = fmt.Errorf("reset must be called before parsing new scan results metadata")
	ErrNoTargetConvertor = fmt.Errorf("ParseNewTargetResults must be called before starting to parse issues")
)

Functions

func AppendUniqueImpactPaths 

func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, multipleRoots bool) [][]services.ImpactPathNode

appendImpactPathsWithoutDuplicates appends the elements of a source [][]ImpactPathNode struct to a target [][]ImpactPathNode, without adding any duplicate elements. This implementation uses the ComponentId field of the ImpactPathNode struct to check for duplicates, as it is guaranteed to be unique.

func AppendUniqueImpactPathsForMultipleRoots 

func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode

AppendUniqueImpactPathsForMultipleRoots appends the source impact path to the target impact path while avoiding duplicates. Specifically, it is designed for handling multiple root projects, such as Maven or Gradle, by comparing each pair of paths and identifying the path that is closest to the direct dependency.

func CheckIfFailBuild 

func CheckIfFailBuild(results []services.ScanResponse) bool

In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned.

func ConvertCvesWithApplicability 

func ConvertCvesWithApplicability(cves []services.Cve, entitledForJas bool, applicabilityRuns []*sarif.Run, components map[string]services.Component) (convertedCves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus)

func FindMaxCVEScore 

func FindMaxCVEScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cves []formats.CveRow) (string, error)

FindMaxCVEScore returns the maximum CVSS score of the given CVEs or score based on severity and applicability status if not exists.

func GetApplicableCveStatus 

func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sarif.Run, cves []formats.CveRow) jasutils.ApplicabilityStatus

func GetCveApplicabilityField 

func GetCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Run, components map[string]services.Component) *formats.Applicability

func GetCveScore 

func GetCveScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cve formats.CveRow) (float32, error)

GetCveScore returns the CVSS score of the given CVE or score based on severity and applicability status if not exists.

func GetDependencyId 

func GetDependencyId(depName, version string) string

func GetIssueIdentifier 

func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string, delimiter string) string

func GetResultPropertyMetadata 

func GetResultPropertyMetadata(result *sarif.Result) string

func GetResultPropertyTokenValidation 

func GetResultPropertyTokenValidation(result *sarif.Result) string

func GetRuleUndeterminedReason 

func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string

func GetScaIssueId 

func GetScaIssueId(depName, version, issueId string) string

func GetUniqueKey 

func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string

GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"

func GetViolatedLicenses 

func GetViolatedLicenses(allowedLicenses []string, licenses []services.License) (violatedLicenses []services.Violation)

func NewFailBuildError 

func NewFailBuildError() error

func PrepareJasIssues 

func PrepareJasIssues(runs []*sarif.Run, entitledForJas bool, handler ParseJasFunc) error

PrepareJasIssues allows to iterate over the provided SARIF runs and call the provided handler for each issue to process it.

func PrepareLicenses 

func PrepareLicenses(target ScanTarget, licenses []services.License, handler ParseLicensesFunc) error

PrepareLicenses allows to iterate over the provided licenses and call the provided handler for each component/package with a license to process it.

func PrepareScaViolations 

func PrepareScaViolations(target ScanTarget, violations []services.Violation, entitledForJas bool, applicabilityRuns []*sarif.Run, securityHandler ParseScaViolationFunc, licenseHandler ParseScaViolationFunc, operationalRiskHandler ParseScaViolationFunc) (watches []string, failBuild bool, err error)

PrepareScaViolations allows to iterate over the provided SCA violations and call the provided handler for each impacted component/package with a violation to process it.

func PrepareScaVulnerabilities 

func PrepareScaVulnerabilities(target ScanTarget, vulnerabilities []services.Vulnerability, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseScaVulnerabilityFunc) error

PrepareScaVulnerabilities allows to iterate over the provided SCA security vulnerabilities and call the provided handler for each impacted component/package with a vulnerability to process it.

func SplitComponents 

func SplitComponents(target string, impactedPackages map[string]services.Component) (impactedPackagesNames, impactedPackagesVersions, impactedPackagesTypes []string, fixedVersions [][]string, directComponents [][]formats.ComponentRow, impactPaths [][][]formats.ComponentRow, err error)

Types

type JasScansResults 

type JasScansResults struct {
	ApplicabilityScanResults []*sarif.Run `json:"contextual_analysis,omitempty"`
	SecretsScanResults       []*sarif.Run `json:"secrets,omitempty"`
	IacScanResults           []*sarif.Run `json:"iac,omitempty"`
	SastScanResults          []*sarif.Run `json:"sast,omitempty"`
}

func (*JasScansResults) GetResults 

func (jsr *JasScansResults) GetResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) HasFindings 

func (jsr *JasScansResults) HasFindings() bool

func (*JasScansResults) HasFindingsByType 

func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool

func (*JasScansResults) HasInformation 

func (jsr *JasScansResults) HasInformation() bool

func (*JasScansResults) HasInformationByType 

func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool

type ParseJasFunc 

type ParseJasFunc func(run *sarif.Run, rule *sarif.ReportingDescriptor, severity severityutils.Severity, result *sarif.Result, location *sarif.Location) error

type ParseLicensesFunc 

type ParseLicensesFunc func(license services.License, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaViolationFunc 

type ParseScaViolationFunc func(violation services.Violation, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaVulnerabilityFunc 

type ParseScaVulnerabilityFunc func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ScaScanResults 

type ScaScanResults struct {
	IsMultipleRootProject *bool `json:"is_multiple_root_project,omitempty"`
	// Target of the scan
	Descriptors []string `json:"descriptors,omitempty"`
	// Sca scan results
	XrayResults []services.ScanResponse `json:"xray_scan,omitempty"`
}

func (*ScaScanResults) HasFindings 

func (ssr *ScaScanResults) HasFindings() bool

func (*ScaScanResults) HasInformation 

func (ssr *ScaScanResults) HasInformation() bool

type ScanTarget 

type ScanTarget struct {
	// Physical location of the target: Working directory (audit) / binary to scan (scan / docker scan)
	Target string `json:"target,omitempty"`
	// Logical name of the target (build name / module name / docker image name...)
	Name string `json:"name,omitempty"`
	// Optional field (not used only in build scan) to provide the technology of the target
	Technology techutils.Technology `json:"technology,omitempty"`
}

func (ScanTarget) Copy 

func (st ScanTarget) Copy(newTarget string) ScanTarget

func (ScanTarget) String 

func (st ScanTarget) String() (str string)

type SecurityCommandResults 

type SecurityCommandResults struct {
	// General fields describing the command metadata
	XrayVersion      string            `json:"xray_version"`
	EntitledForJas   bool              `json:"jas_entitled"`
	SecretValidation bool              `json:"secret_validation,omitempty"`
	CmdType          utils.CommandType `json:"command_type"`
	// MultiScanId is a unique identifier that is used to group multiple scans together.
	MultiScanId string `json:"multi_scan_id,omitempty"`
	// Results for each target in the command
	Targets []*TargetResults `json:"targets"`

	// Error that occurred during the command execution
	Error error `json:"error,omitempty"`
	// contains filtered or unexported fields
}

SecurityCommandResults is a struct that holds the results of a security scan/audit command.

func NewCommandResults 

func NewCommandResults(cmdType utils.CommandType, xrayVersion string, entitledForJas, secretValidation bool) *SecurityCommandResults

func (*SecurityCommandResults) GetErrors 

func (r *SecurityCommandResults) GetErrors() (err error)

func (*SecurityCommandResults) GetJasScansResults 

func (r *SecurityCommandResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*SecurityCommandResults) GetScaScansXrayResults 

func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*SecurityCommandResults) GetTargetsPaths 

func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)

func (*SecurityCommandResults) GetTechnologies 

func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology

func (*SecurityCommandResults) HasFindings 

func (r *SecurityCommandResults) HasFindings() bool

func (*SecurityCommandResults) HasInformation 

func (r *SecurityCommandResults) HasInformation() bool

func (*SecurityCommandResults) HasMultipleTargets 

func (r *SecurityCommandResults) HasMultipleTargets() bool

In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan).

func (*SecurityCommandResults) NewScanResults 

func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults

func (*SecurityCommandResults) SetMultiScanId 

func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults

type TargetResults 

type TargetResults struct {
	ScanTarget
	// All scan results for the target
	ScaResults *ScaScanResults  `json:"sca_scans,omitempty"`
	JasResults *JasScansResults `json:"jas_scans,omitempty"`
	// Errors that occurred during the scans
	Errors []error `json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func (*TargetResults) AddError 

func (sr *TargetResults) AddError(err error)

func (*TargetResults) GetErrors 

func (sr *TargetResults) GetErrors() (err error)

func (*TargetResults) GetJasScansResults 

func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*TargetResults) GetScaScansXrayResults 

func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*TargetResults) GetScanIds 

func (sr *TargetResults) GetScanIds() []string

func (*TargetResults) GetTechnologies 

func (sr *TargetResults) GetTechnologies() []techutils.Technology

func (*TargetResults) GetWatches 

func (sr *TargetResults) GetWatches() []string

func (*TargetResults) HasFindings 

func (sr *TargetResults) HasFindings() bool

func (*TargetResults) HasInformation 

func (sr *TargetResults) HasInformation() bool

func (*TargetResults) NewScaScanResults 

func (sr *TargetResults) NewScaScanResults(responses ...services.ScanResponse) *ScaScanResults

func (*TargetResults) SetDescriptors 

func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults

Source Files

View all Source files

Directories

Path Synopsis
sarifparser
simplejsonparser
summaryparser
tableparser

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.