results

package
v1.13.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 21, 2024 License: Apache-2.0 Imports: 20 Imported by: 4

Documentation

Index

Constants

View Source
const (
	RootIndex                  = 0
	DirectDependencyIndex      = 1
	DirectDependencyPathLength = 2
)

Variables

View Source
var (
	ErrResetConvertor    = fmt.Errorf("reset must be called before parsing new scan results metadata")
	ErrNoTargetConvertor = fmt.Errorf("ParseNewTargetResults must be called before starting to parse issues")
)

Functions

func AppendUniqueImpactPaths

func AppendUniqueImpactPaths(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode, multipleRoots bool) [][]services.ImpactPathNode

appendImpactPathsWithoutDuplicates appends the elements of a source [][]ImpactPathNode struct to a target [][]ImpactPathNode, without adding any duplicate elements. This implementation uses the ComponentId field of the ImpactPathNode struct to check for duplicates, as it is guaranteed to be unique.

func AppendUniqueImpactPathsForMultipleRoots

func AppendUniqueImpactPathsForMultipleRoots(target [][]services.ImpactPathNode, source [][]services.ImpactPathNode) [][]services.ImpactPathNode

AppendUniqueImpactPathsForMultipleRoots appends the source impact path to the target impact path while avoiding duplicates. Specifically, it is designed for handling multiple root projects, such as Maven or Gradle, by comparing each pair of paths and identifying the path that is closest to the direct dependency.

func CheckIfFailBuild

func CheckIfFailBuild(results []services.ScanResponse) bool

In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned.

func ConvertCvesWithApplicability

func ConvertCvesWithApplicability(cves []services.Cve, entitledForJas bool, applicabilityRuns []*sarif.Run, components map[string]services.Component) (convertedCves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus)

func FindMaxCVEScore

func FindMaxCVEScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cves []formats.CveRow) (string, error)

FindMaxCVEScore returns the maximum CVSS score of the given CVEs or score based on severity and applicability status if not exists.

func GetApplicableCveStatus

func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sarif.Run, cves []formats.CveRow) jasutils.ApplicabilityStatus

func GetCveApplicabilityField

func GetCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Run, components map[string]services.Component) *formats.Applicability

func GetCveScore

func GetCveScore(severity severityutils.Severity, applicabilityStatus jasutils.ApplicabilityStatus, cve formats.CveRow) (float32, error)

GetCveScore returns the CVSS score of the given CVE or score based on severity and applicability status if not exists.

func GetDependencyId

func GetDependencyId(depName, version string) string

func GetIssueIdentifier

func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string, delimiter string) string

func GetResultPropertyMetadata

func GetResultPropertyMetadata(result *sarif.Result) string

func GetResultPropertyTokenValidation

func GetResultPropertyTokenValidation(result *sarif.Result) string

func GetRuleUndeterminedReason

func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string

func GetScaIssueId

func GetScaIssueId(depName, version, issueId string) string

func GetUniqueKey

func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string

GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"

func GetViolatedLicenses

func GetViolatedLicenses(allowedLicenses []string, licenses []services.License) (violatedLicenses []services.Violation)

func NewFailBuildError

func NewFailBuildError() error

func PrepareJasIssues

func PrepareJasIssues(runs []*sarif.Run, entitledForJas bool, handler ParseJasFunc) error

PrepareJasIssues allows to iterate over the provided SARIF runs and call the provided handler for each issue to process it.

func PrepareLicenses

func PrepareLicenses(target ScanTarget, licenses []services.License, handler ParseLicensesFunc) error

PrepareLicenses allows to iterate over the provided licenses and call the provided handler for each component/package with a license to process it.

func PrepareScaViolations

func PrepareScaViolations(target ScanTarget, violations []services.Violation, entitledForJas bool, applicabilityRuns []*sarif.Run, securityHandler ParseScaViolationFunc, licenseHandler ParseScaViolationFunc, operationalRiskHandler ParseScaViolationFunc) (watches []string, failBuild bool, err error)

PrepareScaViolations allows to iterate over the provided SCA violations and call the provided handler for each impacted component/package with a violation to process it.

func PrepareScaVulnerabilities

func PrepareScaVulnerabilities(target ScanTarget, vulnerabilities []services.Vulnerability, entitledForJas bool, applicabilityRuns []*sarif.Run, handler ParseScaVulnerabilityFunc) error

PrepareScaVulnerabilities allows to iterate over the provided SCA security vulnerabilities and call the provided handler for each impacted component/package with a vulnerability to process it.

func SplitComponents

func SplitComponents(target string, impactedPackages map[string]services.Component) (impactedPackagesNames, impactedPackagesVersions, impactedPackagesTypes []string, fixedVersions [][]string, directComponents [][]formats.ComponentRow, impactPaths [][][]formats.ComponentRow, err error)

Types

type JasScansResults

type JasScansResults struct {
	ApplicabilityScanResults []*sarif.Run `json:"contextual_analysis,omitempty"`
	SecretsScanResults       []*sarif.Run `json:"secrets,omitempty"`
	IacScanResults           []*sarif.Run `json:"iac,omitempty"`
	SastScanResults          []*sarif.Run `json:"sast,omitempty"`
}

func (*JasScansResults) GetResults

func (jsr *JasScansResults) GetResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*JasScansResults) HasFindings

func (jsr *JasScansResults) HasFindings() bool

func (*JasScansResults) HasFindingsByType

func (jsr *JasScansResults) HasFindingsByType(scanType jasutils.JasScanType) bool

func (*JasScansResults) HasInformation

func (jsr *JasScansResults) HasInformation() bool

func (*JasScansResults) HasInformationByType

func (jsr *JasScansResults) HasInformationByType(scanType jasutils.JasScanType) bool

type ParseJasFunc

type ParseJasFunc func(run *sarif.Run, rule *sarif.ReportingDescriptor, severity severityutils.Severity, result *sarif.Result, location *sarif.Location) error

type ParseLicensesFunc

type ParseLicensesFunc func(license services.License, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaViolationFunc

type ParseScaViolationFunc func(violation services.Violation, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ParseScaVulnerabilityFunc

type ParseScaVulnerabilityFunc func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error

type ScaScanResults

type ScaScanResults struct {
	IsMultipleRootProject *bool `json:"is_multiple_root_project,omitempty"`
	// Target of the scan
	Descriptors []string `json:"descriptors,omitempty"`
	// Sca scan results
	XrayResults []services.ScanResponse `json:"xray_scan,omitempty"`
}

func (*ScaScanResults) HasFindings

func (ssr *ScaScanResults) HasFindings() bool

func (*ScaScanResults) HasInformation

func (ssr *ScaScanResults) HasInformation() bool

type ScanTarget

type ScanTarget struct {
	// Physical location of the target: Working directory (audit) / binary to scan (scan / docker scan)
	Target string `json:"target,omitempty"`
	// Logical name of the target (build name / module name / docker image name...)
	Name string `json:"name,omitempty"`
	// Optional field (not used only in build scan) to provide the technology of the target
	Technology techutils.Technology `json:"technology,omitempty"`
}

func (ScanTarget) Copy

func (st ScanTarget) Copy(newTarget string) ScanTarget

func (ScanTarget) String

func (st ScanTarget) String() (str string)

type SecurityCommandResults

type SecurityCommandResults struct {
	// General fields describing the command metadata
	XrayVersion      string            `json:"xray_version"`
	XscVersion       string            `json:"xsc_version,omitempty"`
	EntitledForJas   bool              `json:"jas_entitled"`
	SecretValidation bool              `json:"secret_validation,omitempty"`
	CmdType          utils.CommandType `json:"command_type"`
	StartTime        time.Time         `json:"start_time"`
	// MultiScanId is a unique identifier that is used to group multiple scans together.
	MultiScanId string `json:"multi_scan_id,omitempty"`
	// Results for each target in the command
	Targets []*TargetResults `json:"targets"`

	// GeneralError that occurred during the command execution
	GeneralError error `json:"general_error,omitempty"`
	// contains filtered or unexported fields
}

SecurityCommandResults is a struct that holds the results of a security scan/audit command.

func NewCommandResults

func NewCommandResults(cmdType utils.CommandType) *SecurityCommandResults

func (*SecurityCommandResults) AddGeneralError added in v1.12.4

func (r *SecurityCommandResults) AddGeneralError(err error, allowSkippingError bool) *SecurityCommandResults

--- Aggregated results for all targets --- Adds a general error to the command results in different phases of its execution. Notice that in some usages we pass constant 'false' to the 'allowSkippingError' parameter in some places, where we wish to force propagation of the error when it occurs.

func (*SecurityCommandResults) GetErrors

func (r *SecurityCommandResults) GetErrors() (err error)

func (*SecurityCommandResults) GetJasScansResults

func (r *SecurityCommandResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*SecurityCommandResults) GetScaScansXrayResults

func (r *SecurityCommandResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*SecurityCommandResults) GetTargetsPaths

func (r *SecurityCommandResults) GetTargetsPaths() (paths []string)

func (*SecurityCommandResults) GetTechnologies

func (r *SecurityCommandResults) GetTechnologies(additionalTechs ...techutils.Technology) []techutils.Technology

func (*SecurityCommandResults) HasFindings

func (r *SecurityCommandResults) HasFindings() bool

func (*SecurityCommandResults) HasInformation

func (r *SecurityCommandResults) HasInformation() bool

func (*SecurityCommandResults) HasMultipleTargets

func (r *SecurityCommandResults) HasMultipleTargets() bool

In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan).

func (*SecurityCommandResults) NewScanResults

func (r *SecurityCommandResults) NewScanResults(target ScanTarget) *TargetResults

func (*SecurityCommandResults) SetEntitledForJas added in v1.12.4

func (r *SecurityCommandResults) SetEntitledForJas(entitledForJas bool) *SecurityCommandResults

func (*SecurityCommandResults) SetMultiScanId

func (r *SecurityCommandResults) SetMultiScanId(multiScanId string) *SecurityCommandResults

func (*SecurityCommandResults) SetSecretValidation added in v1.12.4

func (r *SecurityCommandResults) SetSecretValidation(secretValidation bool) *SecurityCommandResults

func (*SecurityCommandResults) SetStartTime added in v1.13.2

func (r *SecurityCommandResults) SetStartTime(startTime time.Time) *SecurityCommandResults

func (*SecurityCommandResults) SetXrayVersion added in v1.12.4

func (r *SecurityCommandResults) SetXrayVersion(xrayVersion string) *SecurityCommandResults

func (*SecurityCommandResults) SetXscVersion added in v1.13.2

func (r *SecurityCommandResults) SetXscVersion(xscVersion string) *SecurityCommandResults

type TargetResults

type TargetResults struct {
	ScanTarget
	// All scan results for the target
	ScaResults *ScaScanResults  `json:"sca_scans,omitempty"`
	JasResults *JasScansResults `json:"jas_scans,omitempty"`
	// Errors that occurred during the scans
	Errors []error `json:"errors,omitempty"`
	// contains filtered or unexported fields
}

func (*TargetResults) AddTargetError added in v1.12.4

func (sr *TargetResults) AddTargetError(err error, allowSkippingError bool) error

func (*TargetResults) GetErrors

func (sr *TargetResults) GetErrors() (err error)

func (*TargetResults) GetJasScansResults

func (sr *TargetResults) GetJasScansResults(scanType jasutils.JasScanType) (results []*sarif.Run)

func (*TargetResults) GetScaScansXrayResults

func (sr *TargetResults) GetScaScansXrayResults() (results []services.ScanResponse)

func (*TargetResults) GetScanIds

func (sr *TargetResults) GetScanIds() []string

func (*TargetResults) GetTechnologies

func (sr *TargetResults) GetTechnologies() []techutils.Technology

func (*TargetResults) GetWatches

func (sr *TargetResults) GetWatches() []string

func (*TargetResults) HasFindings

func (sr *TargetResults) HasFindings() bool

func (*TargetResults) HasInformation

func (sr *TargetResults) HasInformation() bool

func (*TargetResults) NewScaScanResults

func (sr *TargetResults) NewScaScanResults(responses ...services.ScanResponse) *ScaScanResults

func (*TargetResults) SetDescriptors

func (sr *TargetResults) SetDescriptors(descriptors ...string) *TargetResults

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL