Documentation ¶
Index ¶
- Constants
- Variables
- func CalculateFixed(Fixes []FixedIn) int
- func GenerateContainerScanLayer(layer *ScanResultLayer)
- func GenerateVulnerability(v *Vulnerability) error
- type ESLayer
- type ElasticContainerScanSeveritySummary
- type ElasticContainerScanSummaryResult
- type ElasticContainerVulnerabilityResult
- type FixedIn
- type LayersList
- type LinuxPackage
- type LinuxPkgs
- type PackageFile
- type PkgFiles
- type ScanResultLayer
- type ScanResultReport
- func (v *ScanResultReport) AsFNVHash() string
- func (scanresult *ScanResultReport) GetDesignatorsNContext() (*identifiers.PortalDesignator, []identifiers.ArmoContext)
- func (scan *ScanResultReport) NKeys() int
- func (scanresult *ScanResultReport) Summarize() *ElasticContainerScanSummaryResult
- func (scan *ScanResultReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
- func (scanresult *ScanResultReport) Validate() bool
- type SeverityStats
- type VulFixes
- type VulnerabilitiesList
- type Vulnerability
- type VulnerabilityCategory
Constants ¶
const ( //defines Relevancy as enum-like Unknown = "Unknown" Relevant = "Relevant" Irelevant = "Irelevant" NoSP = "No signature profile to compare" //Clair Severities UnknownSeverity = "Unknown" NegligibleSeverity = "Negligible" LowSeverity = "Low" MediumSeverity = "Medium" HighSeverity = "High" CriticalSeverity = "Critical" ContainerScanRedisPrefix = "_containerscan" )
Variables ¶
var KnownSeverities = map[string]bool{ UnknownSeverity: true, NegligibleSeverity: true, LowSeverity: true, MediumSeverity: true, HighSeverity: true, CriticalSeverity: true, }
Functions ¶
func CalculateFixed ¶
CalculateFixed calculates the number of fixes in a given list of FixedIn objects.
Example Usage:
fixes := []FixedIn{ {Version: "None"}, {Version: "1.2.3"}, {Version: ""}, }
result := CalculateFixed(fixes) fmt.Println(result) // Output: 1
Inputs: - Fixes: a slice of FixedIn objects representing the fixes for a vulnerability.
Flow: 1. Iterate over each FixedIn object in the Fixes slice. 2. Check if the Version field of the current FixedIn object is not equal to "None" and not empty. 3. If the condition is true for any FixedIn object, return 1. 4. If the loop completes without returning, return 0.
Outputs: - An integer representing the number of fixes found in the Fixes slice.
func GenerateContainerScanLayer ¶
func GenerateContainerScanLayer(layer *ScanResultLayer)
GenerateContainerScanLayer - generate a layer with random vuls
func GenerateVulnerability ¶
func GenerateVulnerability(v *Vulnerability) error
GenerateVulnerability - generate a vul (just diff "cve"'s)
Types ¶
type ElasticContainerScanSeveritySummary ¶
type ElasticContainerScanSeveritySummary struct { Designators identifiers.PortalDesignator `json:"designators"` Context []identifiers.ArmoContext `json:"context"` SeverityStats CustomerGUID string `json:"customerGUID"` ContainerScanID string `json:"containersScanID"` Timestamp int64 `json:"timestamp"` WLID string `json:"wlid"` ImgTag string `json:"imageTag"` ImgHash string `json:"imageHash"` Cluster string `json:"cluster"` Namespace string `json:"namespace"` ContainerName string `json:"containerName"` Status string `json:"status"` Registry string `json:"registry"` VersionImage string `json:"versionImage"` Version string `json:"version"` DayDate string `json:"dayDate"` }
type ElasticContainerScanSummaryResult ¶
type ElasticContainerScanSummaryResult struct { SeverityStats Designators identifiers.PortalDesignator `json:"designators"` Context []identifiers.ArmoContext `json:"context"` CustomerGUID string `json:"customerGUID"` ContainerScanID string `json:"containersScanID"` Timestamp int64 `json:"timestamp"` WLID string `json:"wlid"` ImgTag string `json:"imageTag"` ImgHash string `json:"imageHash"` Cluster string `json:"cluster"` Namespace string `json:"namespace"` ContainerName string `json:"containerName"` PackagesName []string `json:"packages"` ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats"` Status string `json:"status"` Registry string `json:"registry"` VersionImage string `json:"versionImage"` SeveritiesStats []SeverityStats `json:"severitiesStats"` Version string `json:"version"` }
func (*ElasticContainerScanSummaryResult) Validate ¶
func (summary *ElasticContainerScanSummaryResult) Validate() bool
Validate checks if the ElasticContainerScanSummaryResult object is valid.
type ElasticContainerVulnerabilityResult ¶
type ElasticContainerVulnerabilityResult struct { Designators identifiers.PortalDesignator `json:"designators"` Context []identifiers.ArmoContext `json:"context"` WLID string `json:"wlid"` ContainerScanID string `json:"containersScanID"` Layers []ESLayer `json:"layers"` Timestamp int64 `json:"timestamp"` IsFixed int `json:"isFixed"` IntroducedInLayer string `json:"layerHash"` RelevantLinks []string `json:"links"` // Bad SE practice Vulnerability `json:",inline"` }
type FixedIn ¶
type FixedIn struct { Name string `json:"name"` ImgTag string `json:"imageTag"` Version string `json:"version"` }
FixedIn when and which pkg was fixed (which version as well)
type LayersList ¶
type LayersList []ScanResultLayer
VulnerabilitiesList -s.e
func (*LayersList) UnmarshalJSONArray ¶
func (t *LayersList) UnmarshalJSONArray(dec *gojay.Decoder) error
type LinuxPackage ¶
type LinuxPackage struct { PackageName string `json:"packageName"` Files PkgFiles `json:"files"` PackageVersion string `json:"version"` }
LinuxPackage- Linux package representation
func (*LinuxPackage) NKeys ¶
func (file *LinuxPackage) NKeys() int
func (*LinuxPackage) UnmarshalJSONObject ¶
func (pkgnx *LinuxPackage) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
UnmarshalJSONObject--- Package
type PackageFile ¶
type PackageFile struct {
Filename string `json:"name"`
}
PackageFile - s.e
func (*PackageFile) NKeys ¶
func (file *PackageFile) NKeys() int
func (*PackageFile) UnmarshalJSONObject ¶
func (file *PackageFile) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
UnmarshalJSONObject - File inside a pkg
type ScanResultLayer ¶
type ScanResultLayer struct { LayerHash string `json:"layerHash"` ParentLayerHash string `json:"parentLayerHash"` Vulnerabilities VulnerabilitiesList `json:"vulnerabilities"` Packages LinuxPkgs `json:"packageToFile"` }
ScanResultLayer - represents a single layer from container scan result
func (*ScanResultLayer) GetPackagesNames ¶
func (layer *ScanResultLayer) GetPackagesNames() []string
GetPackagesNames retrieves the names of all the packages stored in the Packages field of the ScanResultLayer object and returns them as a slice of strings.
func (*ScanResultLayer) NKeys ¶
func (scan *ScanResultLayer) NKeys() int
func (*ScanResultLayer) UnmarshalJSONObject ¶
func (scan *ScanResultLayer) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
type ScanResultReport ¶
type ScanResultReport struct { CustomerGUID string `json:"customerGUID"` ImgTag string `json:"imageTag"` ImgHash string `json:"imageHash"` WLID string `json:"wlid"` ContainerName string `json:"containerName"` Timestamp int64 `json:"timestamp"` Layers LayersList `json:"layers"` ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats"` }
ScanResultReport - the report given from scanner to event receiver
func GenerateContainerScanReportMock ¶
func GenerateContainerScanReportMock() ScanResultReport
GenerateContainerScanReportMock - generate a scan result
func GenerateContainerScanReportNoVulMock ¶
func GenerateContainerScanReportNoVulMock() ScanResultReport
GenerateContainerScanReportNoVulMock - generate a scan result
func (*ScanResultReport) AsFNVHash ¶
func (v *ScanResultReport) AsFNVHash() string
func (*ScanResultReport) GetDesignatorsNContext ¶
func (scanresult *ScanResultReport) GetDesignatorsNContext() (*identifiers.PortalDesignator, []identifiers.ArmoContext)
GetDesignatorsNContext retrieves the designators and context information from the ScanResultReport object and returns them as a pair of objects.
func (*ScanResultReport) NKeys ¶
func (scan *ScanResultReport) NKeys() int
func (*ScanResultReport) Summarize ¶
func (scanresult *ScanResultReport) Summarize() *ElasticContainerScanSummaryResult
Summarize generates a summary of the scan result report.
func (*ScanResultReport) UnmarshalJSONObject ¶
func (scan *ScanResultReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
func (*ScanResultReport) Validate ¶
func (scanresult *ScanResultReport) Validate() bool
Validate checks if the scan result report is valid.
type SeverityStats ¶
type SeverityStats struct { Severity string `json:"severity,omitempty"` TotalCount int64 `json:"total"` FixAvailableOfTotalCount int64 `json:"fixedTotal"` RelevantCount int64 `json:"totalRelevant"` FixAvailableForRelevantCount int64 `json:"fixedRelevant"` RCECount int64 `json:"rceTotal"` UrgentCount int64 `json:"urgent"` NeglectedCount int64 `json:"neglected"` HealthStatus string `json:"healthStatus"` }
type VulnerabilitiesList ¶
type VulnerabilitiesList []Vulnerability
VulnerabilitiesList -s.e
func (*VulnerabilitiesList) UnmarshalJSONArray ¶
func (t *VulnerabilitiesList) UnmarshalJSONArray(dec *gojay.Decoder) error
type Vulnerability ¶
type Vulnerability struct { Name string `json:"name"` ImgHash string `json:"imageHash"` ImgTag string `json:"imageTag"` RelatedPackageName string `json:"packageName"` PackageVersion string `json:"packageVersion"` Link string `json:"link"` Description string `json:"description"` Severity string `json:"severity"` Metadata interface{} `json:"metadata"` Fixes VulFixes `json:"fixedIn"` Relevancy string `json:"relevant"` // use the related enum UrgentCount int `json:"urgent"` NeglectedCount int `json:"neglected"` HealthStatus string `json:"healthStatus"` Categories VulnerabilityCategory `json:"categories"` }
Vulnerability - a vul object
func (*Vulnerability) IsRCE ¶
func (v *Vulnerability) IsRCE() bool
IsRCE checks if a vulnerability description contains any keywords related to remote code execution (RCE) or arbitrary code injection.
func (*Vulnerability) NKeys ¶
func (v *Vulnerability) NKeys() int
func (*Vulnerability) UnmarshalJSONObject ¶
func (v *Vulnerability) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)
type VulnerabilityCategory ¶
type VulnerabilityCategory struct {
IsRCE bool `json:"isRce"`
}