vulndb

package
v0.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2024 License: AGPL-3.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCVEListService added in v0.5.1 

func NewCVEListService(cveRepository cveRepository) cvelistService

func NewDebianSecurityTracker added in v0.5.1 

func NewDebianSecurityTracker(affectedCmpRepository affectedCmpRepository) debianSecurityTracker

func NewEPSSService 

func NewEPSSService(nvdService NVDService, cveRepository cveRepository) epssService

func NewExploitDBService 

func NewExploitDBService(nvdService NVDService, exploitRepository exploitRepository) exploitDBService

func NewGithubExploitDBService 

func NewGithubExploitDBService(exploitRepository githubExploitRepository) githubExploitDBService

func NewHttpController 

func NewHttpController(cveRepository repository) *cveHttpController

func NewMitreService 

func NewMitreService(cweRepository cweRepository) mitreService

func NewOSVService 

func NewOSVService(affectedCmpRepository affectedCmpRepository) osvService

func StartMirror 

func StartMirror(database core.DB, leaderElector leaderElector, configService configService)

Types

type AbstractionEnumeration 

type AbstractionEnumeration string

AbstractionEnumeration is The AbstractionEnumeration simple type defines the different abstraction levels that apply to a weakness. A "Pillar" is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. A "Class" is a weakness also described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. A "Base" is a more specific type of weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. A "Variant" is a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. A "Compound" weakness is a meaningful aggregation of several weaknesses, currently known as either a Chain or Composite.

type AffectedResourcesType 

type AffectedResourcesType struct {
	AffectedResource []string `xml:"Affected_Resource"`
}

AffectedResourcesType is The AffectedResourcesType complex type is used to identify system resources that can be affected by an exploit of this weakness. If multiple resources could be affected, then each should be defined by its own Affected_Resource element.

type AlternateTerm 

type AlternateTerm struct {
	XMLName     xml.Name            `xml:"Alternate_Term"`
	Term        string              `xml:"Term"`
	Description *StructuredTextType `xml:"Description"`
}

AlternateTerm ...

type AlternateTermsType 

type AlternateTermsType struct {
	AlternateTerm []*AlternateTerm `xml:"Alternate_Term"`
}

AlternateTermsType is The AlternateTermsType complex type indicates one or more other names used to describe this weakness. The required Term element contains the actual alternate term. The required Description element provides context for each alternate term by which this weakness may be known.

type ApplicablePlatformsType 

type ApplicablePlatformsType struct {
	Language        []*Language        `xml:"Language"`
	OperatingSystem []*OperatingSystem `xml:"Operating_System"`
	Architecture    []*Architecture    `xml:"Architecture"`
	Technology      []*Technology      `xml:"Technology"`
}

ApplicablePlatformsType is The ApplicablePlatformsType complex type specifies the languages, operating systems, architectures, and technologies in which a given weakness could appear. A technology represents a generally accepted feature of a system and often refers to a high-level functional component within a system. The required Prevalence attribute identifies the regularity with which the weakness is applicable to that platform. When providing an operating system name, an optional Common Platform Enumeration (CPE) identifier can be used to a identify a specific OS.

type Architecture 

type Architecture struct {
	NameAttr       string `xml:"Name,attr,omitempty"`
	ClassAttr      string `xml:"Class,attr,omitempty"`
	PrevalenceAttr string `xml:"Prevalence,attr"`
}

Architecture ...

type ArchitectureClassEnumeration 

type ArchitectureClassEnumeration string

ArchitectureClassEnumeration is Used to indicate that the entry is not limited to a small set of architectures, i.e., it can appear in many different architectures

type ArchitectureNameEnumeration 

type ArchitectureNameEnumeration string

ArchitectureNameEnumeration is The ArchitectureNameEnumeration simple type contains a list of values corresponding to known architectures.

type AudienceType 

type AudienceType struct {
	Stakeholder []*Stakeholder `xml:"Stakeholder"`
}

AudienceType is The AudienceType complex type provides a reference to the target stakeholders or groups for a view. For each stakeholder, the required Type element specifies the type of members that might be interested in the view. The required Description element provides some text describing what properties of the view this particular stakeholder might find useful.

type BackgroundDetailsType 

type BackgroundDetailsType struct {
	BackgroundDetail []*StructuredTextType `xml:"Background_Detail"`
}

BackgroundDetailsType is The BackgroundDetailsType complex type contains one or more Background_Detail elements, each of which contains information that is relevant but not related to the nature of the weakness itself.

type Categories 

type Categories struct {
	Category []*CategoryType `xml:"Category"`
}

Categories ...

type CategoryType 

type CategoryType struct {
	IDAttr           int                   `xml:"ID,attr"`
	NameAttr         string                `xml:"Name,attr"`
	StatusAttr       string                `xml:"Status,attr"`
	Summary          *StructuredTextType   `xml:"Summary"`
	Relationships    *RelationshipsType    `xml:"Relationships"`
	TaxonomyMappings *TaxonomyMappingsType `xml:"Taxonomy_Mappings"`
	References       *ReferencesType       `xml:"References"`
	MappingNotes     *MappingNotesType     `xml:"Mapping_Notes"`
	Notes            *NotesType            `xml:"Notes"`
	ContentHistory   *ContentHistoryType   `xml:"Content_History"`
}

CategoryType is The required ID attribute provides a unique identifier for the category. It is meant to be static for the lifetime of the category. If the category becomes deprecated, the ID should not be reused, and a placeholder for the deprecated category should be left in the catalog. The required Name attribute provides a descriptive title used to give the reader an idea of what characteristics this category represents. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. The required Status attribute defines the maturity of the information for this category. Please refer to the StatusEnumeration simple type for a list of valid values and their meanings.

type CommonConsequencesType 

type CommonConsequencesType struct {
	Consequence []*Consequence `xml:"Consequence"`
}

CommonConsequencesType is The optional Consequence_ID attribute is used by the internal CWE team to uniquely identify examples that are repeated across any number of individual weaknesses. To help make sure that the details of these common examples stay synchronized, the Consequence_ID is used to quickly identify those examples across CWE that should be identical. The identifier is a string and should match the following format: CC-1.

type Consequence 

type Consequence struct {
	ConsequenceIDAttr string              `xml:"Consequence_ID,attr,omitempty"`
	Scope             []string            `xml:"Scope"`
	Impact            []string            `xml:"Impact"`
	Likelihood        string              `xml:"Likelihood"`
	Note              *StructuredTextType `xml:"Note"`
}

Consequence ...

type ContentHistoryType 

type ContentHistoryType struct {
	Submission        *Submission          `xml:"Submission"`
	Modification      []*Modification      `xml:"Modification"`
	Contribution      []*Contribution      `xml:"Contribution"`
	PreviousEntryName []*PreviousEntryName `xml:"Previous_Entry_Name"`
}

ContentHistoryType is The ContentHistoryType complex type provides elements to keep track of the original author of an entry and any subsequent modifications to the content. The required Submission element is used to identify the submitter and/or their organization, the date on which the submission was made, the CWE version and release date in which the new CWE entry was added, and any optional comments related to an entry. The optional Modification element is used to identify a modifier's name, organization, the date on which the Modification was made or suggested, the CWE version and release date in which the modification first appeared, and any related comments. A new Modification element should exist for each change made to the content. Modifications that change the meaning of the entry, or how it might be interpreted, should be marked with an importance of critical to bring it to the attention of anyone previously dependent on the weakness. The optional Contribution element is used to identify a contributor's name, organization, the date, the CWE version and release date in which the contribution first appeared, and any related comments. This element has a single Type attribute, which indicates whether the contribution was part of general feedback given or actual content that was donated. The optional Previous_Entry_Name element is used to describe a previous name that was used for the entry. This should be filled out whenever a substantive name change occurs. The required Date attribute lists the date on which this name was no longer used, typically the date of the first CWE release that changed the previous name. A Previous_Entry_Name element should align with a corresponding Modification element.

type Contribution 

type Contribution struct {
	TypeAttr                 string `xml:"Type,attr"`
	ContributionName         string `xml:"Contribution_Name"`
	ContributionOrganization string `xml:"Contribution_Organization"`
	ContributionDate         string `xml:"Contribution_Date"`
	ContributionVersion      string `xml:"Contribution_Version"`
	ContributionReleaseDate  string `xml:"Contribution_ReleaseDate"`
	ContributionComment      string `xml:"Contribution_Comment"`
}

Contribution ...

type DemonstrativeExample 

type DemonstrativeExample struct {
	XMLName                    xml.Name              `xml:"Demonstrative_Example"`
	DemonstrativeExampleIDAttr string                `xml:"Demonstrative_Example_ID,attr,omitempty"`
	TitleText                  string                `xml:"Title_Text"`
	IntroText                  *StructuredTextType   `xml:"Intro_Text"`
	BodyText                   []*StructuredTextType `xml:"Body_Text"`
	ExampleCode                []*StructuredCodeType `xml:"Example_Code"`
	References                 *ReferencesType       `xml:"References"`
}

DemonstrativeExample ...

type DemonstrativeExamplesType 

type DemonstrativeExamplesType struct {
	DemonstrativeExample []*DemonstrativeExample `xml:"Demonstrative_Example"`
}

DemonstrativeExamplesType is The optional Demonstrative_Example_ID attribute is used by the internal CWE team to uniquely identify examples that are repeated across any number of individual weaknesses. To help make sure that the details of these common examples stay synchronized, the Demonstrative_Example_ID is used to quickly identify those examples across CWE that should be identical. The identifier is a string and should match the following format: DX-1.

type DetectionEffectivenessEnumeration 

type DetectionEffectivenessEnumeration string

DetectionEffectivenessEnumeration is Used to indicate that according to the IATAC State Of the Art Report (SOAR), the detection method is partially effective.

type DetectionMethod 

type DetectionMethod struct {
	XMLName               xml.Name            `xml:"Detection_Method"`
	DetectionMethodIDAttr string              `xml:"Detection_Method_ID,attr,omitempty"`
	Method                string              `xml:"Method"`
	Description           *StructuredTextType `xml:"Description"`
	Effectiveness         string              `xml:"Effectiveness"`
	EffectivenessNotes    *StructuredTextType `xml:"Effectiveness_Notes"`
}

DetectionMethod ...

type DetectionMethodEnumeration 

type DetectionMethodEnumeration string

DetectionMethodEnumeration is The DetectionMethodEnumeration simple type defines the different methods used to detect a weakness.

type DetectionMethodsType 

type DetectionMethodsType struct {
	DetectionMethod []*DetectionMethod `xml:"Detection_Method"`
}

DetectionMethodsType is The optional Detection_Method_ID attribute is used by the internal CWE team to uniquely identify methods that are repeated across any number of individual weaknesses. To help make sure that the details of these common methods stay synchronized, the Detection_Method_ID is used to quickly identify those Detection_Method elements across CWE that should be identical. The identifier is a string and should match the following format: DM-1.

type EffectivenessEnumeration 

type EffectivenessEnumeration string

EffectivenessEnumeration is The EffectivenessEnumeration simple type defines the different values related to how effective a mitigation may be in preventing the weakness. A value of "High" means the mitigation is frequently successful in eliminating the weakness entirely. A value of "Moderate" means the mitigation will prevent the weakness in multiple forms, but it does not have complete coverage of the weakness. A value of "Limited" means the mitigation may be useful in limited circumstances, or it is only applicable to a subset of potential errors of this weakness type. A value of "Incidental" means the mitigation is generally not effective and will only provide protection by chance, rather than in a reliable manner. A value of "Defense in Depth" means the mitigation may not necessarily prevent the weakness, but it may help to minimize the potential impact of an attacker exploiting the weakness. A value of "Discouraged Common Practice" is used to indicate mitigations that are commonly attempted but known to be ineffective or highly risky.

type ExploitationFactorsType 

type ExploitationFactorsType struct {
	ExploitationFactor []*StructuredTextType `xml:"Exploitation_Factor"`
}

ExploitationFactorsType is The ExploitationFactorsType complex type points out conditions or factors that could increase the likelihood of exploit for this weakness.

type ExternalReferenceType 

type ExternalReferenceType struct {
	ReferenceIDAttr  string   `xml:"Reference_ID,attr"`
	Author           []string `xml:"Author"`
	Title            string   `xml:"Title"`
	Edition          string   `xml:"Edition"`
	Publication      string   `xml:"Publication"`
	PublicationYear  string   `xml:"Publication_Year"`
	PublicationMonth string   `xml:"Publication_Month"`
	PublicationDay   string   `xml:"Publication_Day"`
	Publisher        string   `xml:"Publisher"`
	URL              string   `xml:"URL"`
	URLDate          string   `xml:"URL_Date"`
}

ExternalReferenceType is The required Reference_ID attribute exists to provide a globally unique identifier for the reference (e.g., REF-1). The ID is used by other entities to link to this external reference.

type ExternalReferences 

type ExternalReferences struct {
	XMLName           xml.Name                 `xml:"External_References"`
	ExternalReference []*ExternalReferenceType `xml:"External_Reference"`
}

ExternalReferences ...

type FunctionalAreaEnumeration 

type FunctionalAreaEnumeration string

FunctionalAreaEnumeration is Used to indicate that the entry is not limited to a small set of functional areas, i.e., it can appear in many different functional areas

type FunctionalAreasType 

type FunctionalAreasType struct {
	FunctionalArea []string `xml:"Functional_Area"`
}

FunctionalAreasType is The FunctionalAreasType complex type contains one or more functional_area elements, each of which identifies the functional area in which the weakness is most likely to occur. For example, CWE-23: Relative Path Traversal may occur in functional areas of software related to file processing. Each applicable functional area should have a new Functional_Area element, and standard title capitalization should be applied to each area.

type GithubExploitDTO 

type GithubExploitDTO struct {
	ID          int        `json:"id"`
	Owner       Owner      `json:"owner"`
	HtmlURL     string     `json:"html_url"`
	Description string     `json:"description"`
	Published   *time.Time `json:"pushed_at"`
	Updated     *time.Time `json:"updated_at"`
	Subscribers int        `json:"subscribers_count"`
	Watchers    int        `json:"watchers_count"`
	Stars       int        `json:"stargazers_count"`
	Forks       int        `json:"forks_count"`
}

type ImportanceEnumeration 

type ImportanceEnumeration string

ImportanceEnumeration is The ImportanceEnumeration simple type lists different values for importance.

type Introduction 

type Introduction struct {
	Phase string              `xml:"Phase"`
	Note  *StructuredTextType `xml:"Note"`
}

Introduction ...

type Language 

type Language struct {
	NameAttr       string `xml:"Name,attr,omitempty"`
	ClassAttr      string `xml:"Class,attr,omitempty"`
	PrevalenceAttr string `xml:"Prevalence,attr"`
}

Language ...

type LanguageClassEnumeration 

type LanguageClassEnumeration string

LanguageClassEnumeration is Used to indicate that the entry is not limited to a small set of language classes, i.e., it can appear in many different language classes.

type LanguageNameEnumeration 

type LanguageNameEnumeration string

LanguageNameEnumeration is The LanguageNameEnumeration simple type contains a list of values corresponding to different source code languages or data formats.

type LikelihoodEnumeration 

type LikelihoodEnumeration string

LikelihoodEnumeration is The LikelihoodEnumeration simple type contains a list of values corresponding to different likelihoods. The value "Unknown" should be used when the actual likelihood of something occurring is not known.

type MappingNotesType 

type MappingNotesType struct {
	Usage       string              `xml:"Usage"`
	Rationale   *StructuredTextType `xml:"Rationale"`
	Comments    *StructuredTextType `xml:"Comments"`
	Reasons     *ReasonsType        `xml:"Reasons"`
	Suggestions *SuggestionsType    `xml:"Suggestions"`
}

MappingNotesType is The MappingNotesType complex type provides guidance for when (and whether) to map an issue to this CWE entry or to suggest alternatives. The Usage element describes whether the CWE should be used for mapping vulnerabilities to their underlying weaknesses as part of root cause analysis. The Rationale element provides context for the Usage. The Comments element provides further clarification to the reader. The Reasons element uses a limited vocabulary to summarize the Usage. The Suggestions element includes suggestions for additional CWEs that might be more appropriate for the mapping task.

type MemberType 

type MemberType struct {
	CWEIDAttr  int `xml:"CWE_ID,attr"`
	ViewIDAttr int `xml:"View_ID,attr"`
}

MemberType is The MemberType complex type may be used to establish a Has_Member or Member_Of type relationship within the designated View_ID. This type will establish a relationship between the container Category/View ID and the target CWE_ID.

type Mitigation 

type Mitigation struct {
	MitigationIDAttr   string              `xml:"Mitigation_ID,attr,omitempty"`
	Phase              []string            `xml:"Phase"`
	Strategy           string              `xml:"Strategy"`
	Description        *StructuredTextType `xml:"Description"`
	Effectiveness      string              `xml:"Effectiveness"`
	EffectivenessNotes *StructuredTextType `xml:"Effectiveness_Notes"`
}

Mitigation ...

type MitigationStrategyEnumeration 

type MitigationStrategyEnumeration string

MitigationStrategyEnumeration is The MitigationStrategyEnumeration simple type lists general strategies for protecting a system to which a mitigation contributes.

type ModesOfIntroductionType 

type ModesOfIntroductionType struct {
	Introduction []*Introduction `xml:"Introduction"`
}

ModesOfIntroductionType is The ModeOfIntroductionType complex type is used to provide information about how and when a given weakness may be introduced. If there are multiple possible introduction points, then a separate Introduction element should be included for each. The required Phase element identifies the point in the product life cycle at which the weakness may be introduced. The optional Note element identifies the typical scenarios under which the weakness may be introduced during the given phase.

type Modification 

type Modification struct {
	ModificationName         string `xml:"Modification_Name"`
	ModificationOrganization string `xml:"Modification_Organization"`
	ModificationDate         string `xml:"Modification_Date"`
	ModificationVersion      string `xml:"Modification_Version"`
	ModificationReleaseDate  string `xml:"Modification_ReleaseDate"`
	ModificationImportance   string `xml:"Modification_Importance"`
	ModificationComment      string `xml:"Modification_Comment"`
}

Modification ...

type NVDService 

type NVDService struct {
	// contains filtered or unexported fields
}

func NewNVDService 

func NewNVDService(cveRepository cveRepository) NVDService

func (NVDService) FetchAfter 

func (nvdService NVDService) FetchAfter(lastModDate time.Time) error

func (NVDService) FetchAfterIndex 

func (nvdService NVDService) FetchAfterIndex(index int) error

func (NVDService) ImportCVE 

func (nvdService NVDService) ImportCVE(cveID string) (models.CVE, error)

func (NVDService) InitialPopulation 

func (nvdService NVDService) InitialPopulation() error

type Note 

type Note struct {
	TypeAttr string `xml:"Type,attr"`
	*StructuredTextType
}

Note ...

type NoteTypeEnumeration 

type NoteTypeEnumeration string

NoteTypeEnumeration is The NoteTypeEnumeration simple type defines the different types of notes that can be associated with a weakness. An "Applicable Platform" note provides additional information about the list of applicable platforms for a given weakness. A "Maintenance" note contains significant maintenance tasks within this entry that still need to be addressed, such as clarifying the concepts involved or improving relationships. A "Relationship" note provides clarifying details regarding the relationships between entities. A "Research Gap" note identifies potential opportunities for the vulnerability research community to conduct further exploration of issues related to this weakness. It is intended to highlight parts of CWE that have not received sufficient attention from researchers. A "Terminology" note contains a discussion of terminology issues related to this weakness, or clarifications when there is no established terminology, or if there are multiple uses of the same key term. It is different from the Alternate_Terms element, which is focused on specific terms that are commonly used. A "Theoretical" note describes the weakness using vulnerability theory concepts. It should be provided as needed, especially in cases where the asset of vulnerability theory is not necessarily obvious for the weakness.

type NotesType 

type NotesType struct {
	Note []*Note `xml:"Note"`
}

NotesType is The NotesType complex type contains one or more Note elements, each of which is used to provide any additional comments about an entry that cannot be captured using other elements.

type ObservedExample 

type ObservedExample struct {
	XMLName     xml.Name            `xml:"Observed_Example"`
	Reference   string              `xml:"Reference"`
	Description *StructuredTextType `xml:"Description"`
	Link        string              `xml:"Link"`
}

ObservedExample ...

type ObservedExampleType 

type ObservedExampleType struct {
	ObservedExample []*ObservedExample `xml:"Observed_Example"`
}

ObservedExampleType is The ObservedExampleType complex type specifies references to a specific observed instance of a weakness in real-world products. Typically this will be a CVE reference. Each Observed_Example element represents a single example. The required Reference element should contain the identifier for the example being cited. For example, if a CVE is being cited, it should be of the standard CVE identifier format, such as CVE-2005-1951 or CVE-1999-0046. The required Description element should contain a brief description of the weakness being cited, without including irrelevant details such as the product name or attack vectors. The description should present an unambiguous correlation between the example being described and the weakness(es) that it is meant to exemplify. It should also be short and easy to understand. The Link element should provide a valid URL where more information regarding this example can be obtained.

type OperatingSystem 

type OperatingSystem struct {
	XMLName        xml.Name `xml:"Operating_System"`
	NameAttr       string   `xml:"Name,attr,omitempty"`
	VersionAttr    string   `xml:"Version,attr,omitempty"`
	CPEIDAttr      string   `xml:"CPE_ID,attr,omitempty"`
	ClassAttr      string   `xml:"Class,attr,omitempty"`
	PrevalenceAttr string   `xml:"Prevalence,attr"`
}

OperatingSystem ...

type OperatingSystemClassEnumeration 

type OperatingSystemClassEnumeration string

OperatingSystemClassEnumeration is Used to indicate that the entry is not limited to a small set of operating system classes, i.e., it can appear in many different operating system classes.

type OperatingSystemNameEnumeration 

type OperatingSystemNameEnumeration string

OperatingSystemNameEnumeration is The OperatingSystemNameEnumeration simple type contains a list of values corresponding to different operating systems.

type OrdinalEnumeration 

type OrdinalEnumeration string

OrdinalEnumeration is The OrdinalEnumeration simple type contains a list of values used to determine if a relationship is the primary relationship for a given weakness entry within a given view. Currently, this attribute can only have the value "Primary".

type OrdinalityEnumeration 

type OrdinalityEnumeration string

OrdinalityEnumeration is The OrdinalityEnumeration simple type contains a list of values used to indicates potential ordering relationships with other weaknesses. A primary relationship means the weakness exists independent of other weaknesses, while a resultant relationship is when a weakness exists only in the presence of some other weaknesses. An indirect relationship means the weakness does not directly lead to security-relevant weaknesses but is a quality issue that might indirectly make it easier to introduce security-relevant weaknesses or make them more difficult to detect.

type Owner 

type Owner struct {
	Login string `json:"login"`
}

type PhaseEnumeration 

type PhaseEnumeration string

PhaseEnumeration is The PhaseEnumeration simple type lists different phases in the product life cycle.

type PotentialMitigationsType 

type PotentialMitigationsType struct {
	Mitigation []*Mitigation `xml:"Mitigation"`
}

PotentialMitigationsType is The optional Mitigation_ID attribute is used by the internal CWE team to uniquely identify mitigations that are repeated across any number of individual weaknesses. To help make sure that the details of these common mitigations stay synchronized, the Mitigation_ID is used to quickly identify those mitigation elements across CWE that should be identical. The identifier is a string and should match the following format: MIT-1.

type PrevalenceEnumeration 

type PrevalenceEnumeration string

PrevalenceEnumeration is The PrevalenceEnumeration simple type defines the different regularities that guide the applicability of platforms.

type PreviousEntryName 

type PreviousEntryName struct {
	XMLName     xml.Name `xml:"Previous_Entry_Name"`
	DateAttr    string   `xml:"Date,attr"`
	VersionAttr string   `xml:"Version,attr,omitempty"`
	Value       string   `xml:",chardata"`
}

PreviousEntryName ...

type Reason 

type Reason struct {
	TypeAttr string `xml:"Type,attr"`
}

Reason ...

type ReasonEnumeration 

type ReasonEnumeration string

ReasonEnumeration is The ReasonEnumeration simple type holds all the different types of reasons to why a CWE might not be considered for mapping.

type ReasonsType 

type ReasonsType struct {
	Reason []*Reason `xml:"Reason"`
}

ReasonsType is The ReasonsType complex type is used to identify the different reasons to why a CWE should not be considered.

type Reference 

type Reference struct {
	ExternalReferenceIDAttr string `xml:"External_Reference_ID,attr"`
	SectionAttr             string `xml:"Section,attr,omitempty"`
}

Reference ...

type ReferencesType 

type ReferencesType struct {
	Reference []*Reference `xml:"Reference"`
}

ReferencesType is The ReferencesType complex type contains one or more reference elements, each of which is used to link to an external reference defined within the catalog. The required External_Reference_ID attribute represents the external reference entry being linked to (e.g., REF-1). Text or quotes within the same CWE entity can cite this External_Reference_ID similar to how a footnote is used, and should use the format [REF-1]. The optional Section attribute holds any section title or page number that is specific to this use of the reference.

type RelatedAttackPattern 

type RelatedAttackPattern struct {
	XMLName     xml.Name `xml:"Related_Attack_Pattern"`
	CAPECIDAttr int      `xml:"CAPEC_ID,attr"`
}

RelatedAttackPattern ...

type RelatedAttackPatternsType 

type RelatedAttackPatternsType struct {
	RelatedAttackPattern []*RelatedAttackPattern `xml:"Related_Attack_Pattern"`
}

RelatedAttackPatternsType is The RelatedAttackPatternsType complex type contains references to attack patterns associated with this weakness. The association implies those attack patterns may be applicable if an instance of this weakness exists. Each related attack pattern is identified by a CAPEC identifier.

type RelatedNatureEnumeration 

type RelatedNatureEnumeration string

RelatedNatureEnumeration is The RelatedNatureEnumeration simple type defines the different values that can be used to define the nature of a related weakness. A ChildOf nature denotes a related weakness at a higher level of abstraction. A ParentOf nature denotes a related weakness at a lower level of abstraction. The StartsWith, CanPrecede, and CanFollow relationships are used to denote weaknesses that are part of a chaining structure. The RequiredBy and Requires relationships are used to denote a weakness that is part of a composite weakness structure. The CanAlsoBe relationship denotes a weakness that, in the proper environment and context, can also be perceived as the target weakness. Note that the CanAlsoBe relationship is not necessarily reciprocal. The PeerOf relationship is used to show some similarity with the target weakness that does not fit any of the other type of relationships.

type RelatedWeakness 

type RelatedWeakness struct {
	XMLName     xml.Name `xml:"Related_Weakness"`
	NatureAttr  string   `xml:"Nature,attr"`
	CWEIDAttr   int      `xml:"CWE_ID,attr"`
	ViewIDAttr  int      `xml:"View_ID,attr"`
	ChainIDAttr int      `xml:"Chain_ID,attr,omitempty"`
	OrdinalAttr string   `xml:"Ordinal,attr,omitempty"`
}

RelatedWeakness ...

type RelatedWeaknessesType 

type RelatedWeaknessesType struct {
	RelatedWeakness []*RelatedWeakness `xml:"Related_Weakness"`
}

RelatedWeaknessesType is The RelatedWeaknessesType complex type is used to refer to other weaknesses that differ only in their level of abstraction. It contains one or more Related_Weakness elements, each of which is used to link to the CWE identifier of the other Weakness. The nature of the relation is captured by the Nature attribute. Please see the RelatedNatureEnumeration simple type definition for details about the valid value and meanings. The optional Chain_ID attribute specifies the unique ID of a named chain that a CanFollow or CanPrecede relationship pertains to. The optional Ordinal attribute is used to determine if this relationship is the primary ChildOf relationship for this weakness for a given View_ID. This attribute can only have the value "Primary" and should only be included for the primary parent/child relationship. For each unique triple of <Nature, CWE_ID, View_ID>, there should be only one relationship that is given a "Primary" ordinal.

type RelationshipsType 

type RelationshipsType struct {
	MemberOf  []*MemberType `xml:"Member_Of"`
	HasMember []*MemberType `xml:"Has_Member"`
}

RelationshipsType is The RelationshipsType complex type provides elements to show the associated relationships with a given view or category. The Member_Of element is used to denote the individual categories that are included as part of the target view. The Has_Member element is used to define the weaknesses or other categories that are grouped together by a category. In both cases, the required MemberType's CWE_ID attribute specifies the unique CWE ID that is the target entry of the relationship, while the View_ID specifies which view the given relationship is relevant to.

type ResourceEnumeration 

type ResourceEnumeration string

ResourceEnumeration is The ResourceEnumeration simple type defines different resources of a system.

type ScopeEnumeration 

type ScopeEnumeration string

ScopeEnumeration is The ScopeEnumeration simple type defines the different areas of security that can be affected by exploiting a weakness.

type Stakeholder 

type Stakeholder struct {
	Type        string `xml:"Type"`
	Description string `xml:"Description"`
}

Stakeholder ...

type StakeholderEnumeration 

type StakeholderEnumeration string

StakeholderEnumeration is The StakeholderEnumeration simple type defines the different types of users within the CWE community.

type StatusEnumeration 

type StatusEnumeration string

StatusEnumeration is The StatusEnumeration simple type defines the different status values that an entity (view, category, weakness) can have. A value of Deprecated refers to an entity that has been removed from CWE, likely because it was a duplicate or was created in error. A value of Obsolete is used when an entity is still valid but no longer is relevant, likely because it has been superseded by a more recent entity. A value of Incomplete means that the entity does not have all important elements filled, and there is no guarantee of quality. A value of Draft refers to an entity that has all important elements filled, and critical elements such as Name and Description are reasonably well-written; the entity may still have important problems or gaps. A value of Usable refers to an entity that has received close, extensive review, with critical elements verified. A value of Stable indicates that all important elements have been verified, and the entry is unlikely to change significantly in the future. Note that the quality requirements for Draft and Usable status are very resource-intensive to accomplish, while some Incomplete and Draft entries are actively used by the general public; so, this status enumeration might change in the future.

type StructureEnumeration 

type StructureEnumeration string

StructureEnumeration is The StructureEnumeration simple type lists the different structural natures of a weakness. A Simple structure represents a single weakness whose exploitation is not dependent on the presence of another weakness. A Composite is a set of weaknesses that must all be present simultaneously in order to produce an exploitable vulnerability, while a Chain is a set of weaknesses that must be reachable consecutively in order to produce an exploitable vulnerability.

type StructuredCodeNatureEnumeration 

type StructuredCodeNatureEnumeration string

StructuredCodeNatureEnumeration is The StructuredCodeNatureEnumeration sinple type defines the different values that state what type of code is being shown in an eample.

type StructuredCodeType 

type StructuredCodeType struct {
	LanguageAttr string `xml:"Language,attr,omitempty"`
	NatureAttr   string `xml:"Nature,attr"`
}

StructuredCodeType is The StructuredCodeType complex type is used to present source code examples and other structured text that is not a regular paragraph. It allows embedded XHTML content to enable formatting of the code. The required Nature attribute states what type of code the example shows. The optional Language attribute states which source code language is used in the example. This is mostly appropriate when the Nature is "good" or "bad".

type StructuredTextType 

type StructuredTextType struct {
}

StructuredTextType is The StructuredTextType complex type is used to allow XHTML content embedded within standard string data. Some common elements are: <BR/> to insert a line break, <UL><LI/></UL> to create a bulleted list, <OL><LI/></OL> to create a numbered list, and <DIV style="margin-left: 40px"></DIV> to create a new indented section.

type Submission 

type Submission struct {
	SubmissionName         string `xml:"Submission_Name"`
	SubmissionOrganization string `xml:"Submission_Organization"`
	SubmissionDate         string `xml:"Submission_Date"`
	SubmissionVersion      string `xml:"Submission_Version"`
	SubmissionReleaseDate  string `xml:"Submission_ReleaseDate"`
	SubmissionComment      string `xml:"Submission_Comment"`
}

Submission ...

type Suggestion 

type Suggestion struct {
	CWEIDAttr   int    `xml:"CWE_ID,attr"`
	CommentAttr string `xml:"Comment,attr"`
}

Suggestion ...

type SuggestionsType 

type SuggestionsType struct {
	Suggestion []*Suggestion `xml:"Suggestion"`
}

SuggestionsType is The SuggestionsType complex type is used to suggest other CWE entries that might be more appropriate to use for mapping.

type TaxonomyMapping 

type TaxonomyMapping struct {
	XMLName          xml.Name `xml:"Taxonomy_Mapping"`
	TaxonomyNameAttr string   `xml:"Taxonomy_Name,attr"`
	EntryID          string   `xml:"Entry_ID"`
	EntryName        string   `xml:"Entry_Name"`
	MappingFit       string   `xml:"Mapping_Fit"`
}

TaxonomyMapping ...

type TaxonomyMappingFitEnumeration 

type TaxonomyMappingFitEnumeration string

TaxonomyMappingFitEnumeration is The TaxonomyMappingFitEnumeration simple type defines the different values used to describe how close a certain mapping to CWE is.

type TaxonomyMappingsType 

type TaxonomyMappingsType struct {
	TaxonomyMapping []*TaxonomyMapping `xml:"Taxonomy_Mapping"`
}

TaxonomyMappingsType is The TaxonomyMappingsType complex type is used to provide a mapping from an entry (Weakness or Category) in CWE to an equivalent entry in a different taxonomy. The required Taxonomy_Name attribute identifies the taxonomy to which the mapping is being made. The Entry_ID and Entry_Name elements identify the ID and name of the entry which is being mapped. The Mapping_Fit element identifies how close the CWE is to the entry in the taxonomy.

type TaxonomyNameEnumeration 

type TaxonomyNameEnumeration string

TaxonomyNameEnumeration is The TaxonomyNameEnumeration simple type lists the different known taxomomies that can be mapped to CWE.

type TechnicalImpactEnumeration 

type TechnicalImpactEnumeration string

TechnicalImpactEnumeration is The TechnicalImpactEnumeration simple type describes the technical impacts that can arise if an adversary successfully exploits a weakness.

type Technology 

type Technology struct {
	NameAttr       string `xml:"Name,attr,omitempty"`
	ClassAttr      string `xml:"Class,attr,omitempty"`
	PrevalenceAttr string `xml:"Prevalence,attr"`
}

Technology ...

type TechnologyClassEnumeration 

type TechnologyClassEnumeration string

TechnologyClassEnumeration is Used to indicate that the entry is not limited to a small set of technologies, i.e., it can appear in many different technologies.

type TechnologyNameEnumeration 

type TechnologyNameEnumeration string

TechnologyNameEnumeration is hardware Intellectual Property (IP) designed to verify functionality and identify root cause of defects: JTAG, BIST, boundary scan, pattern generator, etc.

type UsageEnumeration 

type UsageEnumeration string

UsageEnumeration is this CWE ID could be used to map to real-world vulnerabilities in limited situations requiring careful review

type ViewType 

type ViewType struct {
	IDAttr         int                 `xml:"ID,attr"`
	NameAttr       string              `xml:"Name,attr"`
	TypeAttr       string              `xml:"Type,attr"`
	StatusAttr     string              `xml:"Status,attr"`
	Objective      *StructuredTextType `xml:"Objective"`
	Audience       *AudienceType       `xml:"Audience"`
	Members        *RelationshipsType  `xml:"Members"`
	Filter         string              `xml:"Filter"`
	References     *ReferencesType     `xml:"References"`
	MappingNotes   *MappingNotesType   `xml:"Mapping_Notes"`
	Notes          *NotesType          `xml:"Notes"`
	ContentHistory *ContentHistoryType `xml:"Content_History"`
}

ViewType is The required ID attribute provides a unique identifier for the view. It is meant to be static for the lifetime of the view. If the view becomes deprecated, the ID should not be reused, and a placeholder for the deprecated view should be left in the catalog. The required Name attribute provides a descriptive title used to give the reader an idea of what perspective this view represents. All words in the name should be capitalized except for articles and prepositions, unless they begin or end the name. The required Type attribute describes how this view is being constructed. Please refer to the ViewTypeEnumeration simple type for a list of valid values and their meanings. The required Status attribute defines the maturity of the information for this view. Please refer to the StatusEnumeration simple type for a list of valid values and their meanings.

type ViewTypeEnumeration 

type ViewTypeEnumeration string

ViewTypeEnumeration is The ViewTypeEnumeration simple type defines the different types of views that can be found within CWE. A graph is a hierarchical representation of weaknesses based on a specific vantage point that a user may take. The hierarchy often starts with a category, followed by a class/base weakness, and ends with a variant weakness. In addition to graphs, a view can be a slice, which is a flat list of entries that does not specify any relationships between those entries. An explicit slice is a subset of weaknesses that are related through some external factor. For example, an explicit slice may be used to represent mappings to external groupings like a Top-N list. An implicit slice is a subset of weaknesses that are related through a specific attribute, as indicated by the Filter element of the View. For example, an implicit slice may refer to all weaknesses in draft status, or all class level weaknesses.

type Views 

type Views struct {
	View []*ViewType `xml:"View"`
}

Views ...

type WeaknessCatalog 

type WeaknessCatalog struct {
	XMLName            xml.Name            `xml:"Weakness_Catalog"`
	NameAttr           string              `xml:"Name,attr"`
	VersionAttr        string              `xml:"Version,attr"`
	DateAttr           string              `xml:"Date,attr"`
	Weaknesses         *Weaknesses         `xml:"Weaknesses"`
	Categories         *Categories         `xml:"Categories"`
	Views              *Views              `xml:"Views"`
	ExternalReferences *ExternalReferences `xml:"External_References"`
}

WeaknessCatalog ...

type WeaknessOrdinalitiesType 

type WeaknessOrdinalitiesType struct {
	WeaknessOrdinality []*WeaknessOrdinality `xml:"Weakness_Ordinality"`
}

WeaknessOrdinalitiesType is The WeaknessOrdinalitiesType complex type indicates potential ordering relationships with other weaknesses. The required Ordinality element identifies whether the weakness has a primary, resultant, or indirect relationship. The optional Description contains the context in which the relationship exists. It is important to note that it is possible for the same entry to be primary in some instances and resultant in others.

type WeaknessOrdinality 

type WeaknessOrdinality struct {
	XMLName     xml.Name `xml:"Weakness_Ordinality"`
	Ordinality  string   `xml:"Ordinality"`
	Description string   `xml:"Description"`
}

WeaknessOrdinality ...

type WeaknessType 

type WeaknessType struct {
	IDAttr                int                        `xml:"ID,attr"`
	NameAttr              string                     `xml:"Name,attr"`
	AbstractionAttr       string                     `xml:"Abstraction,attr"`
	StructureAttr         string                     `xml:"Structure,attr"`
	StatusAttr            string                     `xml:"Status,attr"`
	Description           string                     `xml:"Description"`
	ExtendedDescription   *StructuredTextType        `xml:"Extended_Description"`
	RelatedWeaknesses     *RelatedWeaknessesType     `xml:"Related_Weaknesses"`
	WeaknessOrdinalities  *WeaknessOrdinalitiesType  `xml:"Weakness_Ordinalities"`
	ApplicablePlatforms   *ApplicablePlatformsType   `xml:"Applicable_Platforms"`
	BackgroundDetails     *BackgroundDetailsType     `xml:"Background_Details"`
	AlternateTerms        *AlternateTermsType        `xml:"Alternate_Terms"`
	ModesOfIntroduction   *ModesOfIntroductionType   `xml:"Modes_Of_Introduction"`
	ExploitationFactors   *ExploitationFactorsType   `xml:"Exploitation_Factors"`
	LikelihoodOfExploit   string                     `xml:"Likelihood_Of_Exploit"`
	CommonConsequences    *CommonConsequencesType    `xml:"Common_Consequences"`
	DetectionMethods      *DetectionMethodsType      `xml:"Detection_Methods"`
	PotentialMitigations  *PotentialMitigationsType  `xml:"Potential_Mitigations"`
	DemonstrativeExamples *DemonstrativeExamplesType `xml:"Demonstrative_Examples"`
	ObservedExamples      *ObservedExampleType       `xml:"Observed_Examples"`
	FunctionalAreas       *FunctionalAreasType       `xml:"Functional_Areas"`
	AffectedResources     *AffectedResourcesType     `xml:"Affected_Resources"`
	TaxonomyMappings      *TaxonomyMappingsType      `xml:"Taxonomy_Mappings"`
	RelatedAttackPatterns *RelatedAttackPatternsType `xml:"Related_Attack_Patterns"`
	References            *ReferencesType            `xml:"References"`
	MappingNotes          *MappingNotesType          `xml:"Mapping_Notes"`
	Notes                 *NotesType                 `xml:"Notes"`
	ContentHistory        *ContentHistoryType        `xml:"Content_History"`
}

WeaknessType is The required ID attribute provides a unique identifier for the entry. It is considered static for the lifetime of the entry. If this entry becomes deprecated, the identifier will not be reused. The required Name attribute is a string that identifies the entry. The name should focus on the weakness being described and should avoid mentioning the attack that exploits the weakness or the consequences of exploiting the weakness. All words in the entry name should be capitalized except for articles and prepositions, unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized. The required Abstraction attribute defines the abstraction level for this weakness. The required Structure attribute defines the structural nature of the weakness. The required Status attribute defines the maturity of the information for this weakness.

type Weaknesses 

type Weaknesses struct {
	Weakness []*WeaknessType `xml:"Weakness"`
}

Weaknesses ...

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.