Documentation ¶
Overview ¶
Package csaf provides functionality for handling Common Security Advisory Framework Version 2.0 documents: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
Index ¶
- type CSAF
- type CVSSV2
- type CVSSV3
- type CVSSV4
- type DocumentMetadata
- type Flag
- type Note
- type Product
- type ProductBranch
- type Publisher
- type Reference
- type Relationship
- type Relationships
- type RemediationData
- type RestartData
- type Score
- type ThreatData
- type Tracking
- type TrackingID
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSAF ¶
type CSAF struct { // Document contains metadata about the CSAF document itself. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property Document DocumentMetadata `json:"document"` // ProductTree contains information about the product tree (branches only). // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#322-product-tree-property ProductTree ProductBranch `json:"product_tree"` // Vulnerabilities contains information about the vulnerabilities, // (i.e. CVEs), associated threats, and product status. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property Vulnerabilities []Vulnerability `json:"vulnerabilities"` // Notes holds notes associated with the whole document. // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3217-document-property---notes Notes []Note `json:"notes"` }
CSAF is a Common Security Advisory Framework Version 2.0 document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
func (*CSAF) FindRelationship ¶
func (csafDoc *CSAF) FindRelationship(productID, category string) *Relationship
FindRelationship returns a Relationship (if it exists) for a given productID-category pair otherwise nil.
func (*CSAF) FindRemediation ¶
func (csafDoc *CSAF) FindRemediation(productID string) *RemediationData
FindRemediation returns RemediationData (if it exists) for a given productID otherwise nil.
type CVSSV2 ¶
type CVSSV2 struct { BaseScore float64 `json:"baseScore"` VectorString string `json:"vectorString"` Version string `json:"version"` }
CVSSV2 describes CVSSv2.0 specification as defined here:
Only the required fields are defined.
type CVSSV3 ¶
type CVSSV3 struct { BaseScore float64 `json:"baseScore"` BaseSeverity string `json:"baseSeverity"` VectorString string `json:"vectorString"` Version string `json:"version"` }
CVSSV3 describes both the CVSSv3.0 and CVSSv3.1 specifications as defined here:
Only the required fields are defined.
type CVSSV4 ¶
type CVSSV4 struct { BaseScore float64 `json:"baseScore"` BaseSeverity string `json:"baseSeverity"` VectorString string `json:"vectorString"` Version string `json:"version"` }
CVSSV4 describes CVSSv4.0 specification as defined here:
Only the required fields are defined.
type DocumentMetadata ¶
type DocumentMetadata struct { Title string `json:"title"` Tracking Tracking `json:"tracking"` References []Reference `json:"references"` Publisher Publisher `json:"publisher"` }
DocumentMetadata contains metadata about the CSAF document itself.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
type Flag ¶
type Flag struct { Label string `json:"label"` Date time.Time `json:"date"` GroupIDs []string `json:"group_ids"` ProductIDs []string `json:"product_ids"` }
Machine readable flags for products related to the Vulnerability
type Note ¶
type Note struct { Category string `json:"category"` Text string `json:"text"` Title string `json:"title"` Audience string `json:"audience"` }
Note describes additional information that is specific to the object in which it's a member.
type Product ¶
type Product struct { Name string `json:"name"` ID string `json:"product_id"` IdentificationHelper map[string]string `json:"product_identification_helper"` }
Product contains information used to identify a product.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3124-branches-type---product
type ProductBranch ¶
type ProductBranch struct { Category string `json:"category"` Name string `json:"name"` Branches []ProductBranch `json:"branches"` Product Product `json:"product"` Relationships Relationships `json:"relationships"` }
ProductBranch is a recursive struct that contains information about a product and its nested products.
func (*ProductBranch) FindProductByID ¶
func (branch *ProductBranch) FindProductByID(productID string) *Product
FindProductByID recursively searches for the first product identifier in the tree given the productID.
func (*ProductBranch) FindProductIdentifier ¶
func (branch *ProductBranch) FindProductIdentifier(helperType, helperValue string) *Product
FindProductIdentifier recursively searches for the first product identifier in the tree given the helper value. Helper types are described here: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3133-full-product-name-type---product-identification-helper
type Publisher ¶
type Publisher struct { Category string `json:"category"` ContactDetails string `json:"contact_details"` IssuingAuthority string `json:"issuing_authority"` Name string `json:"name"` Namespace string `json:"namespace"` }
Publisher provides information on the publishing entity.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3218-document-property---publisher
type Reference ¶
type Reference struct { Category string `json:"category"` Summary string `json:"summary"` URL string `json:"url"` }
Document references holds a list of references associated with the whole document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3219-document-property---references
type Relationship ¶
type Relationship struct { Category string `json:"category"` FullProductName Product `json:"full_product_name"` ProductRef string `json:"product_reference"` RelatesToProductRef string `json:"relates_to_product_reference"` }
Relationship establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.
type Relationships ¶
type Relationships []Relationship
Relationships is a slice of Relationship objects
func (*Relationships) FindRelationship ¶
func (rs *Relationships) FindRelationship(productID, category string) *Relationship
FindRelationship looks up a csaf.Relationship from the productID and category strings provided.
type RemediationData ¶
type RemediationData struct { Category string `json:"category"` Date time.Time `json:"date"` Details string `json:"details"` Entitlements []string `json:"entitlements"` GroupIDs []string `json:"group_ids"` ProductIDs []string `json:"product_ids"` Restart RestartData `json:"restart_required"` URL string `json:"url"` }
RemediationData contains information about how to remediate a vulnerability for a set of products.
type RestartData ¶
Remediation instructions for restart of affected software.
type ThreatData ¶
type ThreatData struct { Category string `json:"category"` Details string `json:"details"` ProductIDs []string `json:"product_ids"` }
ThreatData contains information about a threat to a product.
type Tracking ¶
type Tracking struct { ID string `json:"id"` CurrentReleaseDate time.Time `json:"current_release_date"` InitialReleaseDate time.Time `json:"initial_release_date"` }
Tracking contains information used to track the CSAF document through its lifecycle.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32112-document-property---tracking
type TrackingID ¶
Every ID item with the two mandatory properties System Name (system_name) and Text (text) contains a single unique label or tracking ID for the vulnerability.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
type Vulnerability ¶
type Vulnerability struct { // MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3232-vulnerabilities-property---cve CVE string `json:"cve"` // List of IDs represents a list of unique labels or tracking IDs for the vulnerability (if such information exists). // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids IDs []TrackingID `json:"ids"` // Provide details on the status of the referenced product related to the vulnerability. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3239-vulnerabilities-property---product-status ProductStatus map[string][]string `json:"product_status"` // Provide details of threats associated with a vulnerability. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32314-vulnerabilities-property---threats Threats []ThreatData `json:"threats"` // Provide details of remediations associated with a Vulnerability // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32312-vulnerabilities-property---remediations Remediations []RemediationData `json:"remediations"` // Machine readable flags for products related to vulnerability // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3235-vulnerabilities-property---flags Flags []Flag `json:"flags"` // Vulnerability references holds a list of references associated with this vulnerability item. // // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32310-vulnerabilities-property---references References []Reference `json:"references"` ReleaseDate time.Time `json:"release_date"` // Notes holds notes associated with the Vulnerability object. // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3238-vulnerabilities-property---notes Notes []Note `json:"notes"` // Scores holds the scores associated with the Vulnerability object. // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32313-vulnerabilities-property---scores Scores []Score `json:"scores"` }
Vulnerability contains information about a CVE and its associated threats.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property