Documentation
¶
Overview ¶
Package csaf provides functionality for handling Common Security Advisory Framework Version 2.0 documents: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
Index ¶
- type CSAF
- type CVSSV2
- type CVSSV3
- type CVSSV4
- type DocumentMetadata
- type Flag
- type Note
- type Product
- type ProductBranch
- type Publisher
- type Reference
- type Relationship
- type Relationships
- type RemediationData
- type RestartData
- type Score
- type ThreatData
- type Tracking
- type TrackingID
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSAF ¶
type CSAF struct {
// Document contains metadata about the CSAF document itself.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
Document DocumentMetadata `json:"document"`
// ProductTree contains information about the product tree (branches only).
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#322-product-tree-property
ProductTree ProductBranch `json:"product_tree"`
// Vulnerabilities contains information about the vulnerabilities,
// (i.e. CVEs), associated threats, and product status.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
// Notes holds notes associated with the whole document.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3217-document-property---notes
Notes []Note `json:"notes"`
}
CSAF is a Common Security Advisory Framework Version 2.0 document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
func (*CSAF) FindRelationship ¶
func (csafDoc *CSAF) FindRelationship(productID, category string) *Relationship
FindRelationship returns a Relationship (if it exists) for a given productID-category pair otherwise nil.
func (*CSAF) FindRemediation ¶
func (csafDoc *CSAF) FindRemediation(productID string) *RemediationData
FindRemediation returns RemediationData (if it exists) for a given productID otherwise nil.
type CVSSV2 ¶
type CVSSV2 struct {
BaseScore float64 `json:"baseScore"`
VectorString string `json:"vectorString"`
Version string `json:"version"`
}
CVSSV2 describes CVSSv2.0 specification as defined here:
Only the required fields are defined.
type CVSSV3 ¶
type CVSSV3 struct {
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
VectorString string `json:"vectorString"`
Version string `json:"version"`
}
CVSSV3 describes both the CVSSv3.0 and CVSSv3.1 specifications as defined here:
Only the required fields are defined.
type CVSSV4 ¶
type CVSSV4 struct {
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
VectorString string `json:"vectorString"`
Version string `json:"version"`
}
CVSSV4 describes CVSSv4.0 specification as defined here:
Only the required fields are defined.
type DocumentMetadata ¶
type DocumentMetadata struct {
Title string `json:"title"`
Tracking Tracking `json:"tracking"`
References []Reference `json:"references"`
Publisher Publisher `json:"publisher"`
}
DocumentMetadata contains metadata about the CSAF document itself.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
type Flag ¶
type Flag struct {
Label string `json:"label"`
Date time.Time `json:"date"`
GroupIDs []string `json:"group_ids"`
ProductIDs []string `json:"product_ids"`
}
Machine readable flags for products related to the Vulnerability
type Note ¶
type Note struct {
Category string `json:"category"`
Text string `json:"text"`
Title string `json:"title"`
Audience string `json:"audience"`
}
Note describes additional information that is specific to the object in which it's a member.
type Product ¶
type Product struct {
Name string `json:"name"`
ID string `json:"product_id"`
IdentificationHelper map[string]string `json:"product_identification_helper"`
}
Product contains information used to identify a product.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3124-branches-type---product
type ProductBranch ¶
type ProductBranch struct {
Category string `json:"category"`
Name string `json:"name"`
Branches []ProductBranch `json:"branches"`
Product Product `json:"product"`
Relationships Relationships `json:"relationships"`
}
ProductBranch is a recursive struct that contains information about a product and its nested products.
func (*ProductBranch) FindProductByID ¶
func (branch *ProductBranch) FindProductByID(productID string) *Product
FindProductByID recursively searches for the first product identifier in the tree given the productID.
func (*ProductBranch) FindProductIdentifier ¶
func (branch *ProductBranch) FindProductIdentifier(helperType, helperValue string) *Product
FindProductIdentifier recursively searches for the first product identifier in the tree given the helper value. Helper types are described here: https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3133-full-product-name-type---product-identification-helper
type Publisher ¶
type Publisher struct {
Category string `json:"category"`
ContactDetails string `json:"contact_details"`
IssuingAuthority string `json:"issuing_authority"`
Name string `json:"name"`
Namespace string `json:"namespace"`
}
Publisher provides information on the publishing entity.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3218-document-property---publisher
type Reference ¶
type Reference struct {
Category string `json:"category"`
Summary string `json:"summary"`
URL string `json:"url"`
}
Document references holds a list of references associated with the whole document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3219-document-property---references
type Relationship ¶
type Relationship struct {
Category string `json:"category"`
FullProductName Product `json:"full_product_name"`
ProductRef string `json:"product_reference"`
RelatesToProductRef string `json:"relates_to_product_reference"`
}
Relationship establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.
type Relationships ¶
type Relationships []Relationship
Relationships is a slice of Relationship objects
func (*Relationships) FindRelationship ¶
func (rs *Relationships) FindRelationship(productID, category string) *Relationship
FindRelationship looks up a csaf.Relationship from the productID and category strings provided.
type RemediationData ¶
type RemediationData struct {
Category string `json:"category"`
Date time.Time `json:"date"`
Details string `json:"details"`
Entitlements []string `json:"entitlements"`
GroupIDs []string `json:"group_ids"`
ProductIDs []string `json:"product_ids"`
Restart RestartData `json:"restart_required"`
URL string `json:"url"`
}
RemediationData contains information about how to remediate a vulnerability for a set of products.
type RestartData ¶
Remediation instructions for restart of affected software.
type ThreatData ¶
type ThreatData struct {
Category string `json:"category"`
Details string `json:"details"`
ProductIDs []string `json:"product_ids"`
}
ThreatData contains information about a threat to a product.
type Tracking ¶
type Tracking struct {
ID string `json:"id"`
CurrentReleaseDate time.Time `json:"current_release_date"`
InitialReleaseDate time.Time `json:"initial_release_date"`
}
Tracking contains information used to track the CSAF document through its lifecycle.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32112-document-property---tracking
type TrackingID ¶
Every ID item with the two mandatory properties System Name (system_name) and Text (text) contains a single unique label or tracking ID for the vulnerability.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
type Vulnerability ¶
type Vulnerability struct {
// MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3232-vulnerabilities-property---cve
CVE string `json:"cve"`
// List of IDs represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
IDs []TrackingID `json:"ids"`
// Provide details on the status of the referenced product related to the vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3239-vulnerabilities-property---product-status
ProductStatus map[string][]string `json:"product_status"`
// Provide details of threats associated with a vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32314-vulnerabilities-property---threats
Threats []ThreatData `json:"threats"`
// Provide details of remediations associated with a Vulnerability
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32312-vulnerabilities-property---remediations
Remediations []RemediationData `json:"remediations"`
// Machine readable flags for products related to vulnerability
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3235-vulnerabilities-property---flags
Flags []Flag `json:"flags"`
// Vulnerability references holds a list of references associated with this vulnerability item.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32310-vulnerabilities-property---references
References []Reference `json:"references"`
ReleaseDate time.Time `json:"release_date"`
// Notes holds notes associated with the Vulnerability object.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3238-vulnerabilities-property---notes
Notes []Note `json:"notes"`
// Scores holds the scores associated with the Vulnerability object.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32313-vulnerabilities-property---scores
Scores []Score `json:"scores"`
}
Vulnerability contains information about a CVE and its associated threats.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property
Source Files