Documentation ¶
Index ¶
- func Matches(Iface interface{}, regexes map[string][]*regexp.Regexp) bool
- func MergeStatements(ms ...map[string]Statement) map[string]Statement
- type Alias
- type Artifact
- type Bug
- type Commit
- type CommitSet
- type ConstructChange
- type Fix
- type MergeLog
- type MergeLogEntry
- type Metadata
- type Note
- type NullPolicy
- type Policy
- type ReconcileResult
- type SmartPolicy
- type SoftPolicy
- func (s SoftPolicy) Reconcile(statements []Statement) ReconcileResult
- func (s *SoftPolicy) ReconcileAliases(statements []Statement, result *Statement) error
- func (s *SoftPolicy) ReconcileFixesAndNotes(statements []Statement, result *Statement) error
- func (s SoftPolicy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)
- type Statement
- type StatementReconciler
- type StrictPolicy
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Artifact ¶
type Artifact struct { // ID is a PURL ID string `yaml:"id" json:"id"` // VersionRange string `yaml:"versions"` Reason string `yaml:"reason" json:"reason"` Affected bool `yaml:"affected" json:"affected"` }
Artifact represents a binary artifact (e.g., a .jar, a POM)
type Bug ¶
type Bug struct { VulnerabilityID string `json:"bugId"` Description string `json:"description,omitempty"` Links []string `json:"reference,omitemtpy"` ConstructChanges []ConstructChange `json:"constructChanges"` }
A Bug represents vulnerabilities (as represented in the output obtained from the Steady backend)
func (*Bug) ToStatement ¶
ToStatement converts a bug as represented by the backend/bugs/VULN-ID endpoint of Steady to a statement object
type CommitSet ¶
type CommitSet struct {
// contains filtered or unexported fields
}
CommitSet implements a set of (unique) Commits
type ConstructChange ¶
type ConstructChange struct { Repo string `yaml:"repo"` Commit string `yaml:"commit"` RepoPath string `yaml:"repoPath"` }
ConstructChange represents a commit fix in the vuln database
type MergeLog ¶
type MergeLog struct {
// contains filtered or unexported fields
}
MergeLog is a collection of merge records, documenting how a merge operation was performed
func NewMergeLog ¶
NewMergeLog creates a new instance of a MergeLog
func (*MergeLog) Entries ¶
func (ml *MergeLog) Entries() []MergeLogEntry
Entries returns all entries in the MergeLog
func (*MergeLog) Log ¶
func (ml *MergeLog) Log(logEntry MergeLogEntry)
Log appends a MergeLogEntry to the MergeLog
type MergeLogEntry ¶
type MergeLogEntry struct {
// contains filtered or unexported fields
}
A MergeLogEntry represents the results of a merge operation Must identify which element from each statments are dropped or kept
func (MergeLogEntry) String ¶
func (mle MergeLogEntry) String() (output string)
type Note ¶
type Note struct { Links []string `json:"links"` Text string `json:"text"` // contains filtered or unexported fields }
A Note represents a description that accompanies a statement; it can have a set of links and a free-text comment. Neither are mandatory.
type NullPolicy ¶
type NullPolicy struct{}
NullPolicy implements a policy that does nothing
func (NullPolicy) Reconcile ¶
func (st NullPolicy) Reconcile(statements []Statement) ReconcileResult
Reconcile just returns the first of the two statements as is
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
Policy represents a way to reconcile non-independent statements and how to reduce sets of statements merging those that can be reconciled
func NewSmartPolicy ¶
func NewSmartPolicy() Policy
NewSmartPolicy constructs a new SoftPolicy instance
func NewStrictPolicy ¶
func NewStrictPolicy() Policy
NewStrictPolicy creates and initializes a new StrictPolicy instance
func (*Policy) Reconcile ¶
func (s *Policy) Reconcile(statements []Statement) ReconcileResult
Reconcile merges two statements into one as specified in the Merger object
type ReconcileResult ¶
type ReconcileResult struct {
// contains filtered or unexported fields
}
ReconcileResult encodes the result of a reconcile operation
type SmartPolicy ¶
type SmartPolicy struct{}
SmartPolicy reconciles statements trying hard to merge different sources.
func (SmartPolicy) Reconcile ¶
func (s SmartPolicy) Reconcile(statements []Statement) ReconcileResult
Reconcile returns a single statement out of a list of statements
type SoftPolicy ¶
type SoftPolicy struct{}
SoftPolicy reconciles statements as follows:
- Aliases: union
- Notes: union (to be defined)
- Fixes: union, but keep those from higher priority source in case of conflict
- AffectedArtifacts: union, but keep those from higher priority source in case of conflict
func (SoftPolicy) Reconcile ¶
func (s SoftPolicy) Reconcile(statements []Statement) ReconcileResult
Reconcile returns a single statement out of a list of statements
func (*SoftPolicy) ReconcileAliases ¶
func (s *SoftPolicy) ReconcileAliases(statements []Statement, result *Statement) error
ReconcileAliases implements the policy to reconcile the Aliases section of a Statement Result: union
func (*SoftPolicy) ReconcileFixesAndNotes ¶
func (s *SoftPolicy) ReconcileFixesAndNotes(statements []Statement, result *Statement) error
ReconcileFixesAndNotes implements the policy to reconcile the Fixes section of a Statement as well as the Notes Result: take all the fixes from the highest ranked source. If same rank, fail.
As for Notes: take them from the Statement from which the Fixes are taken. If there are other Statements that do not bring Fixes, append their Notes. IGNORE THIS: Description-only statemetns should only be considered if they are reconciled with another non-independent statement that does ahve fixes
cases: - multiple top-rank sources
- FAIL
- one top-rank source has fixes, additional lower-rank sources have notes
- take fixes from top-rank, append notes from all the other lower-rank sources that do now bring fixes
- one top-rank source has only notes
- take those notes, plus take fixes (and notes if any) from second-best ranked, if unique, else FAIL
type Statement ¶
type Statement struct { ID uuid.UUID `yaml:"-" json:"-"` VulnerabilityID string `yaml:"vulnerability_id" json:"vulnerability_id"` Aliases []Alias `yaml:"aliases" json:"aliases"` Fixes []Fix `yaml:"fixes" json:"-"` AffectedArtifacts []Artifact `yaml:"artifacts" json:"affected_artifacts"` Notes []Note `yaml:"notes" json:"notes"` Metadata Metadata `yaml:"-" json:"-"` }
Statement represents a vulnerability statement
func NewStatementFromFile ¶
NewStatementFromFile creates a statement
func (Statement) PrettyPrint ¶
PrettyPrint formats a Statement nicely for output on screen/file
type StatementReconciler ¶
type StatementReconciler interface { Reconcile([]Statement) ReconcileResult Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error) }
The StatementReconciler interface defines the types that have the capability to reconcile statements that are not independent and how to reduce sets of statements by applying such reconcile operation to non-independent statements
type StrictPolicy ¶
type StrictPolicy struct { }
StrictPolicy refuses to solve conflicts and does not perform any reconcile action; In other words, non-independent statements are not reconciled, but reported to the user who might then want to merge them manually
func (StrictPolicy) Reconcile ¶
func (p StrictPolicy) Reconcile(statements []Statement) ReconcileResult
Reconcile does nothing (returns always a void Statement); if the two statements in input are not independent a suitable error signals it This is implemented just to satisfy the StatementReconciler interface, but this method is not supposed to be called ever.