model

package
v0.6.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 2, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Matches

func Matches(Iface interface{}, regexes map[string][]*regexp.Regexp) bool

Matches applies a list of map of param -> regexes to a statement structure

func MergeStatements

func MergeStatements(ms ...map[string]Statement) map[string]Statement

MergeStatements merges a variable number of statements

Types

type Alias

type Alias string

Alias represents other alternative identifiers of the vulnerability

type Artifact

type Artifact struct {
	// ID is a PURL
	ID string `yaml:"id" json:"id"`
	// VersionRange string `yaml:"versions"`
	Reason   string `yaml:"reason" json:"reason"`
	Affected bool   `yaml:"affected" json:"affected"`
}

Artifact represents a binary artifact (e.g., a .jar, a POM)

type Bug

type Bug struct {
	VulnerabilityID  string            `json:"bugId"`
	Description      string            `json:"description,omitempty"`
	Links            []string          `json:"reference,omitemtpy"`
	ConstructChanges []ConstructChange `json:"constructChanges"`
}

A Bug represents vulnerabilities (as represented in the output obtained from the Steady backend)

func (*Bug) ToStatement

func (b *Bug) ToStatement() *Statement

ToStatement converts a bug as represented by the backend/bugs/VULN-ID endpoint of Steady to a statement object

type Commit

type Commit struct {
	ID            string `yaml:"id"`
	RepositoryURL string `yaml:"repository"`
}

Commit identifies a single commit in a repository

type CommitSet

type CommitSet struct {
	// contains filtered or unexported fields
}

CommitSet implements a set of (unique) Commits

func NewCommitSet

func NewCommitSet() CommitSet

NewCommitSet creates a new empty CommitSet

func (*CommitSet) Add

func (set *CommitSet) Add(cc ...Commit)

Add adds a Commit cc to the set

func (*CommitSet) AddSlice

func (set *CommitSet) AddSlice(s []Commit)

AddSlice adds all *Commit elements in slice s to the set

func (*CommitSet) Contains

func (set *CommitSet) Contains(cc Commit) bool

Contains checks if *Commit cc exists in the set

func (*CommitSet) Elements

func (set *CommitSet) Elements() []Commit

Elements returns the number of elements in the set

func (*CommitSet) Empty

func (set *CommitSet) Empty() bool

Empty returns true if the set contains no elements

func (*CommitSet) Remove

func (set *CommitSet) Remove(cc ...Commit)

Remove deletes a *Commit cc from the set

func (*CommitSet) Size

func (set *CommitSet) Size() int

Size returns the number of elements in the set

type ConstructChange

type ConstructChange struct {
	Repo     string `yaml:"repo"`
	Commit   string `yaml:"commit"`
	RepoPath string `yaml:"repoPath"`
}

ConstructChange represents a commit fix in the vuln database

type Fix

type Fix struct {
	ID      string
	Commits []Commit
}

Fix represents a group of commits that implement the fix for a given vulnerability

type MergeLog

type MergeLog struct {
	// contains filtered or unexported fields
}

MergeLog is a collection of merge records, documenting how a merge operation was performed

func NewMergeLog

func NewMergeLog(executionID string) MergeLog

NewMergeLog creates a new instance of a MergeLog

func (*MergeLog) Dump

func (ml *MergeLog) Dump(filepath string)

Dump saves the MergeLog to a file

func (*MergeLog) Entries

func (ml *MergeLog) Entries() []MergeLogEntry

Entries returns all entries in the MergeLog

func (*MergeLog) Log

func (ml *MergeLog) Log(logEntry MergeLogEntry)

Log appends a MergeLogEntry to the MergeLog

type MergeLogEntry

type MergeLogEntry struct {
	// contains filtered or unexported fields
}

A MergeLogEntry represents the results of a merge operation Must identify which element from each statments are dropped or kept

func (MergeLogEntry) String

func (mle MergeLogEntry) String() (output string)

type Metadata

type Metadata struct {
	Origin     string
	Branch     string
	OriginRank int
	LocalPath  string
}

Metadata represents the commit relating to the statement.yaml itself

type Note

type Note struct {
	Links []string `json:"links"`
	Text  string   `json:"text"`
	// contains filtered or unexported fields
}

A Note represents a description that accompanies a statement; it can have a set of links and a free-text comment. Neither are mandatory.

func (Note) Equals

func (n Note) Equals(anotherNote Note) bool

Equals determines whether two Notes are the same

func (Note) Hash

func (n Note) Hash() string

Hash computes a unique identifiers for a Note value

func (Note) String

func (n Note) String() string

type NullPolicy

type NullPolicy struct{}

NullPolicy implements a policy that does nothing

func (NullPolicy) Reconcile

func (st NullPolicy) Reconcile(statements []Statement) ReconcileResult

Reconcile just returns the first of the two statements as is

func (NullPolicy) Reduce

func (st NullPolicy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)

Reduce just returns the same statements as passed in input

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy represents a way to reconcile non-independent statements and how to reduce sets of statements merging those that can be reconciled

func NewNullPolicy

func NewNullPolicy() Policy

NewNullPolicy constructs a new NullPolicy instance

func NewSmartPolicy

func NewSmartPolicy() Policy

NewSmartPolicy constructs a new SoftPolicy instance

func NewSoftPolicy

func NewSoftPolicy() Policy

NewSoftPolicy constructs a new SoftPolicy instance

func NewStrictPolicy

func NewStrictPolicy() Policy

NewStrictPolicy creates and initializes a new StrictPolicy instance

func (*Policy) Reconcile

func (s *Policy) Reconcile(statements []Statement) ReconcileResult

Reconcile merges two statements into one as specified in the Merger object

func (*Policy) Reduce

func (s *Policy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)

Reduce scans a list of Statements and merges those that can be reconciled

type ReconcileResult

type ReconcileResult struct {
	// contains filtered or unexported fields
}

ReconcileResult encodes the result of a reconcile operation

type SmartPolicy

type SmartPolicy struct{}

SmartPolicy reconciles statements trying hard to merge different sources.

func (SmartPolicy) Reconcile

func (s SmartPolicy) Reconcile(statements []Statement) ReconcileResult

Reconcile returns a single statement out of a list of statements

func (SmartPolicy) Reduce

func (s SmartPolicy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)

Reduce only keeps independent statements and discards statements that are non-independent

type SoftPolicy

type SoftPolicy struct{}

SoftPolicy reconciles statements as follows:

  • Aliases: union
  • Notes: union (to be defined)
  • Fixes: union, but keep those from higher priority source in case of conflict
  • AffectedArtifacts: union, but keep those from higher priority source in case of conflict

func (SoftPolicy) Reconcile

func (s SoftPolicy) Reconcile(statements []Statement) ReconcileResult

Reconcile returns a single statement out of a list of statements

func (*SoftPolicy) ReconcileAliases

func (s *SoftPolicy) ReconcileAliases(statements []Statement, result *Statement) error

ReconcileAliases implements the policy to reconcile the Aliases section of a Statement Result: union

func (*SoftPolicy) ReconcileFixesAndNotes

func (s *SoftPolicy) ReconcileFixesAndNotes(statements []Statement, result *Statement) error

ReconcileFixesAndNotes implements the policy to reconcile the Fixes section of a Statement as well as the Notes Result: take all the fixes from the highest ranked source. If same rank, fail.

As for Notes: take them from the Statement from which the Fixes are taken. If there are other Statements that do not bring Fixes, append their Notes. IGNORE THIS: Description-only statemetns should only be considered if they are reconciled with another non-independent statement that does have fixes

cases: - multiple top-rank sources

  • FAIL

- one top-rank source has fixes, additional lower-rank sources have notes

  • take fixes from top-rank, append notes from all the other lower-rank sources that do now bring fixes

- one top-rank source has only notes

  • take those notes, plus take fixes (and notes if any) from second-best ranked, if unique, else FAIL

func (SoftPolicy) Reduce

func (s SoftPolicy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)

Reduce only keeps independent statements and discards statements that are non-independent

type Statement

type Statement struct {
	ID                uuid.UUID  `yaml:"-" json:"-"`
	VulnerabilityID   string     `yaml:"vulnerability_id" json:"vulnerability_id"`
	Aliases           []Alias    `yaml:"aliases" json:"aliases"`
	Fixes             []Fix      `yaml:"fixes" json:"-"`
	AffectedArtifacts []Artifact `yaml:"artifacts" json:"affected_artifacts"`
	Notes             []Note     `yaml:"notes" json:"notes"`
	Metadata          Metadata   `yaml:"-" json:"-"`
}

Statement represents a vulnerability statement

func NewStatementFromFile

func NewStatementFromFile(path string) Statement

NewStatementFromFile creates a statement

func (Statement) PrettyPrint

func (s Statement) PrettyPrint() (output string)

PrettyPrint formats a Statement nicely for output on screen/file

func (Statement) String

func (s Statement) String() (output string)

func (*Statement) ToFile

func (s *Statement) ToFile(path string) error

ToFile writes a statement to a file in the directory path specified as argument. If the specified directory does not exist, is is created (including all necessary ancestors)

func (Statement) ToJSON

func (s Statement) ToJSON() string

ToJSON returns the JSON representation of a statement (as a string)

type StatementReconciler

type StatementReconciler interface {
	Reconcile([]Statement) ReconcileResult
	Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)
}

The StatementReconciler interface defines the types that have the capability to reconcile statements that are not independent and how to reduce sets of statements by applying such reconcile operation to non-independent statements

type StrictPolicy

type StrictPolicy struct {
}

StrictPolicy refuses to solve conflicts and does not perform any reconcile action; In other words, non-independent statements are not reconciled, but reported to the user who might then want to merge them manually

func (StrictPolicy) Reconcile

func (p StrictPolicy) Reconcile(statements []Statement) ReconcileResult

Reconcile does nothing (returns always a void Statement); if the two statements in input are not independent a suitable error signals it This is implemented just to satisfy the StatementReconciler interface, but this method is not supposed to be called ever.

func (StrictPolicy) Reduce

func (p StrictPolicy) Reduce(stmts map[string][]Statement) (map[string][]Statement, MergeLog, error)

Reduce only keeps independent statemens and discards statements that are non-independent

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL