Documentation
¶
Index ¶
- Constants
- Variables
- func NewAdvisoriesSectionUpdater(updater configs.SectionUpdater[Advisories, Document]) configs.EntryUpdater[Document]
- func NewIndex(fsys rwfs.FS) (*configs.Index[Document], error)
- func NewIndexFromPaths(fsys rwfs.FS, paths ...string) (*configs.Index[Document], error)
- type Advisories
- func (advs Advisories) Get(id string) (Advisory, bool)
- func (advs Advisories) GetByVulnerability(id string) (Advisory, bool)
- func (advs Advisories) Len() int
- func (advs Advisories) Less(i, j int) bool
- func (advs Advisories) Swap(i, j int)
- func (advs Advisories) Update(id string, advisory Advisory) Advisories
- func (advs Advisories) Validate() error
- type Advisory
- type AnalysisNotPlanned
- type Detection
- type DetectionNVDAPI
- type Document
- type Event
- type EventTypeData
- type FalsePositiveDetermination
- type FixNotPlanned
- type Fixed
- type Package
- type Timestamp
- type TruePositiveDetermination
Constants ¶
View Source
const ( DetectionTypeManual = "manual" DetectionTypeNVDAPI = "nvdapi" )
View Source
const ( EventTypeDetection = "detection" EventTypeTruePositiveDetermination = "true-positive-determination" EventTypeFixed = "fixed" EventTypeFalsePositiveDetermination = "false-positive-determination" EventTypeAnalysisNotPlanned = "analysis-not-planned" EventTypeFixNotPlanned = "fix-not-planned" )
View Source
const ( // FPTypeVulnerabilityRecordAnalysisContested indicates that the distro // maintainers view the vulnerability record itself to be describing a behavior // that is not a security concern or that misattributes security fault to the // software in the distro package. // // VEX compatibility note: this type should be mapped to the // "vulnerable_code_not_present" justification. FPTypeVulnerabilityRecordAnalysisContested = "vulnerability-record-analysis-contested" // FPTypeComponentVulnerabilityMismatch indicates that the component referred to // by the vulnerability record is not the component found in the distribution // package. (For example, perhaps a vulnerability scanner found a vulnerability // for a package with the same name, but for a different language ecosystem.) // // VEX compatibility note: this type should be mapped to the // "component_not_present" justification. FPTypeComponentVulnerabilityMismatch = "component-vulnerability-mismatch" // FPTypeVulnerableCodeVersionNotUsed indicates that the vulnerability was // correctly matched to the component, except that the version(s) of the // component referred to by the vulnerability record have never been present in // a release of the distribution package. // // VEX compatibility note: this type should be mapped to the // "vulnerable_code_not_present" justification. FPTypeVulnerableCodeVersionNotUsed = "vulnerable-code-version-not-used" // FPTypeVulnerableCodeNotIncludedInPackage indicates that the vulnerable code // (e.g. a particular function) may have been available for use or retrieved // during the package build process but ultimately was not included in the // distro package. // // VEX compatibility note: this type should be mapped to the // "vulnerable_code_not_present" justification. FPTypeVulnerableCodeNotIncludedInPackage = "vulnerable-code-not-included-in-package" // FPTypeVulnerableCodeNotInExecutionPath indicates that the vulnerable code (e.g. // a particular function) is present in the package, but it is impossible for // this code to be executed in the package. // // VEX compatibility note: this type should be mapped to the // "vulnerable_code_not_in_execute_path" justification. FPTypeVulnerableCodeNotInExecutionPath = "vulnerable-code-not-in-execution-path" // FPTypeVulnerableCodeCannotBeControlledByAdversary indicates that the // vulnerable code is present and able to be executed, but not in a way that can // be exploited by an adversary. // // VEX compatibility note: this type should be mapped to the // "vulnerable_code_cannot_be_controlled_by_adversary" justification. FPTypeVulnerableCodeCannotBeControlledByAdversary = "vulnerable-code-cannot-be-controlled-by-adversary" // FPTypeInlineMitigationsExist indicates that the vulnerable code is present // and able to be exploited by an adversary, but that the vulnerability is // mitigated by other code in the package. // // VEX compatibility note: this type should be mapped to the // "inline_mitigations_already_exist" justification. FPTypeInlineMitigationsExist = "inline-mitigations-exist" )
View Source
const SchemaVersion = "2"
SchemaVersion is the latest known schema version for advisory documents. Wolfictl can only operate on documents that use a schema version that is equal to or earlier than this version and that is not earlier than this version's MAJOR number.
Variables ¶
View Source
var ( // DetectionTypes is a list of all valid detection types. DetectionTypes = []string{ DetectionTypeManual, DetectionTypeNVDAPI, } )
View Source
var ( // EventTypes is a list of all valid event types. EventTypes = []string{ EventTypeDetection, EventTypeTruePositiveDetermination, EventTypeFixed, EventTypeFalsePositiveDetermination, EventTypeAnalysisNotPlanned, EventTypeFixNotPlanned, } )
View Source
var FPTypes = []string{ FPTypeVulnerabilityRecordAnalysisContested, FPTypeComponentVulnerabilityMismatch, FPTypeVulnerableCodeVersionNotUsed, FPTypeVulnerableCodeNotIncludedInPackage, FPTypeVulnerableCodeNotInExecutionPath, FPTypeVulnerableCodeCannotBeControlledByAdversary, FPTypeInlineMitigationsExist, }
Functions ¶
func NewAdvisoriesSectionUpdater ¶
func NewAdvisoriesSectionUpdater( updater configs.SectionUpdater[Advisories, Document], ) configs.EntryUpdater[Document]
Types ¶
type Advisories ¶
type Advisories []Advisory
func (Advisories) Get ¶
func (advs Advisories) Get(id string) (Advisory, bool)
Get returns the advisory with the given ID. If such an advisory does not exist, the second return value will be false; otherwise it will be true.
func (Advisories) GetByVulnerability ¶
func (advs Advisories) GetByVulnerability(id string) (Advisory, bool)
GetByVulnerability returns the advisory that references the given vulnerability ID as its advisory ID or as one of the advisory's aliases. If such an advisory does not exist, the second return value will be false; otherwise it will be true.
func (Advisories) Len ¶
func (advs Advisories) Len() int
func (Advisories) Less ¶
func (advs Advisories) Less(i, j int) bool
func (Advisories) Swap ¶
func (advs Advisories) Swap(i, j int)
func (Advisories) Update ¶
func (advs Advisories) Update(id string, advisory Advisory) Advisories
func (Advisories) Validate ¶
func (advs Advisories) Validate() error
type Advisory ¶
type Advisory struct {
ID string `yaml:"id"`
// Aliases lists any known IDs of this vulnerability in databases.
Aliases []string `yaml:"aliases,omitempty"`
// Events is a list of timestamped events that occurred during the investigation
// and resolution of the vulnerability.
Events []Event `yaml:"events"`
}
func (Advisory) Resolved ¶
Resolved returns true if the advisory indicates that the vulnerability does not presently affect the distro package and/or that no further investigation is planned.
func (Advisory) ResolvedAtVersion ¶
ResolvedAtVersion returns true if the advisory indicates that the vulnerability does not affect the distro package at the given package version, or that no further investigation is planned.
func (Advisory) SortedEvents ¶
SortedEvents returns the events in the advisory, sorted by timestamp, from oldest to newest.
type AnalysisNotPlanned ¶
type AnalysisNotPlanned struct {
// Note should explain why there is no plan to analyze the vulnerability match.
Note string `yaml:"note"`
}
func (AnalysisNotPlanned) Validate ¶
func (a AnalysisNotPlanned) Validate() error
Validate returns an error if the AnalysisNotPlanned data is invalid.
type Detection ¶
type Detection struct {
// Type is the type of detection used to identify the vulnerability match.
Type string `yaml:"type"`
// Data is the data associated with the detection type.
Data interface{} `yaml:"data,omitempty"`
}
Detection is an event that indicates that a potential vulnerability was detected for a distro package.
func (*Detection) UnmarshalYAML ¶
UnmarshalYAML implements the yaml.Unmarshaler interface.
type DetectionNVDAPI ¶
type DetectionNVDAPI struct {
CPESearched string `yaml:"cpeSearched"`
CPEFound string `yaml:"cpeFound"`
}
DetectionNVDAPI is the data associated with DetectionTypeNVDAPI.
func (DetectionNVDAPI) Validate ¶
func (d DetectionNVDAPI) Validate() error
Validate returns an error if the DetectionNVDAPI data is invalid.
type Document ¶
type Document struct {
SchemaVersion string `yaml:"schema-version"`
Package Package `yaml:"package"`
Advisories Advisories `yaml:"advisories,omitempty"`
}
func (Document) ValidateSchemaVersion ¶
type Event ¶
type Event struct {
// Timestamp is the time at which the event occurred.
Timestamp Timestamp `yaml:"timestamp"`
// Type is a string that identifies the kind of event. This field is used to
// determine how to unmarshal the Data field.
Type string `yaml:"type"`
// Data is the event-specific data. The type of this field is determined by the
// Type field.
Data interface{} `yaml:"data,omitempty"`
}
Event is a timestamped record of new information regarding the investigation and resolution of a potential vulnerability match.
func (*Event) UnmarshalYAML ¶
type EventTypeData ¶
type EventTypeData interface {
Detection | TruePositiveDetermination | Fixed | FalsePositiveDetermination | AnalysisNotPlanned | FixNotPlanned
}
type FalsePositiveDetermination ¶
type FalsePositiveDetermination struct {
Type string `yaml:"type"`
Note string `yaml:"note,omitempty"`
}
FalsePositiveDetermination is an event that indicates that a previously detected vulnerability was determined to be a false positive.
func (FalsePositiveDetermination) Validate ¶
func (fp FalsePositiveDetermination) Validate() error
type FixNotPlanned ¶
type FixNotPlanned struct {
// Note should explain why there is no plan to fix the vulnerability.
Note string `yaml:"note"`
}
func (FixNotPlanned) Validate ¶
func (f FixNotPlanned) Validate() error
Validate returns an error if the FixNotPlanned data is invalid.
type Fixed ¶
type Fixed struct {
// FixedVersion is the version of the distribution package that contains
// the fix to the vulnerability.
FixedVersion string `yaml:"fixed-version"`
}
Fixed is an event that indicates that a vulnerability has been remediated in an updated version of the distribution package.
type Timestamp ¶
Timestamp is a time.Time that marshals to and from RFC3339 timestamps.
func (Timestamp) MarshalYAML ¶
MarshalYAML implements yaml.Marshaler.
func (*Timestamp) UnmarshalYAML ¶
UnmarshalYAML implements yaml.Unmarshaler.
type TruePositiveDetermination ¶
type TruePositiveDetermination struct {
Note string `yaml:"note,omitempty"`
}
TruePositiveDetermination is an event that indicates that a previously detected vulnerability was acknowledged to be a true positive.
Source Files
Click to show internal directories.
Click to hide internal directories.