Documentation
¶
Index ¶
- Constants
- func NamespaceForDistro(d *distro.Distro) string
- func NamespaceForFeedGroup(feed, group string) (string, error)
- func NamespacePackageNamersForLanguage(l syftPkg.Language) map[string]NamerByPackage
- func NamespacesIndexedByCPE() []string
- func RecordSource(feed, group string) string
- type Advisory
- type Cvss
- type CvssMetrics
- type Diff
- type DiffReader
- type DiffReason
- type Fix
- type FixState
- type ID
- type IDReader
- type IDWriter
- type NamerByPackage
- type SerializedVulnerabilities
- type SerializedVulnerabilityMetadata
- type Store
- type StoreReader
- type StoreWriter
- type Vulnerability
- type VulnerabilityMetadata
- type VulnerabilityMetadataStore
- type VulnerabilityMetadataStoreReader
- type VulnerabilityMetadataStoreWriter
- type VulnerabilityReference
- type VulnerabilityStore
- type VulnerabilityStoreReader
- type VulnerabilityStoreWriter
Constants ¶
View Source
const ( NVDNamespace = "nvd" MSRCNamespacePrefix = "msrc" VulnDBNamespace = "vulndb" )
View Source
const SchemaVersion = 3
View Source
const VulnerabilityStoreFileName = "vulnerability.db"
Variables ¶
This section is empty.
Functions ¶
func NamespaceForDistro ¶
NamespaceForDistro returns the correct Feed Service namespace for the given distro. A namespace is a distinct identifier from the Feed Service, and it can be a combination of distro name and version(s), for example "amzn:8". This is critical to query the database and correlate the distro version with feed contents. Namespaces have to exist in the Feed Service, otherwise, this causes no results to be returned when the database is queried.
func NamespaceForFeedGroup ¶
func NamespacePackageNamersForLanguage ¶
func NamespacePackageNamersForLanguage(l syftPkg.Language) map[string]NamerByPackage
func NamespacesIndexedByCPE ¶
func NamespacesIndexedByCPE() []string
func RecordSource ¶
Types ¶
type Advisory ¶
Advisory represents published statements regarding a vulnerability (and potentially about it's resolution).
type Cvss ¶
type Cvss struct {
// VendorMetadata captures non-standard CVSS fields that vendors can sometimes
// include when providing CVSS information. This vendor-specific metadata type
// allows to capture that data for persisting into the database
VendorMetadata interface{}
Metrics CvssMetrics
Vector string // A textual representation of the metric values used to determine the score
Version string // The version of the CVSS spec, for example 2.0, 3.0, or 3.1
}
Cvss contains select Common Vulnerability Scoring System fields for a vulnerability.
type CvssMetrics ¶
type CvssMetrics struct {
// BaseScore ranges from 0 - 10 and defines qualities intrinsic to the severity of a vulnerability.
BaseScore float64
// ExploitabilityScore is a pointer to avoid having a 0 value by default.
// It is an indicator of how easy it may be for an attacker to exploit
// a vulnerability
ExploitabilityScore *float64
// ImpactScore represents the effects of an exploited vulnerability
// relative to compromise in confidentiality, integrity, and availability.
// It is an optional parameter, so that is why it is a pointer instead of
// a regular field
ImpactScore *float64
}
CvssMetrics are the quantitative values that make up a CVSS score.
func NewCvssMetrics ¶
func NewCvssMetrics(baseScore, exploitabilityScore, impactScore float64) CvssMetrics
type Diff ¶ added in v0.41.0
type Diff struct {
Reason DiffReason `json:"reason"`
ID string `json:"id"`
Namespace string `json:"namespace"`
Packages []string `json:"packages"`
}
type DiffReader ¶ added in v0.41.0
type DiffReader interface {
DiffStore(s StoreReader) (*[]Diff, error)
}
type DiffReason ¶ added in v0.41.0
type DiffReason = string
const ( DiffAdded DiffReason = "added" DiffChanged DiffReason = "changed" DiffRemoved DiffReason = "removed" )
type Fix ¶
type Fix struct {
Versions []string // The version(s) which this particular vulnerability was fixed in
State FixState
}
Fix represents all information about known fixes for a stated vulnerability.
type ID ¶
type ID struct {
// BuildTimestamp is the timestamp used to define the age of the DB, ideally including the age of the data
// contained in the DB, not just when the DB file was created.
BuildTimestamp time.Time
SchemaVersion int
}
ID represents identifying information for a DB and the data it contains.
type NamerByPackage ¶
type SerializedVulnerabilities ¶ added in v0.41.0
type SerializedVulnerabilities = interface{}
type SerializedVulnerabilityMetadata ¶ added in v0.41.0
type SerializedVulnerabilityMetadata = interface{}
type Store ¶ added in v0.35.0
type Store interface {
StoreReader
StoreWriter
}
type StoreReader ¶ added in v0.35.0
type StoreReader interface {
IDReader
DiffReader
VulnerabilityStoreReader
VulnerabilityMetadataStoreReader
}
type StoreWriter ¶ added in v0.35.0
type StoreWriter interface {
IDWriter
VulnerabilityStoreWriter
VulnerabilityMetadataStoreWriter
Close()
}
type Vulnerability ¶
type Vulnerability struct {
ID string // The identifier of the vulnerability or advisory
PackageName string // The name of the package that is vulnerable
Namespace string // The ecosystem where the package resides
VersionConstraint string // The version range which the given package is vulnerable
VersionFormat string // The format which all version fields should be interpreted as
CPEs []string // The CPEs which are considered vulnerable
RelatedVulnerabilities []VulnerabilityReference // Other Vulnerabilities that are related to this one (e.g. GHSA relate to CVEs, or how distro CVE relates to NVD record)
Fix Fix // All information about fixed versions
Advisories []Advisory // Any vendor advisories about fixes or other notifications about this vulnerability
}
Vulnerability represents the minimum data fields necessary to perform package-to-vulnerability matching. This can represent a CVE, 3rd party advisory, or any source that relates back to a CVE.
func (*Vulnerability) Equal ¶ added in v0.41.0
func (v *Vulnerability) Equal(vv Vulnerability) bool
type VulnerabilityMetadata ¶
type VulnerabilityMetadata struct {
ID string // The identifier of the vulnerability or advisory
Namespace string // Where this entry is valid within
DataSource string // A URL where the data was sourced from
RecordSource string // The source of the vulnerability information (relative to the immediate upstream in the enterprise feedgroup)
Severity string // How severe the vulnerability is (valid values are defined by upstream sources currently)
URLs []string // URLs to get more information about the vulnerability or advisory
Description string // Description of the vulnerability
Cvss []Cvss // Common Vulnerability Scoring System values
}
VulnerabilityMetadata represents all vulnerability data that is not necessary to perform package-to-vulnerability matching.
func (*VulnerabilityMetadata) Equal ¶ added in v0.41.0
func (v *VulnerabilityMetadata) Equal(vv VulnerabilityMetadata) bool
type VulnerabilityMetadataStore ¶
type VulnerabilityMetadataStore interface {
VulnerabilityMetadataStoreReader
VulnerabilityMetadataStoreWriter
}
type VulnerabilityMetadataStoreReader ¶
type VulnerabilityMetadataStoreReader interface {
GetVulnerabilityMetadata(id, namespace string) (*VulnerabilityMetadata, error)
GetAllVulnerabilityMetadata() (*[]VulnerabilityMetadata, error)
}
type VulnerabilityMetadataStoreWriter ¶
type VulnerabilityMetadataStoreWriter interface {
AddVulnerabilityMetadata(metadata ...VulnerabilityMetadata) error
}
type VulnerabilityReference ¶
type VulnerabilityStore ¶
type VulnerabilityStore interface {
VulnerabilityStoreReader
VulnerabilityStoreWriter
}
type VulnerabilityStoreReader ¶
type VulnerabilityStoreReader interface {
// GetVulnerability retrieves vulnerabilities associated with a namespace and a package name
GetVulnerability(namespace, name string) ([]Vulnerability, error)
GetAllVulnerabilities() (*[]Vulnerability, error)
}
type VulnerabilityStoreWriter ¶
type VulnerabilityStoreWriter interface {
// AddVulnerability inserts a new record of a vulnerability into the store
AddVulnerability(vulnerabilities ...Vulnerability) error
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.