Documentation
¶
Index ¶
- Constants
- type Advisory
- type Cvss
- type CvssMetrics
- type DBCloser
- type Diff
- type DiffReader
- type DiffReason
- type Fix
- type FixState
- type ID
- type IDReader
- type IDWriter
- type PackageExclusionConstraint
- type Store
- type StoreReader
- type StoreWriter
- type Vulnerability
- type VulnerabilityExclusionConstraint
- type VulnerabilityMatchExclusion
- type VulnerabilityMatchExclusionConstraint
- type VulnerabilityMatchExclusionStore
- type VulnerabilityMatchExclusionStoreReader
- type VulnerabilityMatchExclusionStoreWriter
- type VulnerabilityMetadata
- type VulnerabilityMetadataStore
- type VulnerabilityMetadataStoreReader
- type VulnerabilityMetadataStoreWriter
- type VulnerabilityReference
- type VulnerabilityStore
- type VulnerabilityStoreReader
- type VulnerabilityStoreWriter
Constants ¶
View Source
const SchemaVersion = 4
View Source
const VulnerabilityStoreFileName = "vulnerability.db"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Advisory ¶
Advisory represents published statements regarding a vulnerability (and potentially about it's resolution).
type Cvss ¶
type Cvss struct {
// VendorMetadata captures non-standard CVSS fields that vendors can sometimes
// include when providing CVSS information. This vendor-specific metadata type
// allows to capture that data for persisting into the database
VendorMetadata interface{} `json:"vendor_metadata"`
Metrics CvssMetrics `json:"metrics"`
Vector string `json:"vector"` // A textual representation of the metric values used to determine the score
Version string `json:"version"` // The version of the CVSS spec, for example 2.0, 3.0, or 3.1
}
Cvss contains select Common Vulnerability Scoring System fields for a vulnerability.
type CvssMetrics ¶
type CvssMetrics struct {
// BaseScore ranges from 0 - 10 and defines qualities intrinsic to the severity of a vulnerability.
BaseScore float64 `json:"base_score"`
// ExploitabilityScore is a pointer to avoid having a 0 value by default.
// It is an indicator of how easy it may be for an attacker to exploit
// a vulnerability
ExploitabilityScore *float64 `json:"exploitability_score"`
// ImpactScore represents the effects of an exploited vulnerability
// relative to compromise in confidentiality, integrity, and availability.
// It is an optional parameter, so that is why it is a pointer instead of
// a regular field
ImpactScore *float64 `json:"impact_score"`
}
CvssMetrics are the quantitative values that make up a CVSS score.
func NewCvssMetrics ¶
func NewCvssMetrics(baseScore, exploitabilityScore, impactScore float64) CvssMetrics
type Diff ¶
type Diff struct {
Reason DiffReason `json:"reason"`
ID string `json:"id"`
Namespace string `json:"namespace"`
Packages []string `json:"packages"`
}
type DiffReader ¶
type DiffReader interface {
DiffStore(s StoreReader) (*[]Diff, error)
}
type DiffReason ¶
type DiffReason = string
const ( DiffAdded DiffReason = "added" DiffChanged DiffReason = "changed" DiffRemoved DiffReason = "removed" )
type Fix ¶
type Fix struct {
Versions []string `json:"versions"` // The version(s) which this particular vulnerability was fixed in
State FixState `json:"state"`
}
Fix represents all information about known fixes for a stated vulnerability.
type ID ¶
type ID struct {
// BuildTimestamp is the timestamp used to define the age of the DB, ideally including the age of the data
// contained in the DB, not just when the DB file was created.
BuildTimestamp time.Time `json:"build_timestamp"`
SchemaVersion int `json:"schema_version"`
}
ID represents identifying information for a DB and the data it contains.
type PackageExclusionConstraint ¶
type PackageExclusionConstraint struct {
Name string `json:"name,omitempty"` // Package name
Language string `json:"language,omitempty"` // The language ecosystem for a package
Type string `json:"type,omitempty"` // Package type
Version string `json:"version,omitempty"` // Package version
Location string `json:"location,omitempty"` // Package location
ExtraFields map[string]interface{} `json:"-"`
}
PackageExclusionConstraint describes criteria for excluding a match based on package components
func (*PackageExclusionConstraint) UnmarshalJSON ¶
func (p *PackageExclusionConstraint) UnmarshalJSON(data []byte) error
func (PackageExclusionConstraint) Usable ¶
func (p PackageExclusionConstraint) Usable() bool
type Store ¶
type Store interface {
StoreReader
StoreWriter
DBCloser
}
type StoreReader ¶
type StoreReader interface {
IDReader
DiffReader
VulnerabilityStoreReader
VulnerabilityMetadataStoreReader
VulnerabilityMatchExclusionStoreReader
}
type StoreWriter ¶
type StoreWriter interface {
IDWriter
VulnerabilityStoreWriter
VulnerabilityMetadataStoreWriter
VulnerabilityMatchExclusionStoreWriter
}
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"` // The identifier of the vulnerability or advisory
PackageName string `json:"package_name"` // The name of the package that is vulnerable
Namespace string `json:"namespace"` // The ecosystem where the package resides
VersionConstraint string `json:"version_constraint"` // The version range which the given package is vulnerable
VersionFormat string `json:"version_format"` // The format which all version fields should be interpreted as
CPEs []string `json:"cpes"` // The CPEs which are considered vulnerable
RelatedVulnerabilities []VulnerabilityReference `json:"related_vulnerabilities"` // Other Vulnerabilities that are related to this one (e.g. GHSA relate to CVEs, or how distro CVE relates to NVD record)
Fix Fix `json:"fix"` // All information about fixed versions
Advisories []Advisory `json:"advisories"` // Any vendor advisories about fixes or other notifications about this vulnerability
}
Vulnerability represents the minimum data fields necessary to perform package-to-vulnerability matching. This can represent a CVE, 3rd party advisory, or any source that relates back to a CVE.
func (*Vulnerability) Equal ¶
func (v *Vulnerability) Equal(vv Vulnerability) bool
type VulnerabilityExclusionConstraint ¶
type VulnerabilityExclusionConstraint struct {
Namespace string `json:"namespace,omitempty"` // Vulnerability namespace
FixState FixState `json:"fix_state,omitempty"` // Vulnerability fix state
ExtraFields map[string]interface{} `json:"-"`
}
VulnerabilityExclusionConstraint describes criteria for excluding a match based on additional vulnerability components
func (*VulnerabilityExclusionConstraint) UnmarshalJSON ¶
func (v *VulnerabilityExclusionConstraint) UnmarshalJSON(data []byte) error
func (VulnerabilityExclusionConstraint) Usable ¶
func (v VulnerabilityExclusionConstraint) Usable() bool
type VulnerabilityMatchExclusion ¶
type VulnerabilityMatchExclusion struct {
ID string `json:"id"` // The identifier of the vulnerability or advisory
Constraints []VulnerabilityMatchExclusionConstraint `json:"constraints,omitempty"` // The constraints under which the exclusion applies
Justification string `json:"justification"` // Justification for the exclusion
}
VulnerabilityMatchExclusion represents the minimum data fields necessary to automatically filter certain vulnerabilities from match results based on the specified constraints.
type VulnerabilityMatchExclusionConstraint ¶
type VulnerabilityMatchExclusionConstraint struct {
Vulnerability VulnerabilityExclusionConstraint `json:"vulnerability,omitempty"` // Vulnerability exclusion criteria
Package PackageExclusionConstraint `json:"package,omitempty"` // Package exclusion criteria
ExtraFields map[string]interface{} `json:"-"`
}
VulnerabilityMatchExclusionConstraint describes criteria for which matches should be excluded
func (*VulnerabilityMatchExclusionConstraint) UnmarshalJSON ¶
func (c *VulnerabilityMatchExclusionConstraint) UnmarshalJSON(data []byte) error
func (VulnerabilityMatchExclusionConstraint) Usable ¶
func (c VulnerabilityMatchExclusionConstraint) Usable() bool
type VulnerabilityMatchExclusionStore ¶
type VulnerabilityMatchExclusionStore interface {
VulnerabilityMatchExclusionStoreReader
VulnerabilityMatchExclusionStoreWriter
}
type VulnerabilityMatchExclusionStoreReader ¶
type VulnerabilityMatchExclusionStoreReader interface {
GetVulnerabilityMatchExclusion(id string) ([]VulnerabilityMatchExclusion, error)
}
type VulnerabilityMatchExclusionStoreWriter ¶
type VulnerabilityMatchExclusionStoreWriter interface {
AddVulnerabilityMatchExclusion(exclusion ...VulnerabilityMatchExclusion) error
}
type VulnerabilityMetadata ¶
type VulnerabilityMetadata struct {
ID string `json:"id"` // The identifier of the vulnerability or advisory
Namespace string `json:"namespace"` // Where this entry is valid within
DataSource string `json:"data_source"` // A URL where the data was sourced from
RecordSource string `json:"record_source"` // The source of the vulnerability information (relative to the immediate upstream in the enterprise feedgroup)
Severity string `json:"severity"` // How severe the vulnerability is (valid values are defined by upstream sources currently)
URLs []string `json:"urls"` // URLs to get more information about the vulnerability or advisory
Description string `json:"description"` // Description of the vulnerability
Cvss []Cvss `json:"cvss"` // Common Vulnerability Scoring System values
}
VulnerabilityMetadata represents all vulnerability data that is not necessary to perform package-to-vulnerability matching.
func (*VulnerabilityMetadata) Equal ¶
func (v *VulnerabilityMetadata) Equal(vv VulnerabilityMetadata) bool
type VulnerabilityMetadataStore ¶
type VulnerabilityMetadataStore interface {
VulnerabilityMetadataStoreReader
VulnerabilityMetadataStoreWriter
}
type VulnerabilityMetadataStoreReader ¶
type VulnerabilityMetadataStoreReader interface {
GetVulnerabilityMetadata(id, namespace string) (*VulnerabilityMetadata, error)
GetAllVulnerabilityMetadata() (*[]VulnerabilityMetadata, error)
}
type VulnerabilityMetadataStoreWriter ¶
type VulnerabilityMetadataStoreWriter interface {
AddVulnerabilityMetadata(metadata ...VulnerabilityMetadata) error
}
type VulnerabilityReference ¶
type VulnerabilityStore ¶
type VulnerabilityStore interface {
VulnerabilityStoreReader
VulnerabilityStoreWriter
}
type VulnerabilityStoreReader ¶
type VulnerabilityStoreReader interface {
// GetVulnerabilityNamespaces retrieves unique list of vulnerability namespaces
GetVulnerabilityNamespaces() ([]string, error)
// GetVulnerability retrieves vulnerabilities by namespace and package
GetVulnerability(namespace, packageName string) ([]Vulnerability, error)
GetAllVulnerabilities() (*[]Vulnerability, error)
}
type VulnerabilityStoreWriter ¶
type VulnerabilityStoreWriter interface {
// AddVulnerability inserts a new record of a vulnerability into the store
AddVulnerability(vulnerabilities ...Vulnerability) error
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.