risks

package
v0.16.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CCFPropLikelihood              = "ccf:likelihood"
	CCFPropImpact                  = "ccf:impact"
	CCFPropPrimaryOwnerUserID      = "ccf:primary-owner-user-id"
	CCFPropReviewDeadline          = "ccf:review-deadline"
	CCFPropAcceptanceJustification = "ccf:acceptance-justification"
)
View Source 
const (
	RiskScoreBucketDay     = "day"
	RiskScoreStatusDeleted = "deleted"
)
View Source 
const CCFPropsNamespace = "https://compliance-framework.io"

Variables

View Source 
var ErrRemediationTemplateAlreadyExists = errors.New("remediation template already exists")

Functions

func ApplyCCFPropsToRisk 

func ApplyCCFPropsToRisk(props []oscalTypes_1_1_3.Property, r *Risk)

TODO[codex-5-3-high]: Implemented as requested in the risk-register plan, but currently dead code. Consider removing after full implementation is done.

func ApplyRiskFilters 

func ApplyRiskFilters(query *gorm.DB, filters ListFilters) *gorm.DB

func ApplyRiskSorting 

func ApplyRiskSorting(query *gorm.DB, sortField, sortOrder string) *gorm.DB

func BuildCCFOscalProps 

func BuildCCFOscalProps(r Risk) []oscalTypes_1_1_3.Property

TODO[codex-5-3-high]: Implemented as requested in the risk-register plan, but currently dead code. Consider removing after full implementation is done.

func BuildRiskEventDetails 

func BuildRiskEventDetails(eventType string, payload datatypes.JSONMap, occurredAt time.Time) string

func EnsureIndexes 

func EnsureIndexes(db *gorm.DB) error

func IsRemediationTemplateAlreadyExistsError 

func IsRemediationTemplateAlreadyExistsError(err error) bool

func IsValidationError 

func IsValidationError(err error) bool

func NormalizeRiskLevelPtr 

func NormalizeRiskLevelPtr(level *string) *string

func NumericalRiskScore added in v0.15.0 

func NumericalRiskScore(likelihood, impact *string) (int, bool)

func RiskLevelFilterValues 

func RiskLevelFilterValues(raw string) []string

func RiskLevelRank added in v0.15.0 

func RiskLevelRank(level RiskLevel) (int, bool)

Types

type AcceptRiskParams 

type AcceptRiskParams struct {
	RiskID         uuid.UUID
	ActorUserID    *uuid.UUID
	Justification  string
	ReviewDeadline time.Time
}

type AssessmentSubjectLabel 

type AssessmentSubjectLabel struct {
	AssessmentSubjectID uuid.UUID `json:"assessmentSubjectId" gorm:"type:uuid;primaryKey"`
	Key                 string    `json:"key" gorm:"type:text;primaryKey;index:idx_assessment_subject_label_key_value,priority:1"`
	Value               string    `json:"value" gorm:"type:text;primaryKey;index:idx_assessment_subject_label_key_value,priority:2"`
}

AssessmentSubjectLabel stores stable identity labels used by risk and template flows.

func (AssessmentSubjectLabel) TableName 

func (AssessmentSubjectLabel) TableName() string

type Associations 

type Associations struct {
	EvidenceIDs  []uuid.UUID
	ControlLinks []RiskControlLink
	ComponentIDs []uuid.UUID
	SubjectIDs   []uuid.UUID
	ThreatRefs   []RiskThreatRef
	Remediation  *RiskRemediationTemplate
}

type ComponentDefinitionLabel 

type ComponentDefinitionLabel struct {
	DefinedComponentID    uuid.UUID `json:"definedComponentId" gorm:"type:uuid;primaryKey;index"`
	ComponentDefinitionID uuid.UUID `json:"componentDefinitionId" gorm:"type:uuid;primaryKey"`
	Key                   string    `json:"key" gorm:"type:text;primaryKey;index:idx_component_definition_label_key_value,priority:1"`
	Value                 string    `json:"value" gorm:"type:text;primaryKey;index:idx_component_definition_label_key_value,priority:2"`
}

func (ComponentDefinitionLabel) TableName 

func (ComponentDefinitionLabel) TableName() string

type ControlKey added in v0.15.0 

type ControlKey struct {
	CatalogID string
	ControlID string
}

ControlKey is a composite key used to match a risk's linked controls against a profile's control set. CatalogID may be empty when only control IDs are available (e.g. from the profile resolution layer).

type CreateRiskParams 

type CreateRiskParams struct {
	Risk             Risk
	OwnerAssignments []RiskOwnerAssignment
	ThreatRefs       []RiskThreatRefInput
	Remediation      *RiskRemediationTemplateInput
	ActorUserID      *uuid.UUID
}

type InventoryItemLabel 

type InventoryItemLabel struct {
	InventoryItemID uuid.UUID `json:"inventoryItemId" gorm:"type:uuid;primaryKey"`
	Key             string    `json:"key" gorm:"type:text;primaryKey;index:idx_inventory_item_label_key_value,priority:1"`
	Value           string    `json:"value" gorm:"type:text;primaryKey;index:idx_inventory_item_label_key_value,priority:2"`
}

func (InventoryItemLabel) TableName 

func (InventoryItemLabel) TableName() string

type ListFilters 

type ListFilters struct {
	Status               *string
	Likelihood           *string
	Impact               *string
	SSPID                *uuid.UUID
	ControlID            *string
	ComponentID          *uuid.UUID
	EvidenceID           *uuid.UUID
	OwnerKind            *string
	OwnerRef             *string
	ReviewDeadlineBefore *time.Time
}

type ListParams 

type ListParams struct {
	Filters   ListFilters
	SortField string
	SortOrder string
	Limit     int
	Offset    int
}

type PromoteToPoamParams added in v0.15.0 

type PromoteToPoamParams struct {
	// RiskID is the UUID of the risk to promote. The risk must be in
	// investigating status; any other status returns a 422 ValidationError.
	RiskID uuid.UUID
	// ActorUserID is the authenticated user performing the promotion.
	ActorUserID *uuid.UUID
	// Title overrides the risk's title as the POAM item title.
	// If nil, the risk's own title is used.
	Title *string
	// Deadline maps to PoamItem.PlannedCompletionDate.
	Deadline *time.Time
	// ResourceRequired is a free-text planning field describing effort or budget needed.
	ResourceRequired *string
	// PrimaryOwnerUserID optionally overrides the POAM item owner.
	// If nil, the risk's own PrimaryOwnerUserID is inherited automatically.
	PrimaryOwnerUserID *uuid.UUID
	// ExtraMilestones are additional milestones supplied in the request body.
	// They are appended after any milestones copied from the risk's
	// RemediationTemplate, with order_index offset accordingly.
	ExtraMilestones []poamsvc.CreateMilestoneParams
}

PromoteToPoamParams carries all inputs required to promote an investigating risk to a POAM item.

type ReviewRiskParams 

type ReviewRiskParams struct {
	RiskID             uuid.UUID
	ActorUserID        *uuid.UUID
	ReviewedAt         *time.Time
	Decision           RiskReviewDecision
	Notes              *string
	Likelihood         *string
	Impact             *string
	NextReviewDeadline *time.Time
	// RequireCurrentReviewDeadlineBefore enforces, under lock, that the current review deadline
	// is set and no later than this timestamp before applying the decision.
	RequireCurrentReviewDeadlineBefore *time.Time
}

type Risk 

type Risk struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	Title       string `json:"title" gorm:"not null"`
	Description string `json:"description" gorm:"not null"`
	Status      string `json:"status" gorm:"type:varchar(64);not null;index"`

	SSPID              uuid.UUID  `json:"sspId" gorm:"type:uuid;not null;index"`
	PrimaryOwnerUserID *uuid.UUID `json:"primaryOwnerUserId" gorm:"type:uuid;index"`
	Likelihood         *string    `json:"likelihood" gorm:"type:varchar(16);index"`
	Impact             *string    `json:"impact" gorm:"type:varchar(16);index"`
	RiskTemplateID     *uuid.UUID `json:"riskTemplateId" gorm:"type:uuid;index"`

	SourceType string `json:"sourceType" gorm:"type:varchar(32);not null"`
	DedupeKey  string `json:"dedupeKey" gorm:"type:text;not null;default:''"`

	ReviewDeadline          *time.Time `json:"reviewDeadline" gorm:"index"`
	LastReviewedAt          *time.Time `json:"lastReviewedAt"`
	AcceptanceJustification *string    `json:"acceptanceJustification" gorm:"type:text"`

	FirstSeenAt time.Time `json:"firstSeenAt" gorm:"not null"`
	LastSeenAt  time.Time `json:"lastSeenAt" gorm:"not null"`

	SystemSecurityPlan *relational.SystemSecurityPlan `json:"-" gorm:"foreignKey:SSPID;references:ID"`
	OwnerAssignments   []RiskOwnerAssignment          `json:"ownerAssignments,omitempty" gorm:"foreignKey:RiskID;constraint:OnDelete:CASCADE"`
	ThreatRefs         []RiskThreatRef                `json:"threatRefs,omitempty" gorm:"foreignKey:RiskID;constraint:OnDelete:CASCADE"`
	Remediation        *RiskRemediationTemplate       `json:"remediation,omitempty" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (*Risk) BeforeCreate 

func (r *Risk) BeforeCreate(tx *gorm.DB) error

func (*Risk) FromOSCAL 

func (r *Risk) FromOSCAL(or oscalTypes_1_1_3.Risk) *Risk

TODO[codex-5-3-high]: Implemented as requested in the risk-register plan, but currently dead code. Consider removing after full implementation is done.

func (Risk) TableName 

func (Risk) TableName() string

func (*Risk) ToOSCAL 

func (r *Risk) ToOSCAL() *oscalTypes_1_1_3.Risk

TODO[codex-5-3-high]: Implemented as requested in the risk-register plan, but currently dead code. Consider removing after full implementation is done. 

type RiskComponentLink struct {
	RiskID      uuid.UUID  `json:"riskId" gorm:"type:uuid;primaryKey"`
	ComponentID uuid.UUID  `json:"componentId" gorm:"type:uuid;primaryKey;index"`
	CreatedAt   time.Time  `json:"createdAt"`
	CreatedByID *uuid.UUID `json:"createdById" gorm:"type:uuid;index"`
	Risk        *Risk      `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskComponentLink) TableName 

func (RiskComponentLink) TableName() string
type RiskControlLink struct {
	RiskID      uuid.UUID  `json:"riskId" gorm:"type:uuid;primaryKey"`
	CatalogID   uuid.UUID  `json:"catalogId" gorm:"type:uuid;primaryKey;index"`
	ControlID   string     `json:"controlId" gorm:"type:text;primaryKey;index"`
	CreatedAt   time.Time  `json:"createdAt"`
	CreatedByID *uuid.UUID `json:"createdById" gorm:"type:uuid;index"`
	Risk        *Risk      `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskControlLink) TableName 

func (RiskControlLink) TableName() string

type RiskEvent 

type RiskEvent struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`

	RiskID       uuid.UUID         `json:"riskId" gorm:"type:uuid;not null;index"`
	EventType    string            `json:"eventType" gorm:"type:varchar(64);not null;index"`
	ActorUserID  *uuid.UUID        `json:"actorUserId" gorm:"type:uuid;index"`
	OccurredAt   time.Time         `json:"occurredAt" gorm:"not null;index"`
	Details      *string           `json:"details" gorm:"type:text"`
	Payload      datatypes.JSONMap `json:"payload" gorm:"type:jsonb"`
	RiskSnapshot datatypes.JSONMap `json:"riskSnapshot" gorm:"type:jsonb"`

	Risk *Risk `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (*RiskEvent) BeforeCreate 

func (e *RiskEvent) BeforeCreate(_ *gorm.DB) error

func (*RiskEvent) BeforeDelete 

func (e *RiskEvent) BeforeDelete(_ *gorm.DB) error

func (*RiskEvent) BeforeUpdate 

func (e *RiskEvent) BeforeUpdate(_ *gorm.DB) error

func (RiskEvent) TableName 

func (RiskEvent) TableName() string

type RiskEventType 

type RiskEventType string
const (
	RiskEventTypeCreated            RiskEventType = "created"
	RiskEventTypeDeleted            RiskEventType = "deleted"
	RiskEventTypeLastSeen           RiskEventType = "last_seen"
	RiskEventTypeStatusChange       RiskEventType = "status_changed"
	RiskEventTypeAccepted           RiskEventType = "accepted"
	RiskEventTypeReviewed           RiskEventType = "reviewed"
	RiskEventTypeScoreReassessed    RiskEventType = "score_reassessed"
	RiskEventTypeScoreUpdated       RiskEventType = "score_updated"
	RiskEventTypeEvidenceLink       RiskEventType = "evidence_linked"
	RiskEventTypeEvidenceUnlink     RiskEventType = "evidence_unlinked"
	RiskEventTypeControlLink        RiskEventType = "control_linked"
	RiskEventTypeControlUnlink      RiskEventType = "control_unlinked"
	RiskEventTypeComponentLink      RiskEventType = "component_linked"
	RiskEventTypeComponentUnlink    RiskEventType = "component_unlinked"
	RiskEventTypeSubjectLink        RiskEventType = "subject_linked"
	RiskEventTypeThreatLinked       RiskEventType = "threat_linked"
	RiskEventTypeThreatUpdated      RiskEventType = "threat_updated"
	RiskEventTypeThreatUnlinked     RiskEventType = "threat_unlinked"
	RiskEventTypeRemediationCreated RiskEventType = "remediation_created"
	RiskEventTypeRemediationUpdated RiskEventType = "remediation_updated"
	RiskEventTypeRemediationDeleted RiskEventType = "remediation_deleted"
	RiskEventTypeEvidenceRecovered  RiskEventType = "evidence_recovered"
	RiskEventTypePoamPromoted       RiskEventType = "poam_promoted"
	RiskEventTypePoamCompleted      RiskEventType = "poam_completed"
)
type RiskEvidenceLink struct {
	RiskID uuid.UUID `json:"riskId" gorm:"type:uuid;primaryKey"`
	// EvidenceID stores the evidence stream UUID (evidences.uuid), not a single evidence row ID.
	EvidenceID  uuid.UUID  `json:"evidenceId" gorm:"type:uuid;primaryKey;index"`
	CreatedAt   time.Time  `json:"createdAt"`
	CreatedByID *uuid.UUID `json:"createdById" gorm:"type:uuid;index"`
	Risk        *Risk      `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskEvidenceLink) TableName 

func (RiskEvidenceLink) TableName() string

type RiskLevel 

type RiskLevel string
const (
	RiskLevelNegligible RiskLevel = "negligible"
	RiskLevelLow        RiskLevel = "low"
	RiskLevelModerate   RiskLevel = "moderate"
	RiskLevelHigh       RiskLevel = "high"
	RiskLevelCritical   RiskLevel = "critical"

	// Legacy storage/input value kept only for compatibility with existing data and filters.
	RiskLevelMediumLegacy RiskLevel = "medium"
)

func NormalizeRiskLevel 

func NormalizeRiskLevel(raw string) RiskLevel

func (RiskLevel) IsValid 

func (l RiskLevel) IsValid() bool

type RiskOwnerAssignment 

type RiskOwnerAssignment struct {
	RiskID    uuid.UUID `json:"riskId" gorm:"type:uuid;primaryKey"`
	OwnerKind string    `json:"ownerKind" gorm:"type:varchar(16);primaryKey"`
	OwnerRef  string    `json:"ownerRef" gorm:"type:text;primaryKey"`
	IsPrimary bool      `json:"isPrimary" gorm:"not null;default:false;index"`
	CreatedAt time.Time `json:"createdAt"`
	Risk      *Risk     `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskOwnerAssignment) TableName 

func (RiskOwnerAssignment) TableName() string

type RiskRemediationTask 

type RiskRemediationTask struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	RiskRemediationTemplateID uuid.UUID `` /* 127-byte string literal not displayed */
	Title                     string    `json:"title" gorm:"type:text;not null"`
	OrderIndex                int       `json:"orderIndex" gorm:"not null;uniqueIndex:idx_risk_remediation_tasks_unique_order,priority:2"`

	RemediationTemplate *RiskRemediationTemplate `json:"-" gorm:"foreignKey:RiskRemediationTemplateID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskRemediationTask) TableName 

func (RiskRemediationTask) TableName() string

type RiskRemediationTaskInput 

type RiskRemediationTaskInput struct {
	Title      string
	OrderIndex int
}

type RiskRemediationTemplate 

type RiskRemediationTemplate struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	RiskID uuid.UUID `json:"riskId" gorm:"type:uuid;not null;uniqueIndex"`

	Title       string  `json:"title" gorm:"type:text;not null"`
	Description *string `json:"description" gorm:"type:text"`

	Tasks []RiskRemediationTask `json:"tasks,omitempty" gorm:"foreignKey:RiskRemediationTemplateID;constraint:OnDelete:CASCADE"`
	Risk  *Risk                 `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskRemediationTemplate) TableName 

func (RiskRemediationTemplate) TableName() string

type RiskRemediationTemplateInput 

type RiskRemediationTemplateInput struct {
	Title       string
	Description *string
	Tasks       []RiskRemediationTaskInput
}

type RiskReview 

type RiskReview struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`

	RiskID               uuid.UUID         `json:"riskId" gorm:"type:uuid;not null;index"`
	ReviewedByUserID     *uuid.UUID        `json:"reviewedByUserId" gorm:"type:uuid;index"`
	ReviewedAt           time.Time         `json:"reviewedAt" gorm:"not null;index"`
	Decision             string            `json:"decision" gorm:"type:varchar(64);not null"`
	NextReviewDeadline   *time.Time        `json:"nextReviewDeadline"`
	ReassessedLikelihood *string           `json:"reassessedLikelihood" gorm:"type:varchar(16)"`
	ReassessedImpact     *string           `json:"reassessedImpact" gorm:"type:varchar(16)"`
	ReviewJustification  *string           `json:"reviewJustification" gorm:"type:text"`
	RiskSnapshot         datatypes.JSONMap `json:"riskSnapshot" gorm:"type:jsonb"`
}

func (*RiskReview) BeforeCreate 

func (r *RiskReview) BeforeCreate(_ *gorm.DB) error

func (*RiskReview) BeforeDelete 

func (r *RiskReview) BeforeDelete(_ *gorm.DB) error

func (*RiskReview) BeforeUpdate 

func (r *RiskReview) BeforeUpdate(_ *gorm.DB) error

func (RiskReview) TableName 

func (RiskReview) TableName() string

type RiskReviewDecision 

type RiskReviewDecision string
const (
	RiskReviewDecisionExtend    RiskReviewDecision = "extend"
	RiskReviewDecisionReopen    RiskReviewDecision = "reopen"
	RiskReviewDecisionReassess  RiskReviewDecision = "reassess"
	RiskReviewDecisionImplement RiskReviewDecision = "implement"
)

func NormalizeRiskReviewDecision 

func NormalizeRiskReviewDecision(raw string) RiskReviewDecision

func (RiskReviewDecision) IsValid 

func (d RiskReviewDecision) IsValid() bool

type RiskScore added in v0.15.0 

type RiskScore struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`

	RiskID            uuid.UUID  `json:"riskId" gorm:"type:uuid;not null;index"`
	SSPID             uuid.UUID  `json:"sspId" gorm:"type:uuid;not null;index"`
	OccurredAt        time.Time  `json:"occurredAt" gorm:"not null;index"`
	ActorUserID       *uuid.UUID `json:"actorUserId" gorm:"type:uuid;index"`
	SourceEventType   string     `json:"sourceEventType" gorm:"type:varchar(64);not null;index"`
	Status            string     `json:"status" gorm:"type:varchar(64);not null;index"`
	Likelihood        *string    `json:"likelihood" gorm:"type:varchar(16)"`
	Impact            *string    `json:"impact" gorm:"type:varchar(16)"`
	BaselineScore     int        `json:"baselineScore" gorm:"not null"`
	ResidualScore     int        `json:"residualScore" gorm:"not null"`
	OpenBaselineScore int        `json:"openBaselineScore" gorm:"not null"`
	OpenResidualScore int        `json:"openResidualScore" gorm:"not null"`
}

func (*RiskScore) BeforeCreate added in v0.15.0 

func (s *RiskScore) BeforeCreate(_ *gorm.DB) error

func (*RiskScore) BeforeDelete added in v0.15.0 

func (s *RiskScore) BeforeDelete(_ *gorm.DB) error

func (*RiskScore) BeforeUpdate added in v0.15.0 

func (s *RiskScore) BeforeUpdate(_ *gorm.DB) error

func (RiskScore) TableName added in v0.15.0 

func (RiskScore) TableName() string

type RiskScoreTimeseriesPoint added in v0.15.0 

type RiskScoreTimeseriesPoint struct {
	BucketStart       time.Time `json:"bucketStart" gorm:"column:bucket_start"`
	OpenBaselineScore int       `json:"openBaselineScore" gorm:"column:open_baseline_score"`
	OpenResidualScore int       `json:"openResidualScore" gorm:"column:open_residual_score"`
}

type RiskService 

type RiskService struct {
	// contains filtered or unexported fields
}

func NewRiskService 

func NewRiskService(db *gorm.DB) *RiskService

func (*RiskService) AcceptRisk 

func (s *RiskService) AcceptRisk(params AcceptRiskParams) (*Risk, error)
func (s *RiskService) AddComponentLink(riskID, componentID uuid.UUID, actorUserID *uuid.UUID) (*RiskComponentLink, error)
func (s *RiskService) AddControlLink(riskID, catalogID uuid.UUID, controlID string, actorUserID *uuid.UUID) (*RiskControlLink, error)
func (s *RiskService) AddEvidenceLink(riskID, evidenceID uuid.UUID, actorUserID *uuid.UUID) (*RiskEvidenceLink, error)
func (s *RiskService) AddSubjectLink(riskID, subjectID uuid.UUID, actorUserID *uuid.UUID) (*RiskSubjectLink, error)

func (*RiskService) AddThreatRef 

func (s *RiskService) AddThreatRef(riskID uuid.UUID, input RiskThreatRefInput, actorUserID *uuid.UUID) (*RiskThreatRef, error)

func (*RiskService) Create 

func (s *RiskService) Create(params CreateRiskParams) (*Risk, error)

func (*RiskService) CreateRemediationTemplate 

func (s *RiskService) CreateRemediationTemplate(riskID uuid.UUID, input *RiskRemediationTemplateInput, actorUserID *uuid.UUID) (*RiskRemediationTemplate, error)

func (*RiskService) Delete 

func (s *RiskService) Delete(riskID uuid.UUID) error
func (s *RiskService) DeleteComponentLink(riskID, componentID uuid.UUID, actorUserID *uuid.UUID) (bool, error)
func (s *RiskService) DeleteControlLink(riskID, catalogID uuid.UUID, controlID string, actorUserID *uuid.UUID) (bool, error)
func (s *RiskService) DeleteEvidenceLink(riskID, evidenceID uuid.UUID, actorUserID *uuid.UUID) (bool, error)

func (*RiskService) DeleteRemediationTemplate 

func (s *RiskService) DeleteRemediationTemplate(riskID uuid.UUID, actorUserID *uuid.UUID) (bool, error)

func (*RiskService) DeleteThreatRef 

func (s *RiskService) DeleteThreatRef(riskID, threatRefID uuid.UUID, actorUserID *uuid.UUID) (bool, error)

func (*RiskService) EnsureRiskExists 

func (s *RiskService) EnsureRiskExists(riskID uuid.UUID) error

func (*RiskService) EnsureRiskInSSP 

func (s *RiskService) EnsureRiskInSSP(riskID, sspID uuid.UUID) error

func (*RiskService) EnsureSSPExists 

func (s *RiskService) EnsureSSPExists(sspID uuid.UUID) error

func (*RiskService) GetAssociations 

func (s *RiskService) GetAssociations(riskID uuid.UUID) (Associations, error)

func (*RiskService) GetAssociationsByRiskIDs 

func (s *RiskService) GetAssociationsByRiskIDs(riskIDs []uuid.UUID) (map[uuid.UUID]Associations, error)

func (*RiskService) GetByID 

func (s *RiskService) GetByID(riskID uuid.UUID) (*Risk, error)

func (*RiskService) GetLinkAssociations 

func (s *RiskService) GetLinkAssociations(riskID uuid.UUID) (Associations, error)

func (*RiskService) GetRemediationTemplate 

func (s *RiskService) GetRemediationTemplate(riskID uuid.UUID) (*RiskRemediationTemplate, error)

func (*RiskService) GetThreatRef 

func (s *RiskService) GetThreatRef(riskID, threatRefID uuid.UUID) (*RiskThreatRef, error)

func (*RiskService) List 

func (s *RiskService) List(params ListParams) ([]Risk, int64, error)
func (s *RiskService) ListComponentLinks(riskID uuid.UUID, limit, offset int) ([]RiskComponentLink, int64, error)
func (s *RiskService) ListControlLinks(riskID uuid.UUID, limit, offset int) ([]RiskControlLink, int64, error)

func (*RiskService) ListEvents 

func (s *RiskService) ListEvents(riskID uuid.UUID, limit, offset int) ([]RiskEvent, int64, error)
func (s *RiskService) ListEvidenceLinks(riskID uuid.UUID, limit, offset int) ([]uuid.UUID, int64, error)

func (*RiskService) ListReviews 

func (s *RiskService) ListReviews(riskID uuid.UUID, limit, offset int) ([]RiskReview, int64, error)

func (*RiskService) ListScoreHistory added in v0.15.0 

func (s *RiskService) ListScoreHistory(riskID uuid.UUID) ([]RiskScore, error)

func (*RiskService) ListScoreHistoryPage added in v0.15.0 

func (s *RiskService) ListScoreHistoryPage(riskID uuid.UUID, limit, offset int) ([]RiskScore, int64, error)

func (*RiskService) ListScoreTimeseries added in v0.15.0 

func (s *RiskService) ListScoreTimeseries(sspID *uuid.UUID, from, to time.Time, bucket string) ([]RiskScoreTimeseriesPoint, error)
func (s *RiskService) ListSubjectLinks(riskID uuid.UUID, limit, offset int) ([]RiskSubjectLink, int64, error)

func (*RiskService) ListThreatRefs 

func (s *RiskService) ListThreatRefs(riskID uuid.UUID, limit, offset int) ([]RiskThreatRef, int64, error)

func (*RiskService) OnPoamItemCompleted added in v0.15.0 

func (s *RiskService) OnPoamItemCompleted(poamItemID uuid.UUID, actorUserID *uuid.UUID) error

OnPoamItemCompleted is called by the POAM handler when a POAM item transitions to the "completed" status. It advances every linked risk that is currently in mitigating-planned status to mitigating-implemented only when all POAM items linked to that risk are completed, emitting a status_changed event and a poam_completed event for each transitioned risk.

Only risks in mitigating-planned are advanced; risks in any other status are left untouched (they may have been manually moved or re-accepted). If any linked POAM item for a risk remains non-completed, that risk is also left untouched.

func (*RiskService) PromoteToPoam added in v0.15.0 

func (s *RiskService) PromoteToPoam(poamSvc *poamsvc.PoamService, params PromoteToPoamParams) (*poamsvc.PoamItem, error)

PromoteToPoam promotes an investigating risk to a POAM item and transitions the risk status to mitigating-planned. The entire operation — POAM item creation, milestone creation, risk link creation, risk status transition, and risk event emission — is executed inside a single database transaction so that no partial state is persisted on failure.

Re-promotion is allowed only if all previously linked POAM items are in completed status. If an active (non-completed) POAM item already exists for this risk, a ValidationError is returned.

func (*RiskService) RecordRiskScoreSnapshot added in v0.15.0 

func (s *RiskService) RecordRiskScoreSnapshot(tx *gorm.DB, riskID uuid.UUID, sourceEventType RiskEventType, actorUserID *uuid.UUID, occurredAt time.Time) error

func (*RiskService) RemediateOrphanedRisks added in v0.15.0 

func (s *RiskService) RemediateOrphanedRisks(
	tx *gorm.DB,
	sspID uuid.UUID,
	newProfileControlSet map[ControlKey]struct{},
) (int, error)

RemediateOrphanedRisks transitions all non-terminal auto-generated risks for the given SSP to remediated when none of their linked controls exist in newProfileControlSet. Closed and already-remediated risks are left untouched. Callers should pass a transaction when status updates and emitted risk events must be committed atomically.

Pass an empty newProfileControlSet when the profile has been unbound entirely (all auto-generated risks become orphaned by definition).

Returns the number of risks that were remediated.

func (*RiskService) ResolveUserIDByEmail 

func (s *RiskService) ResolveUserIDByEmail(email string) (*uuid.UUID, error)

func (*RiskService) ReviewRisk 

func (s *RiskService) ReviewRisk(params ReviewRiskParams) (*Risk, error)

func (*RiskService) Update 

func (s *RiskService) Update(params UpdateRiskParams) (*Risk, error)

func (*RiskService) UpdateThreatRef 

func (s *RiskService) UpdateThreatRef(riskID, threatRefID uuid.UUID, input RiskThreatRefInput, actorUserID *uuid.UUID) (*RiskThreatRef, error)

func (*RiskService) UpsertRemediationTemplate 

func (s *RiskService) UpsertRemediationTemplate(riskID uuid.UUID, input *RiskRemediationTemplateInput, actorUserID *uuid.UUID) (*RiskRemediationTemplate, error)

type RiskSourceType 

type RiskSourceType string
const (
	RiskSourceTypeManual       RiskSourceType = "manual"
	RiskSourceTypeEvidenceAuto RiskSourceType = "evidence-auto"
	RiskSourceTypeOscalImport  RiskSourceType = "oscal-import"
)

func (RiskSourceType) IsValid 

func (s RiskSourceType) IsValid() bool

type RiskStatus 

type RiskStatus string
const (
	RiskStatusOpen                  RiskStatus = "open"
	RiskStatusInvestigating         RiskStatus = "investigating"
	RiskStatusMitigatingPlanned     RiskStatus = "mitigating-planned"
	RiskStatusMitigatingImplemented RiskStatus = "mitigating-implemented"
	RiskStatusRiskAccepted          RiskStatus = "risk-accepted"
	RiskStatusRemediated            RiskStatus = "remediated"
	RiskStatusClosed                RiskStatus = "closed"
)

func (RiskStatus) IsValid 

func (s RiskStatus) IsValid() bool
type RiskSubjectLink struct {
	RiskID      uuid.UUID  `json:"riskId" gorm:"type:uuid;primaryKey"`
	SubjectID   uuid.UUID  `json:"subjectId" gorm:"type:uuid;primaryKey;index"`
	CreatedAt   time.Time  `json:"createdAt"`
	CreatedByID *uuid.UUID `json:"createdById" gorm:"type:uuid;index"`
	Risk        *Risk      `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskSubjectLink) TableName 

func (RiskSubjectLink) TableName() string

type RiskThreatRef 

type RiskThreatRef struct {
	relational.UUIDModel
	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	RiskID uuid.UUID `json:"riskId" gorm:"type:uuid;not null;index;uniqueIndex:idx_risk_threat_refs_unique,priority:1"`

	System     string  `json:"system" gorm:"type:text;not null;uniqueIndex:idx_risk_threat_refs_unique,priority:2"`
	ExternalID string  `json:"externalId" gorm:"column:external_id;type:text;not null;uniqueIndex:idx_risk_threat_refs_unique,priority:3"`
	Title      string  `json:"title" gorm:"type:text;not null"`
	URL        *string `json:"url" gorm:"type:text"`

	Risk *Risk `json:"-" gorm:"foreignKey:RiskID;references:ID;constraint:OnDelete:CASCADE"`
}

func (RiskThreatRef) TableName 

func (RiskThreatRef) TableName() string

type RiskThreatRefInput 

type RiskThreatRefInput struct {
	System     string
	ExternalID string
	Title      string
	URL        *string
}

type SystemComponentLabel 

type SystemComponentLabel struct {
	SystemComponentID uuid.UUID `json:"systemComponentId" gorm:"type:uuid;primaryKey"`
	Key               string    `json:"key" gorm:"type:text;primaryKey;index:idx_system_component_label_key_value,priority:1"`
	Value             string    `json:"value" gorm:"type:text;primaryKey;index:idx_system_component_label_key_value,priority:2"`
}

func (SystemComponentLabel) TableName 

func (SystemComponentLabel) TableName() string

type UpdateRiskParams 

type UpdateRiskParams struct {
	Risk                    *Risk
	ReplaceOwnerAssignments bool
	OwnerAssignments        []RiskOwnerAssignment
	PrimaryOwnerUserID      *uuid.UUID
	ActorUserID             *uuid.UUID
	OldStatus               string
	OldLikelihood           *string
	OldImpact               *string
	StatusChanged           bool
	ScoreChanged            bool
	RecordReview            bool
	ReviewedAt              *time.Time
	ReviewJustification     *string
	ReplaceThreatRefs       bool
	ThreatRefs              []RiskThreatRefInput
	ReplaceRemediation      bool
	Remediation             *RiskRemediationTemplateInput
}

type ValidationError 

type ValidationError struct {
	// contains filtered or unexported fields
}

func (*ValidationError) Error 

func (e *ValidationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.