govex

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2024 License: MIT Imports: 14 Imported by: 2

README

GoVEX

Build Status Go Report Card Docs LOC License

govex is a Go package with various VEX helpers, including:

  1. Definition of govex structs for vulnerabilities.
  2. Conversion of Vulnerabilities slice to a GoCharts Table via Vulnerabilities.Table() with customizable columns. This can then be exported as a CSV or XLSX file.

Documentation

Index

Constants

View Source 
const (
	// Vulnerability source category.
	CategoryAntiVirus = "Anti-Virus"
	CategoryContainer = "Container"
	CategoryDAST      = "DAST"
	CategoryPentest   = "Pentest"
	CategorySAST      = "SAST"
	CategorySCA       = "SCA"
	CategorySecret    = "Secret"

	// Common severities
	SeverityCritical      = "Critical"
	SeverityHigh          = "High"
	SeverityMedium        = "Medium"
	SeverityLow           = "Low"
	SeverityInformational = "Informational"
	SeverityNone          = "None"
	SeverityUnknown       = "Unknown"
)
View Source 
const (
	// Status categories
	StatusWithinSLA      = "Within SLA"
	StatusApproachingSLA = "Approaching SLA"
	StatusOutOfSLA       = "Out of SLA"
)
View Source 
const (
	// Status fields. See `docs/status.md` for more.
	StatusIdentified    = "Identified"
	StatusAnalyzing     = "Analyzing"
	StatusValidated     = "Validated"
	StatusMitigated     = "Mitigated"
	StatusInProgress    = "In Progress"
	StatusResolved      = "Resolved"
	StatusRemediated    = "Remediated"
	StatusClosed        = "Closed"
	StatusReopened      = "Reopened"
	StatusNotApplicable = "Not Applicable"
	StatusFalsePositive = "False Positive"
	StatusDeferred      = "Deferred"      // aka postponed
	StatusRiskAccepted  = "Risk Accepted" // aka ignored
)
View Source 
const (
	FieldAcceptedTime        = "Accepted Time"
	FieldAcceptedTimeRFC3339 = "Start Date"
	FieldAgeDays             = "Age"
	FieldCategory            = "Category"
	FieldDescription         = "Description"
	FieldFixVersion          = "Fixed Version"
	FieldID                  = "ID"
	FieldLocationPath        = "Location"
	FieldLocationLineStart   = "Start Line"
	FieldLocationLineEnd     = "End Line"
	FieldName                = "Name"
	FieldNameAndDesc         = "Name+Desc"
	FieldNameWithURL         = "Name+URL"
	FieldReferenceURL        = "Reference URL"
	FieldReferences          = "References"
	FieldResolution          = "Resolution"
	FieldSeverity            = "Severity"
	FieldSLAOpenStatus       = "Open SLA Status"
	FieldStatus              = "Status"
)
View Source 
const (
	NameUnnamedVulerability = "Unnamed Vulnerability"
)

Variables

This section is empty.

Functions

func ParseField 

func ParseField(field string) string

func ParseSeverity 

func ParseSeverity(sev string) (string, error)

func SeveritySliceAll 

func SeveritySliceAll() []string

func SeveritySliceAnalyzed 

func SeveritySliceAnalyzed() []string

func SeveritySliceFinding 

func SeveritySliceFinding() []string

func TableColumnDefinitionSetSAST 

func TableColumnDefinitionSetSAST() table.ColumnDefinitionSet

Types

type Location 

type Location struct {
	Path      *string
	LineStart *uint
	LineEnd   *uint
}

Location provides information on where a vulnerability occurs.

func (Location) LineEndString 

func (l Location) LineEndString() string

func (Location) LineStartString 

func (l Location) LineStartString() string

func (Location) PathString 

func (l Location) PathString() string

type SLAMap 

type SLAMap map[string]int64

SLAMap provides a commen representation of SLAs by severity and day.

func SLAMapFedRAMP 

func SLAMapFedRAMP() SLAMap

func (SLAMap) MustSLAStatusTimesString 

func (slaMap SLAMap) MustSLAStatusTimesString(severity string, startTime *time.Time, evalTime time.Time, unknownString string) string

func (SLAMap) SLAStatusOverdue 

func (slaMap SLAMap) SLAStatusOverdue(severity string, dur time.Duration) (bool, error)

func (SLAMap) SLAStatusTimesString 

func (slaMap SLAMap) SLAStatusTimesString(severity string, startTime *time.Time, evalTime time.Time, unknownString string) (string, error)

type ValueOpts 

type ValueOpts struct {
	SLAMap *SLAMap
}

type Vulnerabilities 

type Vulnerabilities []Vulnerability

func (*Vulnerabilities) CVE20Vulnerabilities 

func (vs *Vulnerabilities) CVE20Vulnerabilities() cve20.Vulnerabilities

func (*Vulnerabilities) FilterFixedInVersion 

func (vs *Vulnerabilities) FilterFixedInVersion(fixVersions []string, severity string) (Vulnerabilities, error)

FilterFixedInVersion returns a filtered subset with a fix version match, including empty string.

func (*Vulnerabilities) FilterFixedInVersionAge 

func (vs *Vulnerabilities) FilterFixedInVersionAge(fixVersion, baseSeverity string, slaDays uint, slaElapsed bool) Vulnerabilities

FilterFixedInVersion returns a filtered subset with a fix version match, including empty string.

func (*Vulnerabilities) FilterFunc 

func (vs *Vulnerabilities) FilterFunc(fnFilter func(j Vulnerability) (bool, error)) (Vulnerabilities, error)

func (*Vulnerabilities) IDs 

func (vs *Vulnerabilities) IDs(unique bool) []string

func (*Vulnerabilities) OrderdListMarkdownBytes 

func (vs *Vulnerabilities) OrderdListMarkdownBytes(opts *ValueOpts) []byte

func (*Vulnerabilities) OrderdListMarkdownLines 

func (vs *Vulnerabilities) OrderdListMarkdownLines(opts *ValueOpts) []string

func (*Vulnerabilities) ReportMarkdownLinesFixedVersion 

func (vs *Vulnerabilities) ReportMarkdownLinesFixedVersion(fixVersion string, releaseDate *time.Time) ([]string, error)

func (*Vulnerabilities) ReportMarkdownLinesVulnsFixed 

func (vs *Vulnerabilities) ReportMarkdownLinesVulnsFixed(fixVersion string, releaseDate *time.Time, baseSeverity string) ([]string, error)

func (*Vulnerabilities) SortByID 

func (vs *Vulnerabilities) SortByID()

func (*Vulnerabilities) Table 

func (vs *Vulnerabilities) Table(colDefs table.ColumnDefinitionSet, opts *ValueOpts) (*table.Table, error)

type Vulnerability 

type Vulnerability struct {
	App                 string         `json:"app,omitempty"`
	ID                  string         `json:"id,omitempty"`
	Category            string         `json:"category,omitempty"`
	Description         string         `json:"description,omitempty"`
	DescriptionLang     string         `json:"descriptionLanguage,omitempty"`
	Fixed               bool           `json:"fixed,omitempty"`
	Location            *Location      `json:"location,omitempty"`
	Metrics             cve20.Metrics  `json:"metrics,omitempty"`
	Name                string         `json:"name,omitempty"`
	References          markdown.Links `json:"references,omitempty"`
	ReferenceURL        string         `json:"referenceURL,omitempty"`
	Resolution          string         `json:"resolution,omitempty"`
	ResolutionTime      *time.Time     `json:"resolutionDate,omitempty"`
	Severity            string         `json:"severity,omitempty"`
	SLATimeStart        *time.Time     `json:"slaTimeStart,omitempty"`
	SLAStatus           string         `json:"slaStatus,omitempty"`
	SourceIdentifier    string         `json:"sourceIdentifier"`
	StartTime           *time.Time     `json:"startDate,omitempty"`
	Status              string         `json:"status,omitempty"`
	VersionEndExcluding string         `json:"versionEndExcluding,omitempty"`

	ProcSLAEvalTime time.Time
}

func (*Vulnerability) AgeDays 

func (vn *Vulnerability) AgeDays(evalTime time.Time, unknownDays int) int

func (*Vulnerability) BuildSLAStatusString 

func (vn *Vulnerability) BuildSLAStatusString(slaMapDays SLAMap, slaEvalTime time.Time, unknownString string) string

func (*Vulnerability) CVE 

func (vn *Vulnerability) CVE() cve20.CVE

func (*Vulnerability) StartTimeString 

func (vn *Vulnerability) StartTimeString(layout string, unsetTimeString string) string

func (*Vulnerability) Value 

func (vn *Vulnerability) Value(field, defaultValue string, opts *ValueOpts) string

func (*Vulnerability) Values 

func (vn *Vulnerability) Values(colDefs table.ColumnDefinitions, opts *ValueOpts) []string

func (*Vulnerability) ValuesStrings 

func (vn *Vulnerability) ValuesStrings(fields []string, opts *ValueOpts) []string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.