models

package

v0.4.7 Latest Latest Go to latest Published: Apr 9, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/l3montree-dev/flawfix

Links

Open Source Insights

Documentation ¶

Index ¶

type Affected
type AffectedComponent
- func (affectedComponent *AffectedComponent) SetIdHash()
- func (affectedComponent AffectedComponent) TableName() string
type Asset
- func (m Asset) TableName() string
type AssetType
type CPEMatch
type CVE
- func (m CVE) GetReferences() ([]cveReference, error)
- func (m CVE) TableName() string
type CWE
- func (m CWE) TableName() string
type Comment
- func (m Comment) TableName() string
type Component
- func (c Component) TableName() string
type Config
- func (Config) TableName() string
type Flaw
- func (f *Flaw) BeforeCreate(tx *gorm.DB) (err error)
- func (m *Flaw) CalculateHash() string
- func (m *Flaw) GetArbitraryJsonData() map[string]any
- func (m *Flaw) SetArbitraryJsonData(data map[string]any)
- func (m *Flaw) SetIdHash()
- func (m Flaw) TableName() string
type FlawEvent
- func NewDetectedEvent(flawID string, userID string) FlawEvent
- func NewFixedEvent(flawID string, userID string) FlawEvent
- func (e FlawEvent) Apply(flaw Flaw) Flaw
- func (m FlawEvent) TableName() string
type FlawEventType
type FlawState
type Mitigation
type Model
- func (a Model) GetID() uuid.UUID
- func (m Model) TableName() string
type OSV
- func (osv OSV) GetAffectedPackages() []AffectedComponent
- func (osv OSV) GetCVE() []string
- func (osv OSV) IsCVE() bool
type Org
type PAT
- func (p PAT) GetUserID() string
- func (p PAT) HashToken(token string) string
- func (p PAT) TableName() string
type Project
- func (m Project) TableName() string
type RequirementLevel
type Severity
type Type
type VulnInPackage
- func (v VulnInPackage) GetFixedVersion() string
- func (v VulnInPackage) GetIntroducedVersion() string
type Weakness
- func (m Weakness) TableName() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Affected ¶

type Affected struct {
	Package          pkg      `json:"package"`
	Ranges           []rng    `json:"ranges"`
	Versions         []string `json:"versions"`
	DatabaseSpecific struct {
		Source string `json:"source"`
	} `json:"database_specific"`
}

type AffectedComponent ¶

type AffectedComponent struct {
	ID               string  `json:"id" gorm:"primaryKey;"`
	PURL             string  `json:"purl" gorm:"type:text;column:purl"`
	Ecosystem        string  `json:"ecosystem" gorm:"type:text;"`
	Scheme           string  `json:"scheme" gorm:"type:text;"`
	Type             string  `json:"type" gorm:"type:text;"`
	Name             string  `json:"name" gorm:"type:text;"`
	Namespace        *string `json:"namespace" gorm:"type:text;"`
	Qualifiers       *string `json:"qualifiers" gorm:"type:text;"`
	Subpath          *string `json:"subpath" gorm:"type:text;"`
	Version          *string `json:"version"` // either version or semver is defined
	SemverIntroduced *string `json:"semver_start" gorm:"type:semver;"`
	SemverFixed      *string `json:"semver_end" gorm:"type:semver;"`

	CVE []CVE `json:"cves" gorm:"many2many:cve_affected_component;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
}

func (*AffectedComponent) SetIdHash ¶

func (affectedComponent *AffectedComponent) SetIdHash()

func (AffectedComponent) TableName ¶

func (affectedComponent AffectedComponent) TableName() string

type Asset ¶

type Asset struct {
	Model
	Name string `json:"name" gorm:"type:text"`
	Slug string `json:"slug" gorm:"type:text;uniqueIndex:idx_app_project_slug;not null;"`

	ProjectID   uuid.UUID `json:"projectId" gorm:"uniqueIndex:idx_app_project_slug;not null;type:uuid;"`
	Description string    `json:"description" gorm:"type:text"`
	Flaws       []Flaw    `json:"flaws" gorm:"foreignKey:AssetID;constraint:OnDelete:CASCADE;"`

	Type AssetType `json:"type" gorm:"type:text;not null;"`

	Importance            int  `json:"importance" gorm:"default:1;"`
	ReachableFromInternet bool `json:"reachableFromInternet" gorm:"default:false;"`

	ConfidentialityRequirement RequirementLevel `json:"confidentialityRequirement" gorm:"default:'high';not null;type:text;"`
	IntegrityRequirement       RequirementLevel `json:"integrityRequirement" gorm:"default:'high';not null;type:text;"`
	AvailabilityRequirement    RequirementLevel `json:"availabilityRequirement" gorm:"default:'high';not null;type:text;"`

	Components []Component `json:"components" gorm:"many2many:asset_components;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`

	Version             string    `json:"version" gorm:"type:text;"`
	LastComponentUpdate time.Time `json:"lastComponentUpdate"`
}

func (Asset) TableName ¶

func (m Asset) TableName() string

type AssetType ¶

type AssetType string

const (
	AssetTypeApplication    AssetType = "application"
	AssetTypeInfrastructure AssetType = "infrastructure"
)

type CPEMatch ¶

type CPEMatch struct {
	MatchCriteriaID string `json:"matchCriteriaId" gorm:"primaryKey;type:text;"`
	Criteria        string `json:"criteria" gorm:"type:text;"`
	Part            string `json:"part" gorm:"type:text;"`
	Vendor          string `json:"vendor" gorm:"type:text;"`
	Product         string `json:"product" gorm:"type:text;"`
	Version         string `json:"version" gorm:"type:text;"`
	Update          string `json:"update" gorm:"type:text;"`
	Edition         string `json:"edition" gorm:"type:text;"`
	Language        string `json:"language" gorm:"type:text;"`
	SwEdition       string `json:"swEdition" gorm:"type:text;"`
	TargetSw        string `json:"targetSw" gorm:"type:text;"`
	TargetHw        string `json:"targetHw" gorm:"type:text;"`
	Other           string `json:"other" gorm:"type:text;"`

	VersionEndExcluding   string `json:"versionEndExcluding" gorm:"type:text;"`
	VersionStartIncluding string `json:"versionStartIncluding" gorm:"type:text;"`

	Vulnerable bool `json:"vulnerable" gorm:"type:boolean;"`

	CVEs []*CVE `json:"cve" gorm:"many2many:cve_cpe_match;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
}

type CVE ¶

type CVE struct {
	CVE string `json:"cve" gorm:"primaryKey;not null;type:text;"`

	CreatedAt time.Time `json:"createdAt"`
	UpdatedAt time.Time `json:"updatedAt"`

	DatePublished    time.Time `json:"datePublished"`
	DateLastModified time.Time `json:"dateLastModified"`

	Weaknesses  []*Weakness `json:"weaknesses" gorm:"foreignKey:CVEID;constraint:OnDelete:CASCADE;"`
	Description string      `json:"description" gorm:"type:text;"`

	CVSS                float32  `json:"cvss" gorm:"type:decimal(4,2);"`
	Severity            Severity `json:"severity"`
	ExploitabilityScore float32  `json:"exploitabilityScore" gorm:"type:decimal(4,2);"`
	ImpactScore         float32  `json:"impactScore" gorm:"type:decimal(4,2);"`

	AttackVector          string `json:"attackVector"`
	AttackComplexity      string `json:"attackComplexity"`
	PrivilegesRequired    string `json:"privilegesRequired"`
	UserInteraction       string `json:"userInteractionRequired"`
	Scope                 string `json:"scope"`
	ConfidentialityImpact string `json:"confidentialityImpact"`
	IntegrityImpact       string `json:"integrityImpact"`
	AvailabilityImpact    string `json:"availabilityImpact"`

	References string `json:"references" gorm:"type:text;"`

	CISAExploitAdd        *datatypes.Date `json:"cisaExploitAdd" gorm:"type:date;"`
	CISAActionDue         *datatypes.Date `json:"cisaActionDue" gorm:"type:date;"`
	CISARequiredAction    string          `json:"cisaRequiredAction" gorm:"type:text;"`
	CISAVulnerabilityName string          `json:"cisaVulnerabilityName" gorm:"type:text;"`

	Configurations []*CPEMatch `json:"configurations" gorm:"many2many:cve_cpe_match;"`

	EPSS       *float32 `json:"epss" gorm:"type:decimal(6,5);"`
	Percentile *float32 `json:"percentile" gorm:"type:decimal(6,5);"`
}

func (CVE) GetReferences ¶

func (m CVE) GetReferences() ([]cveReference, error)

func (CVE) TableName ¶

func (m CVE) TableName() string

type CWE ¶

type CWE struct {
	CreatedAt time.Time    `json:"createdAt"`
	UpdatedAt time.Time    `json:"updatedAt"`
	DeletedAt sql.NullTime `gorm:"index" json:"-"`

	CWE string `json:"cwe" gorm:"primaryKey;not null;"`

	Description string `json:"description" gorm:"type:text;"`
}

func (CWE) TableName ¶

func (m CWE) TableName() string

type Comment ¶

type Comment struct {
	Model
	FlawID  uuid.UUID `json:"flawId"`
	UserID  uuid.UUID `json:"userId"`
	Comment string    `json:"comment"`
}

func (Comment) TableName ¶

func (m Comment) TableName() string

type Component ¶

type Component struct {
	// either cpe or purl is set
	PurlOrCpe string      `json:"purlOrCpe" gorm:"primaryKey;column:purl_or_cpe"`
	DependsOn []Component `json:"dependsOn" gorm:"many2many:component_dependencies;"`
}

func (Component) TableName ¶

func (c Component) TableName() string

type Config ¶

type Config struct {
	Key string `gorm:"primarykey"`
	Val string `gorm:"type:text"`
}

func (Config) TableName ¶

func (Config) TableName() string

type Flaw ¶

type Flaw struct {
	ID string `json:"id" gorm:"primaryKey;not null;"`
	// the scanner which was used to detect this flaw
	ScannerID string `json:"scanner" gorm:"not null;"`

	Message  *string     `json:"message"`
	Comments []Comment   `gorm:"foreignKey:FlawID;constraint:OnDelete:CASCADE;" json:"comments"`
	Events   []FlawEvent `gorm:"foreignKey:FlawID;constraint:OnDelete:CASCADE;" json:"events"`
	AssetID  uuid.UUID   `json:"assetId" gorm:"not null;"`
	State    FlawState   `json:"state" gorm:"default:'open';not null;type:text;"`

	CVE                *CVE       `json:"cve"`
	CVEID              string     `json:"cveId" gorm:"null;type:text;default:null;"`
	Component          *Component `json:"component" gorm:"foreignKey:ComponentPurlOrCpe;constraint:OnDelete:CASCADE;"`
	ComponentPurlOrCpe string     `json:"componentPurlOrCpe" gorm:"type:text;default:null;"`

	Effort            *int `json:"effort" gorm:"default:null;"`
	RiskAssessment    *int `json:"riskAssessment" gorm:"default:null;"`
	RawRiskAssessment *int `json:"rawRiskAssessment" gorm:"default:null;"`

	Priority *int `json:"priority" gorm:"default:null;"`

	ArbitraryJsonData string `json:"arbitraryJsonData" gorm:"type:text;"`

	LastDetected time.Time `json:"lastDetected" gorm:"default:now();not null;"`

	CreatedAt time.Time    `json:"createdAt"`
	UpdatedAt time.Time    `json:"updatedAt"`
	DeletedAt sql.NullTime `gorm:"index" json:"-"`
	// contains filtered or unexported fields
}

func (*Flaw) BeforeCreate ¶

func (f *Flaw) BeforeCreate(tx *gorm.DB) (err error)

func (*Flaw) CalculateHash ¶

func (m *Flaw) CalculateHash() string

func (*Flaw) GetArbitraryJsonData ¶

func (m *Flaw) GetArbitraryJsonData() map[string]any

func (*Flaw) SetArbitraryJsonData ¶

func (m *Flaw) SetArbitraryJsonData(data map[string]any)

func (*Flaw) SetIdHash ¶

func (m *Flaw) SetIdHash()

func (Flaw) TableName ¶

func (m Flaw) TableName() string

type FlawEvent ¶

type FlawEvent struct {
	Model
	Type   FlawEventType `json:"type" gorm:"type:text"`
	FlawID string        `json:"flawId"`
	UserID string        `json:"userId"`

	Payload *datatypes.JSON `json:"payload" gorm:"type:jsonb"`
}

func NewDetectedEvent ¶

func NewDetectedEvent(flawID string, userID string) FlawEvent

func NewFixedEvent ¶

func NewFixedEvent(flawID string, userID string) FlawEvent

func (FlawEvent) Apply ¶

func (e FlawEvent) Apply(flaw Flaw) Flaw

func (FlawEvent) TableName ¶

func (m FlawEvent) TableName() string

type FlawEventType ¶

type FlawEventType string

const (
	EventTypeDetected FlawEventType = "detected"
	EventTypeFixed    FlawEventType = "fixed"

	EventTypeRiskAssessmentUpdated FlawEventType = "riskAssessmentUpdated"
)

type FlawState ¶

type FlawState string

const (
	FlawStateOpen                FlawState = "open"
	FlawStateFixed               FlawState = "fixed"
	FlawStateAccepted            FlawState = "accepted"
	FlawStateMarkedForMitigation FlawState = "markedForMitigation"
	FlawStateFalsePositive       FlawState = "falsePositive"
)

type Mitigation ¶

type Mitigation struct {
	Model
	Type             Type      `json:"mitigationType"`
	InitiatingUserID string    `json:"initiatingUserId"`
	ResultID         uuid.UUID `json:"resultId"`

	DueDate    *time.Time     `json:"dueDate"`
	Properties datatypes.JSON `gorm:"type:jsonb;default:'{}';not null"`

	MitigationPending bool   `json:"mitigationPending" gorm:"default:false"` // will be true for fix and transfer types - we are waiting for another scan report which verifies, that the related result is fixed. Will be false for avoid and accept types
	Justification     string `json:"justification"`
}

type Model ¶

type Model struct {
	ID        uuid.UUID    `gorm:"primarykey;type:uuid;default:gen_random_uuid()" json:"id"`
	CreatedAt time.Time    `json:"createdAt"`
	UpdatedAt time.Time    `json:"updatedAt"`
	DeletedAt sql.NullTime `gorm:"index" json:"-"`
}

func (Model) GetID ¶

func (a Model) GetID() uuid.UUID

func (Model) TableName ¶

func (m Model) TableName() string

type OSV ¶

type OSV struct {
	ID            string     `json:"id"`
	Summary       string     `json:"summary"`
	Modified      time.Time  `json:"modified"`
	Published     time.Time  `json:"published"`
	Related       []string   `json:"related"`
	Aliases       []string   `json:"aliases"`
	Affected      []Affected `json:"affected"`
	SchemaVersion string     `json:"schema_version"`
}

func (OSV) GetAffectedPackages ¶

func (osv OSV) GetAffectedPackages() []AffectedComponent

func (OSV) GetCVE ¶

func (osv OSV) GetCVE() []string

func (OSV) IsCVE ¶

func (osv OSV) IsCVE() bool

type Org ¶

type Org struct {
	Model
	Name                   string    `json:"name" gorm:"type:text"`
	ContactPhoneNumber     *string   `json:"contactPhoneNumber" gorm:"type:text"`
	NumberOfEmployees      *int      `json:"numberOfEmployees"`
	Country                *string   `json:"country" gorm:"type:text"`
	Industry               *string   `json:"industry" gorm:"type:text"`
	CriticalInfrastructure bool      `json:"criticalInfrastructure"`
	ISO27001               bool      `json:"iso27001"`
	NIST                   bool      `json:"nist"`
	Grundschutz            bool      `json:"grundschutz"`
	Projects               []Project `json:"projects" gorm:"foreignKey:OrganizationID;constraint:OnDelete:CASCADE;"`
	Slug                   string    `json:"slug" gorm:"type:text;unique;not null;index"`
	Description            string    `json:"description" gorm:"type:text"`
}

type PAT ¶

type PAT struct {
	CreatedAt   time.Time `json:"createdAt"`
	UserID      uuid.UUID `json:"userId"`
	Token       string    `json:"-"`
	Description string    `json:"description" gorm:"type:text"`
	ID          uuid.UUID `json:"id" gorm:"type:uuid;default:gen_random_uuid()"`
}

func (PAT) GetUserID ¶

func (p PAT) GetUserID() string

func (PAT) HashToken ¶

func (p PAT) HashToken(token string) string

func (PAT) TableName ¶

func (p PAT) TableName() string

type Project ¶

type Project struct {
	Model
	Name           string    `json:"name" gorm:"type:text"`
	Assets         []Asset   `json:"assets" gorm:"foreignKey:ProjectID;constraint:OnDelete:CASCADE;"`
	OrganizationID uuid.UUID `json:"organizationId" gorm:"uniqueIndex:idx_project_org_slug;not null;type:uuid"`
	Slug           string    `json:"slug" gorm:"type:text;uniqueIndex:idx_project_org_slug;not null"`
	Description    string    `json:"description" gorm:"type:text"`
}

func (Project) TableName ¶

func (m Project) TableName() string

type RequirementLevel ¶

type RequirementLevel string

const (
	RequirementLevelLow    RequirementLevel = "low"
	RequirementLevelMedium RequirementLevel = "medium"
	RequirementLevelHigh   RequirementLevel = "high"
)

type Severity ¶

type Severity string

const (
	SeverityCritical Severity = "critical"
	SeverityHigh     Severity = "high"
	SeverityMedium   Severity = "medium"
	SeverityLow      Severity = "low"
	SeverityInfo     Severity = "info"
)

type Type ¶

type Type string

const (
	TypeAvoid    Type = "avoid"
	TypeAccept   Type = "accept"
	TypeFix      Type = "fix"
	TypeTransfer Type = "transfer"
)

type VulnInPackage ¶

type VulnInPackage struct {
	CVEID             string
	CVE               CVE
	FixedVersion      *string
	IntroducedVersion *string
	PackageName       string
	PurlWithVersion   string
}

func (VulnInPackage) GetFixedVersion ¶

func (v VulnInPackage) GetFixedVersion() string

func (VulnInPackage) GetIntroducedVersion ¶

func (v VulnInPackage) GetIntroducedVersion() string

type Weakness ¶

type Weakness struct {
	Source string `json:"source" gorm:"type:text;"`
	Type   string `json:"type" gorm:"type:text;"`
	CVEID  string `json:"cve" gorm:"primaryKey;not null;type:text;"`
	CVE    CVE
	CWEID  string `json:"cwe" gorm:"primaryKey;not null;type:text;"`
}

func (Weakness) TableName ¶

func (m Weakness) TableName() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL