csaf

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2023 License: Apache-2.0 Imports: 4 Imported by: 4

Documentation

Overview

Package csaf provides a library for Common Security Advisory Framework Version 2.0 (CSAF) documents.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CSAF 

type CSAF struct {
	// Document contains metadata about the CSAF document itself.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
	Document DocumentMetadata `json:"document"`

	// ProductTree contains information about the product tree (branches only).
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#322-product-tree-property
	ProductTree ProductBranch `json:"product_tree"`

	// Vulnerabilities contains information about the vulnerabilities,
	// (i.e. CVEs), associated threats, and product status.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property
	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}

CSAF is a Common Security Advisory Framework Version 2.0 document.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html

func Open 

func Open(path string) (*CSAF, error)

Open reads and parses a given file path and returns a CSAF document or an error if the file could not be opened or parsed.

func (*CSAF) FirstProductName 

func (csafDoc *CSAF) FirstProductName() string

FirstProductName returns the first product name in the product tree or an empty string if no product name is found.

func (*CSAF) ListProducts added in v0.2.1 

func (csafDoc *CSAF) ListProducts() ProductList

type DocumentMetadata 

type DocumentMetadata struct {
	// Aggregate severity is a vehicle that is provided by the document producer to convey the urgency and
	// criticality with which the one or more vulnerabilities reported should be addressed.
	//
	Title      string      `json:"title"`
	Tracking   Tracking    `json:"tracking"`
	References []Reference `json:"references"`
}

DocumentMetadata contains metadata about the CSAF document itself.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property

type Flag added in v0.2.1 

type Flag struct {
	Label      string    `json:"label"`
	Date       time.Time `json:"date"`
	GroupIDs   []string  `json:"group_ids"`
	ProductIDs []string  `json:"product_ids"`
}

Machine readable flags for products related to the Vulnerability

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3235-vulnerabilities-property---flags

type Product 

type Product struct {
	Name                 string            `json:"name"`
	ID                   string            `json:"product_id"`
	IdentificationHelper map[string]string `json:"product_identification_helper"`
}

Product contains information used to identify a product.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3124-branches-type---product

type ProductBranch 

type ProductBranch struct {
	Category      string          `json:"category"`
	Name          string          `json:"name"`
	Branches      []ProductBranch `json:"branches"`
	Product       Product         `json:"product,omitempty"`
	Relationships []Relationship  `json:"relationships"`
}

ProductBranch is a recursive struct that contains information about a product and its nested products.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3221-product-tree-property---branches

func (*ProductBranch) FindFirstProduct 

func (branch *ProductBranch) FindFirstProduct() string

FindFirstProduct recursively searches for the first product identifier in the tree and returns it or an empty string if no product identifier is found.

func (*ProductBranch) FindFirstProductName added in v0.2.1 

func (branch *ProductBranch) FindFirstProductName() string

FindFirstProductName recursively searches for the first product name in the tree and returns it or an empty string if no product name is found.

func (*ProductBranch) FindProductIdentifier 

func (branch *ProductBranch) FindProductIdentifier(helperType, helperValue string) *Product

FindProductIdentifier recursively searches for the first product identifier in the tree

func (*ProductBranch) ListProducts added in v0.2.1 

func (branch *ProductBranch) ListProducts() ProductList

ListProducts returns a flat list of all products in the branch

type ProductList added in v0.2.1 

type ProductList []Product

func (*ProductList) Add added in v0.2.1 

func (pl *ProductList) Add(p Product)

Add adds a prodocut to the product list if its not there, matching id and software identifiers.

type Reference added in v0.2.1 

type Reference struct {
	Category string `json:"category"`
	Summary  string `json:"summary"`
	URL      string `json:"url"`
}

Document references holds a list of references associated with the whole document.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3219-document-property---references

type Relationship added in v0.2.1 

type Relationship struct {
	Category            string  `json:"category"`
	FullProductName     Product `json:"full_product_name"`
	ProductRef          string  `json:"product_reference"`
	RelatesToProductRef string  `json:"relates_to_product_reference"`
}

Relationship establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3224-product-tree-property---relationships

type RemediationData added in v0.2.1 

type RemediationData struct {
	Category     string      `json:"category"`
	Date         time.Time   `json:"date"`
	Details      string      `json:"details"`
	Entitlements []string    `json:"entitlements"`
	GroupIDs     []string    `json:"group_ids"`
	ProductIDs   []string    `json:"product_ids"`
	Restart      RestartData `json:"restart_required"`
}

RemediationData contains information about how to remediate a vulnerability for a set of products.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32312-vulnerabilities-property---remediations

type RestartData added in v0.2.1 

type RestartData struct {
	Category string `json:"category"`
	Details  string `json:"details"`
}

Remediation instructions for restart of affected software.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323127-vulnerabilities-property---remediations---restart-required

type ThreatData 

type ThreatData struct {
	Category   string   `json:"category"`
	Details    string   `json:"details"`
	ProductIDs []string `json:"product_ids"`
}

ThreatData contains information about a threat to a product.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32314-vulnerabilities-property---threats

type Tracking 

type Tracking struct {
	ID                 string    `json:"id"`
	CurrentReleaseDate time.Time `json:"current_release_date"`
	InitialReleaseDate time.Time `json:"initial_release_date"`
}

Tracking contains information used to track the CSAF document through its lifecycle.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32112-document-property---tracking

type TrackingID added in v0.2.1 

type TrackingID struct {
	SystemName string `json:"system_name"`
	Text       string `json:"text"`
}

Every ID item with the two mandatory properties System Name (system_name) and Text (text) contains a single unique label or tracking ID for the vulnerability.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids

type Vulnerability 

type Vulnerability struct {
	// MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3232-vulnerabilities-property---cve
	CVE string `json:"cve"`

	// List of IDs represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
	IDs []TrackingID `json:"ids"`

	// Provide details on the status of the referenced product related to the vulnerability.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3239-vulnerabilities-property---product-status
	ProductStatus map[string][]string `json:"product_status"`

	// Provide details of threats associated with a vulnerability.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32314-vulnerabilities-property---threats
	Threats []ThreatData `json:"threats"`

	// Provide details of remediations associated with a Vulnerability
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32312-vulnerabilities-property---remediations
	Remediations []RemediationData `json:"remediations"`

	// Machine readable flags for products related to vulnerability
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3235-vulnerabilities-property---flags
	Flags []Flag `json:"flags"`

	// Vulnerability references holds a list of references associated with this vulnerability item.
	//
	// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32310-vulnerabilities-property---references
	References []Reference `json:"references"`

	ReleaseDate time.Time `json:"release_date"`
}

Vulnerability contains information about a CVE and its associated threats.

https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.