models

package
v0.92.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2025 License: Apache-2.0 Imports: 16 Imported by: 27

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SortMatches added in v0.88.0 

func SortMatches(matches []Match, strategyName SortStrategy)

SortMatches sorts matches based on a strategy name

Types

type Advisory added in v0.13.0 

type Advisory struct {
	ID   string `json:"id"`
	Link string `json:"link"`
}

type Cvss 

type Cvss struct {
	Source         string      `json:"source,omitempty"`
	Type           string      `json:"type,omitempty"`
	Version        string      `json:"version"`
	Vector         string      `json:"vector"`
	Metrics        CvssMetrics `json:"metrics"`
	VendorMetadata interface{} `json:"vendorMetadata"`
}

type CvssMetrics added in v0.13.0 

type CvssMetrics struct {
	BaseScore           float64  `json:"baseScore"`
	ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
	ImpactScore         *float64 `json:"impactScore,omitempty"`
}

type Document 

type Document struct {
	Matches        []Match        `json:"matches"`
	IgnoredMatches []IgnoredMatch `json:"ignoredMatches,omitempty"`
	Source         *source        `json:"source"`
	Distro         distribution   `json:"distro"`
	Descriptor     descriptor     `json:"descriptor"`
}

Document represents the JSON document to be presented

func NewDocument 

func NewDocument(id clio.Identification, packages []pkg.Package, context pkg.Context, matches match.Matches, ignoredMatches []match.IgnoredMatch, metadataProvider vulnerability.MetadataProvider, appConfig any, dbInfo any, strategy SortStrategy) (Document, error)

NewDocument creates and populates a new Document struct, representing the populated JSON document.

type EPSS added in v0.88.0 

type EPSS struct {
	CVE        string  `json:"cve"`
	EPSS       float64 `json:"epss"`
	Percentile float64 `json:"percentile"`
	Date       string  `json:"date"`
}

type Fix added in v0.13.0 

type Fix struct {
	Versions []string `json:"versions"`
	State    string   `json:"state"`
}

type FixDetails added in v0.89.0 

type FixDetails struct {
	SuggestedVersion string `json:"suggestedVersion"`
}

FixDetails contains any data that is relevant to fixing the vulnerability specific to the package searched with

type IgnoreRule added in v0.21.1 

type IgnoreRule struct {
	Vulnerability    string             `json:"vulnerability,omitempty"`
	Reason           string             `json:"reason,omitempty"`
	Namespace        string             `json:"namespace"`
	FixState         string             `json:"fix-state,omitempty"`
	Package          *IgnoreRulePackage `json:"package,omitempty"`
	VexStatus        string             `json:"vex-status,omitempty"`
	VexJustification string             `json:"vex-justification,omitempty"`
	MatchType        string             `json:"match-type,omitempty"`
}

type IgnoreRulePackage added in v0.21.1 

type IgnoreRulePackage struct {
	Name         string `json:"name,omitempty"`
	Version      string `json:"version,omitempty"`
	Language     string `json:"language"`
	Type         string `json:"type,omitempty"`
	Location     string `json:"location,omitempty"`
	UpstreamName string `json:"upstream-name,omitempty"`
}

type IgnoredMatch added in v0.21.1 

type IgnoredMatch struct {
	Match
	AppliedIgnoreRules []IgnoreRule `json:"appliedIgnoreRules"`
}

type KnownExploited added in v0.88.0 

type KnownExploited struct {
	CVE                        string   `json:"cve"`
	VendorProject              string   `json:"vendorProject,omitempty"`
	Product                    string   `json:"product,omitempty"`
	DateAdded                  string   `json:"dateAdded,omitempty"`
	RequiredAction             string   `json:"requiredAction,omitempty"`
	DueDate                    string   `json:"dueDate,omitempty"`
	KnownRansomwareCampaignUse string   `json:"knownRansomwareCampaignUse"`
	Notes                      string   `json:"notes,omitempty"`
	URLs                       []string `json:"urls,omitempty"`
	CWEs                       []string `json:"cwes,omitempty"`
}

type Match 

type Match struct {
	Vulnerability          Vulnerability           `json:"vulnerability"`
	RelatedVulnerabilities []VulnerabilityMetadata `json:"relatedVulnerabilities"`
	MatchDetails           []MatchDetails          `json:"matchDetails"`
	Artifact               Package                 `json:"artifact"`
}

Match is a single item for the JSON array reported

type MatchDetails 

type MatchDetails struct {
	Type       string      `json:"type"`
	Matcher    string      `json:"matcher"`
	SearchedBy interface{} `json:"searchedBy"` // The specific attributes that were used to search (other than package name and version) --this indicates "how" the match was made.
	Found      interface{} `json:"found"`      // The specific attributes on the vulnerability object that were matched with --this indicates "what" was matched on / within.
	Fix        *FixDetails `json:"fix,omitempty"`
}

MatchDetails contains all data that indicates how the result match was found

type MetadataMock 

type MetadataMock struct {
	// contains filtered or unexported fields
}

MetadataMock provides the behavior required for a vulnerability.Provider for the purpose of testing.

func NewMetadataMock 

func NewMetadataMock() *MetadataMock

NewMetadataMock returns a new instance of MetadataMock.

func (*MetadataMock) VulnerabilityMetadata added in v0.86.1 

func (m *MetadataMock) VulnerabilityMetadata(vuln vulnerability.Reference) (*vulnerability.Metadata, error)

VulnerabilityMetadata returns vulnerability metadata for a given id and recordSource.

type MockVendorMetadata added in v0.13.0 

type MockVendorMetadata struct {
	BaseSeverity string
	Status       string
}

type Package 

type Package struct {
	ID           string            `json:"id"`
	Name         string            `json:"name"`
	Version      string            `json:"version"`
	Type         syftPkg.Type      `json:"type"`
	Locations    file.Locations    `json:"locations"`
	Language     syftPkg.Language  `json:"language"`
	Licenses     []string          `json:"licenses"`
	CPEs         []string          `json:"cpes"`
	PURL         string            `json:"purl"`
	Upstreams    []UpstreamPackage `json:"upstreams"`
	MetadataType string            `json:"metadataType,omitempty"`
	Metadata     interface{}       `json:"metadata,omitempty"`
}

Package is meant to be only the fields that are needed when displaying a single pkg.Package object for the JSON presenter.

type PresenterConfig added in v0.55.0 

type PresenterConfig struct {
	ID       clio.Identification
	Document Document
	SBOM     *sbom.SBOM
	Pretty   bool
}

type SortStrategy added in v0.88.0 

type SortStrategy string
const (
	SortByPackage       SortStrategy = "package"
	SortBySeverity      SortStrategy = "severity"
	SortByThreat        SortStrategy = "epss"
	SortByRisk          SortStrategy = "risk"
	SortByKEV           SortStrategy = "kev"
	SortByVulnerability SortStrategy = "vulnerability"

	DefaultSortStrategy = SortByRisk
)

func SortStrategies added in v0.88.0 

func SortStrategies() []SortStrategy

func (SortStrategy) String added in v0.88.0 

func (s SortStrategy) String() string

type UpstreamPackage added in v0.33.0 

type UpstreamPackage struct {
	Name    string `json:"name"`
	Version string `json:"version,omitempty"`
}

type Vulnerability 

type Vulnerability struct {
	VulnerabilityMetadata
	Fix        Fix        `json:"fix"`
	Advisories []Advisory `json:"advisories"`
	Risk       float64    `json:"risk"`
}

func NewVulnerability 

func NewVulnerability(vuln vulnerability.Vulnerability, metadata *vulnerability.Metadata, versionFormat version.Format) Vulnerability

type VulnerabilityMetadata added in v0.13.0 

type VulnerabilityMetadata struct {
	ID             string           `json:"id"`
	DataSource     string           `json:"dataSource"`
	Namespace      string           `json:"namespace,omitempty"`
	Severity       string           `json:"severity,omitempty"`
	URLs           []string         `json:"urls"`
	Description    string           `json:"description,omitempty"`
	Cvss           []Cvss           `json:"cvss"`
	KnownExploited []KnownExploited `json:"knownExploited,omitempty"`
	EPSS           []EPSS           `json:"epss,omitempty"`
}

func NewVulnerabilityMetadata added in v0.13.0 

func NewVulnerabilityMetadata(id, namespace string, metadata *vulnerability.Metadata) VulnerabilityMetadata

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.