vulnmap

package
v0.0.0-...-062a95f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

README

Vulnmap Domain

In the context of the Language Server, the "vulnmap domain" refers to all the elements that are provided by Vulnmap. E.g. product lines, issues, fixes, analysis...

The Vulnmap domain does not necessarily contain implementation details such as specific product lines.

Documentation

Index

Constants

View Source 
const (
	NavigateToRangeCommand       = "vulnmap.navigateToRange"
	WorkspaceScanCommand         = "vulnmap.workspace.scan"
	WorkspaceFolderScanCommand   = "vulnmap.workspaceFolder.scan"
	OpenBrowserCommand           = "vulnmap.openBrowser"
	LoginCommand                 = "vulnmap.login"
	CopyAuthLinkCommand          = "vulnmap.copyAuthLink"
	LogoutCommand                = "vulnmap.logout"
	TrustWorkspaceFoldersCommand = "vulnmap.trustWorkspaceFolders"
	OpenLearnLesson              = "vulnmap.openLearnLesson"
	GetLearnLesson               = "vulnmap.getLearnLesson"
	GetSettingsSastEnabled       = "vulnmap.getSettingsSastEnabled"
	GetActiveUserCommand         = "vulnmap.getActiveUser"
	ReportAnalyticsCommand       = "vulnmap.reportAnalytics"

	// Vulnmap Code specific commands
	CodeFixCommand        = "vulnmap.code.fix"
	CodeSubmitFixFeedback = "vulnmap.code.submitFixFeedback"
)
View Source 
const TestProduct product.Product = "Test Product"

Variables

View Source 
var (
	DefaultOpenBrowserFunc = func(url string) { auth.OpenBrowser(url) }
)
View Source 
var ErrEmptyAPIToken = errors.New("auth-provider: api token is not set")

Functions

func AuthenticationCheck 

func AuthenticationCheck() (string, error)

func NoopResultProcessor 

func NoopResultProcessor(_ ScanData)

Types

type ActiveUser 

type ActiveUser struct {
	Id       string `json:"id"`
	UserName string `json:"username,omitempty"`
	Orgs     []struct {
		Name  string `json:"name,omitempty"`
		Id    string `json:"id,omitempty"`
		Group struct {
			Name string `json:"name,omitempty"`
			Id   string `json:"id,omitempty"`
		} `json:"group,omitempty"`
	} `json:"orgs,omitempty"`
}

func GetActiveUser 

func GetActiveUser() (*ActiveUser, error)

type AuthenticationFailedError 

type AuthenticationFailedError struct {
	ManualAuthentication bool
}

func (*AuthenticationFailedError) Error 

func (e *AuthenticationFailedError) Error() string

type AuthenticationFunction 

type AuthenticationFunction func() (string, error)

type AuthenticationProvider 

type AuthenticationProvider interface {
	// Authenticate triggers the authentication. This may involve manual steps, like logging in using a browser
	Authenticate(ctx context.Context) (string, error)

	// ClearAuthentication removes all authentication information from the configuration
	ClearAuthentication(ctx context.Context) error

	// AuthURL returns the latest provided AuthenticationURL. This can be empty.
	AuthURL(ctx context.Context) string
	// SetAuthURL sets the latest provided Authentication URL. This is a temporary URL.
	SetAuthURL(url string)

	GetCheckAuthenticationFunction() AuthenticationFunction
}

type AuthenticationService 

type AuthenticationService interface {
	// Authenticate attempts to authenticate the user, and sends a notification to the client when successful
	Authenticate(ctx context.Context) (string, error)

	Provider() AuthenticationProvider

	// UpdateCredentials stores the token in the configuration, and sends a $/vulnmap.hasAuthenticated notification to the
	// client if sendNotification is true
	UpdateCredentials(newToken string, sendNotification bool)

	Logout(ctx context.Context)

	// IsAuthenticated returns true if the token is verified
	IsAuthenticated() (bool, error)

	// SetProvider sets the authentication provider
	SetProvider(provider AuthenticationProvider)
}

func NewAuthenticationService 

func NewAuthenticationService(
	authenticationProvider AuthenticationProvider,
	analytics ux.Analytics,
	errorReporter error_reporting.ErrorReporter,
	notifier noti.Notifier,
) AuthenticationService

type CodeAction 

type CodeAction struct {
	// Title is a short, human-readable, title for this code action.
	Title string

	IsPreferred *bool

	// Edit is an optional WorkspaceEdit literal that can be executed by the client.
	Edit *WorkspaceEdit

	// DeferredEdit is a function that returns a WorkspaceEdit.
	// Used for heavy calculations that shouldn't be done ahead of time.
	// A CodeAction cannot have both Edit and DeferredEdit.
	DeferredEdit *func() *WorkspaceEdit

	// Command that will be executed after the Edit (if present).
	Command *CommandData

	// DeferredCommand is a function that returns a Command.
	// Used for heavy calculations that shouldn't be done ahead of time.
	// A CodeAction cannot have both Command and DeferredCommand.
	DeferredCommand *func() *CommandData

	// UUID is a unique identifier for this code action. This is used for deferred resolution of a command or edit.
	Uuid *uuid.UUID
}

CodeAction represents a code action that can be executed by the client using an in-document menu. This type should be created by the NewCodeAction or NewDeferredCodeAction functions.

There are 3 types of code actions: - No Edit + No CommandData - Deferred code action, which means that either DeferredEdit or DeferredCommand must be set. - Only edit/Only command - Resolved immediately to run the edit/command. - Both edit and command - Resolved immediately to run edit first and then command.

func NewCodeAction 

func NewCodeAction(title string, edit *WorkspaceEdit, command *CommandData) (CodeAction, error)

func NewDeferredCodeAction 

func NewDeferredCodeAction(title string,
	deferredEdit *func() *WorkspaceEdit,
	deferredCommand *func() *CommandData,
) (CodeAction, error)

func NewPreferredCodeAction 

func NewPreferredCodeAction(title string, edit *WorkspaceEdit, command *CommandData) (CodeAction, error)

type CodeIssueData 

type CodeIssueData struct {
	// Unique key identifying an issue in the whole result set
	Key                string             `json:"key"`
	Title              string             `json:"title"`
	Message            string             `json:"message"`
	Rule               string             `json:"rule"`
	RuleId             string             `json:"ruleId"`
	RepoDatasetSize    int                `json:"repoDatasetSize"`
	ExampleCommitFixes []ExampleCommitFix `json:"exampleCommitFixes"`
	CWE                []string           `json:"cwe"`
	Text               string             `json:"text"`
	Markers            []Marker           `json:"markers,omitempty"`
	Cols               CodePoint          `json:"cols"`
	Rows               CodePoint          `json:"rows"`
	IsSecurityType     bool               `json:"isSecurityType"`
	IsAutofixable      bool               `json:"isAutofixable"`
}

type CodePoint 

type CodePoint = [2]int

type Command 

type Command interface {
	Command() CommandData
	Execute(ctx context.Context) (any, error)
}

type CommandData 

type CommandData struct {
	/**
	 * Title of the command, like `save`.
	 */
	Title string
	/**
	 * The identifier of the actual command handler.
	 */
	CommandId string
	/**
	 * Arguments that the command handler should be
	 * invoked with.
	 */
	Arguments []any
}

type CommandName 

type CommandName string

type CommandService 

type CommandService interface {
	ExecuteCommandData(ctx context.Context, commandData CommandData, server lsp.Server) (any, error)
}

type CommandServiceMock 

type CommandServiceMock struct {
	// contains filtered or unexported fields
}

func NewCommandServiceMock 

func NewCommandServiceMock() *CommandServiceMock

func (*CommandServiceMock) ExecuteCommandData 

func (service *CommandServiceMock) ExecuteCommandData(_ context.Context, command CommandData, server lsp.Server) (any, error)

todo:test

func (*CommandServiceMock) ExecutedCommands 

func (service *CommandServiceMock) ExecutedCommands() []CommandData

type CommitChangeLine 

type CommitChangeLine struct {
	Line       string `json:"line"`
	LineNumber int    `json:"lineNumber"`
	LineChange string `json:"lineChange"`
}

type DelegatingConcurrentScanner 

type DelegatingConcurrentScanner struct {
	// contains filtered or unexported fields
}

DelegatingConcurrentScanner is a simple Scanner Implementation that delegates on other scanners asynchronously

func (*DelegatingConcurrentScanner) ClearInlineValues 

func (sc *DelegatingConcurrentScanner) ClearInlineValues(path string)

func (*DelegatingConcurrentScanner) GetInlineValues 

func (sc *DelegatingConcurrentScanner) GetInlineValues(path string, myRange Range) (values []InlineValue, err error)

func (*DelegatingConcurrentScanner) Init 

func (sc *DelegatingConcurrentScanner) Init() error

func (*DelegatingConcurrentScanner) Scan 

func (sc *DelegatingConcurrentScanner) Scan(
	ctx context.Context,
	path string,
	processResults ScanResultProcessor,
	folderPath string,
)

func (*DelegatingConcurrentScanner) ScanPackages 

func (sc *DelegatingConcurrentScanner) ScanPackages(ctx context.Context, config *config.Config, path string, content string)

type ExampleCommitFix 

type ExampleCommitFix struct {
	CommitURL string             `json:"commitURL"`
	Lines     []CommitChangeLine `json:"lines"`
}

type FakeAuthenticationProvider 

type FakeAuthenticationProvider struct {
	ExpectedAuthURL string
	IsAuthenticated bool
	// contains filtered or unexported fields
}

func NewFakeCliAuthenticationProvider 

func NewFakeCliAuthenticationProvider() *FakeAuthenticationProvider

func (*FakeAuthenticationProvider) AuthURL 

func (a *FakeAuthenticationProvider) AuthURL(_ context.Context) string

func (*FakeAuthenticationProvider) Authenticate 

func (a *FakeAuthenticationProvider) Authenticate(_ context.Context) (string, error)

func (*FakeAuthenticationProvider) ClearAuthentication 

func (a *FakeAuthenticationProvider) ClearAuthentication(_ context.Context) error

func (*FakeAuthenticationProvider) GetCheckAuthenticationFunction 

func (a *FakeAuthenticationProvider) GetCheckAuthenticationFunction() AuthenticationFunction

func (*FakeAuthenticationProvider) SetAuthURL 

func (a *FakeAuthenticationProvider) SetAuthURL(url string)

type IaCIssueData 

type IaCIssueData struct {
	// Unique key identifying an issue in the whole result set
	Key string `json:"key"`
	// Title: title of the issue
	Title string `json:"title"`
	// PublicID: unique identifier for the issue; it is the same as the ScanIssue.ID
	PublicId string `json:"publicId"`
	// Documentation is a URL which is constructed from the PublicID (e.g. https://security.vulnmap.khulnasoft.com/rules/cloud/VULNMAP-CC-K8S-13)
	Documentation string `json:"documentation"`
	// LineNumber: line number of the issue in the file
	LineNumber int `json:"lineNumber"`
	// Issue: will contain the issue description
	Issue string `json:"issue"`
	// Impact: will contain the impact description
	Impact string `json:"impact"`
	// Resolve: will contain the resolution description (not to be confused with Remediation)
	Resolve string `json:"resolve"`
	// Path: path to the issue in the file
	Path []string `json:"path"`
	// References: List of reference URLs
	References []string `json:"references,omitempty"`
}

type InlineValue 

type InlineValue interface {
	Path() string
	Range() Range
	Text() string
	fmt.Stringer
}

type InlineValueProvider 

type InlineValueProvider interface {
	// GetInlineValues returns inline values for a given path and range.
	// This should be a very fast operation.
	GetInlineValues(path string, myRange Range) ([]InlineValue, error)

	// ClearInlineValues clears inline values for a given path.
	ClearInlineValues(path string)
}

InlineValueProvider provides inline values.

type Issue 

type Issue struct {
	// ID uniquely identifies the issue, it is intended to be human-readable
	ID        string
	Severity  Severity
	IssueType Type
	// Range identifies the location of this issue in its source of origin (e.g. line & character start & end)
	Range Range
	// Message is a human-readable description of the issue
	Message string
	// todo [jc] this contains a formatted longest message for hovers, this needs to be pushed up and rendered in presentation. [bd] shouldn't the content and formatting be decided by the product?
	FormattedMessage string
	// AffectedFilePath is the file path to the file where the issue was found
	AffectedFilePath string
	// Product is the Vulnmap product, e.g. Vulnmap Open Source
	Product product.Product // todo: can we avoid it, if it's part of a scanner interface already?
	// References deliver additional information
	References []Reference
	// IssueDescriptionURL contains a Uri to display more information
	IssueDescriptionURL *url.URL
	// CodeActions can contain workspace edits or commands to be executed
	CodeActions []CodeAction
	// CodelensCommands that can be executed via a codelens
	CodelensCommands []CommandData
	// The Ecosystem of the issue, e.g. npm, maven, nuget, etc.
	Ecosystem string
	// A slice of the CWEs of the issue, e.g. CWEs-79
	CWEs []string
	// A slice of the CVEs of the issue
	CVEs []string
	// AdditionalData contains data that can be passed by the product (e.g. for presentation)
	AdditionalData any
}

Issue models a problem, vulnerability, or situation within your code that requires your attention

func (Issue) GetFilterableIssueType 

func (i Issue) GetFilterableIssueType() product.FilterableIssueType

func (Issue) String 

func (i Issue) String() string

type Marker 

type Marker struct {
	Msg CodePoint        `json:"msg"`
	Pos []MarkerPosition `json:"pos"`
}

type MarkerPosition 

type MarkerPosition struct {
	Cols CodePoint `json:"cols"`
	Rows CodePoint `json:"rows"`
	File string    `json:"file"`
}

type MessageAction 

type MessageAction string

type MessageType 

type MessageType int
const (
	Error   MessageType = 1
	Warning MessageType = 2
	Info    MessageType = 3
)

type MockScanNotifier 

type MockScanNotifier struct {
	// contains filtered or unexported fields
}

func NewMockScanNotifier 

func NewMockScanNotifier() *MockScanNotifier

func (*MockScanNotifier) ErrorCalls 

func (m *MockScanNotifier) ErrorCalls() []string

func (*MockScanNotifier) InProgressCalls 

func (m *MockScanNotifier) InProgressCalls() []string

func (*MockScanNotifier) SendError 

func (m *MockScanNotifier) SendError(product product.Product, folderPath string)

func (*MockScanNotifier) SendInProgress 

func (m *MockScanNotifier) SendInProgress(folderPath string)

func (*MockScanNotifier) SendSuccess 

func (m *MockScanNotifier) SendSuccess(product product.Product, folderPath string, issues []Issue)

func (*MockScanNotifier) SendSuccessForAllProducts 

func (m *MockScanNotifier) SendSuccessForAllProducts(folderPath string, issues []Issue)

func (*MockScanNotifier) SuccessCalls 

func (m *MockScanNotifier) SuccessCalls() []string

type OssIssueData 

type OssIssueData struct {
	Key               string      `json:"key"`
	Title             string      `json:"title"`
	Name              string      `json:"name"`
	LineNumber        int         `json:"lineNumber"`
	Description       string      `json:"description"`
	References        []Reference `json:"references,omitempty"`
	Version           string      `json:"version"`
	License           string      `json:"license,omitempty"`
	PackageManager    string      `json:"packageManager"`
	PackageName       string      `json:"packageName"`
	From              []string    `json:"from"`
	FixedIn           []string    `json:"fixedIn,omitempty"`
	UpgradePath       []any       `json:"upgradePath,omitempty"`
	IsUpgradable      bool        `json:"isUpgradable,omitempty"`
	CVSSv3            string      `json:"CVSSv3,omitempty"`
	CvssScore         float64     `json:"cvssScore,omitempty"`
	Exploit           string      `json:"exploit,omitempty"`
	IsPatchable       bool        `json:"isPatchable"`
	ProjectName       string      `json:"projectName"`
	DisplayTargetFile string      `json:"displayTargetFile"`
	Language          string      `json:"language"`
	Details           string      `json:"details"`
}

type PackageScanner 

type PackageScanner interface {
	ScanPackages(ctx context.Context, config *config.Config, path string, content string)
}

type Position 

type Position struct {
	/**
	 * Line position in a document (zero-based).
	 */
	Line int
	/**
	 * Character offset on a line in a document (zero-based).
	 */
	Character int
}

func (Position) String 

func (p Position) String() string

type ProductScanner 

type ProductScanner interface {
	// Scan scans a workspace folder or file for issues, given its path. 'folderPath' provides a path to a workspace folder, if a file needs to be scanned.
	Scan(
		ctx context.Context,
		path string,
		folderPath string,
	) (issues []Issue, err error)

	IsEnabled() bool
	Product() product.Product
}

type Range 

type Range struct {
	/**
	 * The range's start position.
	 */
	Start Position

	/**
	 * The range's end position.
	 */
	End Position
}

func (Range) Contains 

func (r Range) Contains(otherRange Range) bool

Contains returns true if the otherRange is contained within the range

func (Range) Overlaps 

func (r Range) Overlaps(otherRange Range) bool

Overlaps returns true if the otherRange overlaps with the range

func (Range) String 

func (r Range) String() string

type Reference 

type Reference struct {
	Title string
	Url   *url.URL
}

type ScanData 

type ScanData struct {
	Product           product.Product
	Issues            []Issue
	Err               error
	DurationMs        int64
	TimestampFinished time.Time
	Critical          int
	High              int
	Medium            int
	Low               int
	SeverityCount     map[product.Product]SeverityCount
}

type ScanNotifier 

type ScanNotifier interface {
	SendInProgress(folderPath string)
	SendSuccess(product product.Product, folderPath string, issues []Issue)
	SendSuccessForAllProducts(folderPath string, issues []Issue)
	SendError(product product.Product, folderPath string)
}

type ScanResultProcessor 

type ScanResultProcessor = func(scanData ScanData)

type Scanner 

type Scanner interface {
	// Scan scans a workspace folder or file for issues, given its path. 'folderPath' provides a path to a workspace folder, if a file needs to be scanned.
	Scan(
		ctx context.Context,
		path string,
		processResults ScanResultProcessor,
		folderPath string,
	)
	Init() error
}

func NewDelegatingScanner 

func NewDelegatingScanner(
	initializer initialize.Initializer,
	instrumentor performance.Instrumentor,
	analytics ux2.Analytics,
	scanNotifier ScanNotifier,
	vulnmapApiClient vulnmap_api.VulnmapApiClient,
	authService AuthenticationService,
	notifier notification.Notifier,
	scanners ...ProductScanner,
) Scanner

type Severity 

type Severity int8
const (
	Critical Severity = iota
	High
	Medium
	Low
)

func (Severity) String 

func (s Severity) String() string

type SeverityCount 

type SeverityCount struct {
	Critical int
	High     int
	Medium   int
	Low      int
}

type ShowMessageRequest 

type ShowMessageRequest struct {
	Message string                                                 `json:"message"`
	Type    MessageType                                            `json:"type"`
	Actions *data_structure.OrderedMap[MessageAction, CommandData] `json:"actions"`
}

type TestProductScanner 

type TestProductScanner struct {
	// contains filtered or unexported fields
}

func NewTestProductScanner 

func NewTestProductScanner(product product.Product, enabled bool) *TestProductScanner

func (*TestProductScanner) GetInlineValues 

func (t *TestProductScanner) GetInlineValues(_ string, _ Range) ([]InlineValue, error)

func (*TestProductScanner) IsEnabled 

func (t *TestProductScanner) IsEnabled() bool

func (*TestProductScanner) Product 

func (t *TestProductScanner) Product() product.Product

func (*TestProductScanner) Scan 

func (t *TestProductScanner) Scan(ctx context.Context, _ string, _ string) (issues []Issue, err error)

func (*TestProductScanner) Scans 

func (t *TestProductScanner) Scans() int

func (*TestProductScanner) SetScanDuration 

func (t *TestProductScanner) SetScanDuration(duration time.Duration)

type TestScanner 

type TestScanner struct {
	Issues []Issue
	// contains filtered or unexported fields
}

func NewTestScanner 

func NewTestScanner() *TestScanner

func (*TestScanner) AddTestIssue 

func (s *TestScanner) AddTestIssue(issue Issue)

func (*TestScanner) Calls 

func (s *TestScanner) Calls() int

func (*TestScanner) Init 

func (s *TestScanner) Init() error

func (*TestScanner) IsEnabled 

func (s *TestScanner) IsEnabled() bool

func (*TestScanner) Product 

func (s *TestScanner) Product() product.Product

func (*TestScanner) Scan 

func (s *TestScanner) Scan(
	_ context.Context,
	_ string,
	processResults ScanResultProcessor,
	_ string,
)

type TextEdit 

type TextEdit struct {
	/**
	 * The range of the text document to be manipulated. To insert
	 * text into a document create a range where start === end.
	 */
	Range Range

	/**
	 * The string to be inserted. For delete operations use an
	 * empty string.
	 */
	NewText string
}

type Type 

type Type int8

Type of issue, these will typically match 1o1 to Vulnmap product lines but are not necessarily coupled to those. 

const (
	PackageHealth Type = iota
	CodeQualityIssue
	CodeSecurityVulnerability
	LicenceIssue
	DependencyVulnerability
	InfrastructureIssue
	ContainerVulnerability
)

type WorkspaceEdit 

type WorkspaceEdit struct {
	/**
	 * Holds changes to existing resources.
	 */
	Changes map[string][]TextEdit
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.