Documentation
¶
Overview ¶
Package consensus implements the core algorithm for computing agreement between multiple vulnerability scanners.
Mathematical Foundation: Given sets of vulnerabilities from n scanners: V₁, V₂, ..., Vₙ
Definitions:
Consensus (Intersection): C = V₁ ∩ V₂ ∩ ... ∩ Vₙ Vulnerabilities found by ALL scanners
Union: U = V₁ ∪ V₂ ∪ ... ∪ Vₙ All unique vulnerabilities found by ANY scanner
Unique to scanner i: Uᵢ = Vᵢ - (V₁ ∪ ... ∪ Vᵢ₋₁ ∪ Vᵢ₊₁ ∪ ... ∪ Vₙ) Vulnerabilities found ONLY by scanner i
Overlap Percentage: |C| / |U| × 100 Measures agreement between scanners
Algorithm Complexity Analysis: Let n = number of scanners, m = average vulnerabilities per scanner
- Time Complexity: O(n × m) for building sets + O(m) for intersection Overall: O(n × m)
- Space Complexity: O(n × m) for storing all vulnerability sets
Confidence Scoring: - HIGH: Found by all scanners (consensus) - MEDIUM: Found by majority of scanners (>50%) - LOW: Found by only one scanner
Index ¶
- type Analyzer
- func (a *Analyzer) Analyze(target string, results []models.ScanResult) *models.ConsensusResult
- func (a *Analyzer) CalculateConfidence(occ *VulnerabilityOccurrence, totalScanners int) ConfidenceScore
- func (a *Analyzer) ComputeStatistics(result *models.ConsensusResult) Statistics
- func (a *Analyzer) GetVulnerabilityConfidences(results []models.ScanResult) map[string]ConfidenceScore
- type ConfidenceScore
- type Statistics
- type VulnerabilityOccurrence
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Analyzer ¶
type Analyzer struct {
// contains filtered or unexported fields
}
Analyzer computes consensus metrics from multiple scanner results.
func (*Analyzer) Analyze ¶
func (a *Analyzer) Analyze(target string, results []models.ScanResult) *models.ConsensusResult
Analyze computes the consensus between scan results from multiple scanners.
Algorithm Steps: 1. Extract vulnerabilities from each successful scan 2. Build a map of vulnerability key -> list of scanners that found it 3. Compute intersection (consensus) - vulns found by ALL scanners 4. Compute unique findings - vulns found by ONLY one scanner 5. Calculate overlap percentage and confidence levels
Time Complexity: O(n × m) where n = scanners, m = avg vulnerabilities Space Complexity: O(n × m) for the vulnerability map
func (*Analyzer) CalculateConfidence ¶
func (a *Analyzer) CalculateConfidence(occ *VulnerabilityOccurrence, totalScanners int) ConfidenceScore
CalculateConfidence determines confidence level for a vulnerability.
func (*Analyzer) ComputeStatistics ¶
func (a *Analyzer) ComputeStatistics(result *models.ConsensusResult) Statistics
ComputeStatistics calculates detailed statistics from the analysis.
func (*Analyzer) GetVulnerabilityConfidences ¶
func (a *Analyzer) GetVulnerabilityConfidences(results []models.ScanResult) map[string]ConfidenceScore
GetVulnerabilityConfidences returns confidence scores for all vulnerabilities.
type ConfidenceScore ¶
type ConfidenceScore struct {
Level models.ConfidenceLevel
Scanners []string
Percentage float64
}
ConfidenceScore calculates confidence for a vulnerability based on scanner agreement.
type Statistics ¶
type Statistics struct {
TotalVulnerabilities int
ConsensusCount int
UniqueCount map[string]int
OverlapPercentage float64
SeverityDistribution map[models.Severity]int
ConsensusBySeverity map[models.Severity]int
HighConfidenceCount int
MediumConfidenceCount int
LowConfidenceCount int
ScannerAgreementMatrix map[string]map[string]int
}
Statistics holds computed statistics about the consensus analysis.
type VulnerabilityOccurrence ¶
type VulnerabilityOccurrence struct {
Vulnerability models.Vulnerability
Scanners []string
ScannerSet map[string]struct{}
Count int
}
VulnerabilityOccurrence tracks which scanners found a vulnerability.
Source Files