Documentation
¶
Overview ¶
Package normalizer provides functionality for normalizing vulnerability data from different scanner outputs into a unified format.
Design Philosophy: Each scanner has its own JSON schema and data representation. The normalizer serves as an anti-corruption layer that: 1. Isolates the core domain from external schema changes 2. Provides consistent data regardless of source 3. Handles missing/malformed fields gracefully 4. Enables new scanner integration without affecting existing code
Error Handling Strategy: - Missing fields: Use sensible defaults - Malformed data: Log warning, skip individual record, continue processing - Empty responses: Return empty slice (not error) - Invalid JSON: Return error (unrecoverable)
Index ¶
- type Normalizer
- func (n *Normalizer) FilterBySeverity(vulns []models.Vulnerability, minSeverity models.Severity) []models.Vulnerability
- func (n *Normalizer) GroupByPackage(vulns []models.Vulnerability) map[string][]models.Vulnerability
- func (n *Normalizer) GroupByScanner(vulns []models.Vulnerability) map[string][]models.Vulnerability
- func (n *Normalizer) GroupBySeverity(vulns []models.Vulnerability) map[models.Severity][]models.Vulnerability
- func (n *Normalizer) MergeVulnerabilities(results []models.ScanResult) map[string][]models.Vulnerability
- func (n *Normalizer) NormalizeResults(results []models.ScanResult) []models.Vulnerability
- type Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Normalizer ¶
type Normalizer struct {
// contains filtered or unexported fields
}
Normalizer handles the normalization of vulnerability data from multiple sources.
func NewNormalizer ¶
func NewNormalizer(opts ...Option) *Normalizer
NewNormalizer creates a new Normalizer with the given options.
func (*Normalizer) FilterBySeverity ¶
func (n *Normalizer) FilterBySeverity(vulns []models.Vulnerability, minSeverity models.Severity) []models.Vulnerability
FilterBySeverity returns only vulnerabilities at or above the given severity.
func (*Normalizer) GroupByPackage ¶
func (n *Normalizer) GroupByPackage(vulns []models.Vulnerability) map[string][]models.Vulnerability
GroupByPackage organizes vulnerabilities by package name.
func (*Normalizer) GroupByScanner ¶
func (n *Normalizer) GroupByScanner(vulns []models.Vulnerability) map[string][]models.Vulnerability
GroupByScanner organizes vulnerabilities by scanner.
func (*Normalizer) GroupBySeverity ¶
func (n *Normalizer) GroupBySeverity(vulns []models.Vulnerability) map[models.Severity][]models.Vulnerability
GroupBySeverity organizes vulnerabilities by their severity level.
func (*Normalizer) MergeVulnerabilities ¶
func (n *Normalizer) MergeVulnerabilities(results []models.ScanResult) map[string][]models.Vulnerability
MergeVulnerabilities combines vulnerabilities from multiple sources, tracking which scanners found each vulnerability.
This is useful for consensus analysis where we need to know which scanners agree on a vulnerability.
func (*Normalizer) NormalizeResults ¶
func (n *Normalizer) NormalizeResults(results []models.ScanResult) []models.Vulnerability
NormalizeResults takes scan results from multiple scanners and produces a unified, normalized list of vulnerabilities.
Processing Steps: 1. Extract vulnerabilities from all results 2. Normalize severity values 3. Clean and validate fields 4. Optionally deduplicate 5. Sort by severity (highest first)
Time Complexity: O(n log n) where n is total vulnerabilities Space Complexity: O(n) for storing all vulnerabilities
type Option ¶
type Option func(*Normalizer)
Option is a functional option for configuring the Normalizer.
func WithDeduplication ¶
WithDeduplication enables or disables deduplication.
func WithSeverityNormalization ¶
WithSeverityNormalization enables or disables severity normalization.
Source Files