Documentation
¶
Index ¶
- type CPEMatch
- type CVEConfig
- type CVEData
- type CVEDatabase
- type CVEDescription
- type CVEItem
- type CVEMetrics
- type CVENode
- type CVEReference
- type CVEResponse
- type CVSSData
- type CVSSMetric
- type GitHubAdvisory
- type GitHubAdvisoryDatabase
- func (db *GitHubAdvisoryDatabase) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
- func (db *GitHubAdvisoryDatabase) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
- func (db *GitHubAdvisoryDatabase) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
- func (db *GitHubAdvisoryDatabase) Update(ctx context.Context) error
- type GitHubCVSS
- type GitHubCWE
- type GitHubCredit
- type GitHubIdentifier
- type GitHubPackage
- type GitHubReference
- type GitHubVulnerability
- type Manager
- func (m *Manager) AddDatabase(name string, db types.VulnerabilityDatabase)
- func (m *Manager) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
- func (m *Manager) GetDatabaseCount() int
- func (m *Manager) GetDatabaseNames() []string
- func (m *Manager) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
- func (m *Manager) RemoveDatabase(name string)
- func (m *Manager) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
- func (m *Manager) UpdateConfiguration(config *ManagerConfig)
- type ManagerConfig
- type OSVAffected
- type OSVDatabase
- func (db *OSVDatabase) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
- func (db *OSVDatabase) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
- func (db *OSVDatabase) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
- func (db *OSVDatabase) Update(ctx context.Context) error
- type OSVEvent
- type OSVPackage
- type OSVQueryRequest
- type OSVRange
- type OSVReference
- type OSVResponse
- type OSVSeverity
- type OSVVulnerability
- type VulnerabilityDatabase
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CPEMatch ¶
type CPEMatch struct {
Vulnerable bool `json:"vulnerable"`
Criteria string `json:"criteria"`
VersionStartIncluding string `json:"versionStartIncluding"`
VersionStartExcluding string `json:"versionStartExcluding"`
VersionEndIncluding string `json:"versionEndIncluding"`
VersionEndExcluding string `json:"versionEndExcluding"`
MatchCriteriaId string `json:"matchCriteriaId"`
}
type CVEData ¶
type CVEData struct {
ID string `json:"id"`
SourceIdentifier string `json:"sourceIdentifier"`
Published string `json:"published"`
LastModified string `json:"lastModified"`
VulnStatus string `json:"vulnStatus"`
Descriptions []CVEDescription `json:"descriptions"`
Metrics CVEMetrics `json:"metrics"`
Configurations []CVEConfig `json:"configurations"`
References []CVEReference `json:"references"`
}
type CVEDatabase ¶
type CVEDatabase struct {
// contains filtered or unexported fields
}
CVEDatabase implements vulnerability database using CVE data
func NewCVEDatabase ¶
func NewCVEDatabase() *CVEDatabase
NewCVEDatabase creates a new CVE database client
func (*CVEDatabase) CheckVulnerabilities ¶
func (db *CVEDatabase) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
CheckVulnerabilities checks for vulnerabilities in a package
func (*CVEDatabase) GetVulnerabilityByID ¶
func (db *CVEDatabase) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
GetVulnerabilityByID retrieves a specific vulnerability by ID
func (*CVEDatabase) SearchVulnerabilities ¶
func (db *CVEDatabase) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
SearchVulnerabilities searches for vulnerabilities by query
type CVEDescription ¶
type CVEMetrics ¶
type CVEMetrics struct {
CvssMetricV31 []CVSSMetric `json:"cvssMetricV31"`
CvssMetricV30 []CVSSMetric `json:"cvssMetricV30"`
CvssMetricV2 []CVSSMetric `json:"cvssMetricV2"`
}
type CVEReference ¶
type CVEResponse ¶
type CVEResponse struct {
ResultsPerPage int `json:"resultsPerPage"`
StartIndex int `json:"startIndex"`
TotalResults int `json:"totalResults"`
Format string `json:"format"`
Version string `json:"version"`
Timestamp string `json:"timestamp"`
Vulnerabilities []CVEItem `json:"vulnerabilities"`
}
CVEResponse represents the response from NIST CVE API
type CVSSData ¶
type CVSSData struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AttackVector string `json:"attackVector"`
AttackComplexity string `json:"attackComplexity"`
PrivilegesRequired string `json:"privilegesRequired"`
UserInteraction string `json:"userInteraction"`
Scope string `json:"scope"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
}
type CVSSMetric ¶
type GitHubAdvisory ¶
type GitHubAdvisory struct {
GHSAID string `json:"ghsa_id"`
CVEID string `json:"cve_id"`
URL string `json:"url"`
HTMLURL string `json:"html_url"`
RepositoryAdvisoryURL string `json:"repository_advisory_url"`
Summary string `json:"summary"`
Description string `json:"description"`
Type string `json:"type"`
Severity string `json:"severity"`
SourceCodeLocation string `json:"source_code_location"`
Identifiers []GitHubIdentifier `json:"identifiers"`
References []GitHubReference `json:"references"`
PublishedAt string `json:"published_at"`
UpdatedAt string `json:"updated_at"`
WithdrawnAt string `json:"withdrawn_at"`
Vulnerabilities []GitHubVulnerability `json:"vulnerabilities"`
CVSS GitHubCVSS `json:"cvss"`
CWEs []GitHubCWE `json:"cwes"`
Credits []GitHubCredit `json:"credits"`
}
GitHubAdvisory represents a GitHub Security Advisory
type GitHubAdvisoryDatabase ¶
type GitHubAdvisoryDatabase struct {
// contains filtered or unexported fields
}
GitHubAdvisoryDatabase implements vulnerability database using GitHub Security Advisory API GitHub Security Advisory Database is a comprehensive, open-source vulnerability database
func NewGitHubAdvisoryDatabase ¶
func NewGitHubAdvisoryDatabase(apiToken string) *GitHubAdvisoryDatabase
NewGitHubAdvisoryDatabase creates a new GitHub Advisory database client
func (*GitHubAdvisoryDatabase) CheckVulnerabilities ¶
func (db *GitHubAdvisoryDatabase) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
CheckVulnerabilities checks for vulnerabilities in a package using GitHub Advisory API
func (*GitHubAdvisoryDatabase) GetVulnerabilityByID ¶
func (db *GitHubAdvisoryDatabase) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
GetVulnerabilityByID retrieves a specific vulnerability by ID from GitHub
func (*GitHubAdvisoryDatabase) SearchVulnerabilities ¶
func (db *GitHubAdvisoryDatabase) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
SearchVulnerabilities searches for vulnerabilities by query
type GitHubCVSS ¶
GitHubCVSS represents CVSS information
type GitHubCredit ¶
GitHubCredit represents advisory credits
type GitHubIdentifier ¶
GitHubIdentifier represents advisory identifiers
type GitHubPackage ¶
GitHubPackage represents a package
type GitHubReference ¶
type GitHubReference struct {
URL string `json:"url"`
}
GitHubReference represents external references
type GitHubVulnerability ¶
type GitHubVulnerability struct {
Package GitHubPackage `json:"package"`
Severity string `json:"severity"`
VulnerableVersionRange string `json:"vulnerable_version_range"`
FirstPatchedVersion string `json:"first_patched_version"`
}
GitHubVulnerability represents vulnerable packages
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager coordinates multiple vulnerability databases
func NewManager ¶
func NewManager(config *ManagerConfig) *Manager
NewManager creates a new vulnerability database manager
func (*Manager) AddDatabase ¶
func (m *Manager) AddDatabase(name string, db types.VulnerabilityDatabase)
AddDatabase adds a vulnerability database to the manager
func (*Manager) CheckVulnerabilities ¶
CheckVulnerabilities checks for vulnerabilities across all configured databases
func (*Manager) GetDatabaseCount ¶
GetDatabaseCount returns the number of configured databases
func (*Manager) GetDatabaseNames ¶
GetDatabaseNames returns the names of all configured databases
func (*Manager) GetVulnerabilityByID ¶
func (m *Manager) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
GetVulnerabilityByID retrieves a vulnerability by ID from the first available database
func (*Manager) RemoveDatabase ¶
RemoveDatabase removes a vulnerability database from the manager
func (*Manager) SearchVulnerabilities ¶
func (m *Manager) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
SearchVulnerabilities searches for vulnerabilities across all databases
func (*Manager) UpdateConfiguration ¶
func (m *Manager) UpdateConfiguration(config *ManagerConfig)
UpdateConfiguration updates the manager configuration
type ManagerConfig ¶
type ManagerConfig struct {
Databases []types.VulnerabilityDatabaseConfig `json:"databases"`
ParallelQueries bool `json:"parallel_queries"`
Timeout time.Duration `json:"timeout"`
CacheEnabled bool `json:"cache_enabled"`
CacheTTL time.Duration `json:"cache_ttl"`
Priority []string `json:"priority"` // Database priority order
MergeResults bool `json:"merge_results"`
DeduplicateByID bool `json:"deduplicate_by_id"`
RefreshInterval time.Duration `json:"refresh_interval"`
}
ManagerConfig contains configuration for the vulnerability manager
type OSVAffected ¶
type OSVAffected struct {
Package OSVPackage `json:"package"`
Ranges []OSVRange `json:"ranges"`
Versions []string `json:"versions,omitempty"`
EcosystemSpecific map[string]interface{} `json:"ecosystem_specific,omitempty"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}
OSVAffected represents affected packages/versions
type OSVDatabase ¶
type OSVDatabase struct {
// contains filtered or unexported fields
}
OSVDatabase implements vulnerability database using Google's OSV API OSV (Open Source Vulnerabilities) is a comprehensive, open-source vulnerability database
func NewOSVDatabase ¶
func NewOSVDatabase() *OSVDatabase
NewOSVDatabase creates a new OSV database client
func (*OSVDatabase) CheckVulnerabilities ¶
func (db *OSVDatabase) CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
CheckVulnerabilities checks for vulnerabilities in a package using OSV API
func (*OSVDatabase) GetVulnerabilityByID ¶
func (db *OSVDatabase) GetVulnerabilityByID(id string) (*types.Vulnerability, error)
GetVulnerabilityByID retrieves a specific vulnerability by ID from OSV
func (*OSVDatabase) SearchVulnerabilities ¶
func (db *OSVDatabase) SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
SearchVulnerabilities searches for vulnerabilities by query
type OSVEvent ¶
type OSVEvent struct {
Introduced string `json:"introduced,omitempty"`
Fixed string `json:"fixed,omitempty"`
LastAffected string `json:"last_affected,omitempty"`
Limit string `json:"limit,omitempty"`
}
OSVEvent represents version events
type OSVPackage ¶
OSVPackage represents a package in OSV format
type OSVQueryRequest ¶
type OSVQueryRequest struct {
Package *OSVPackage `json:"package,omitempty"`
Version string `json:"version,omitempty"`
Commit string `json:"commit,omitempty"`
}
OSVQueryRequest represents a query to the OSV API
type OSVRange ¶
type OSVRange struct {
Type string `json:"type"`
Repo string `json:"repo,omitempty"`
Events []OSVEvent `json:"events"`
}
OSVRange represents version ranges
type OSVReference ¶
OSVReference represents external references
type OSVResponse ¶
type OSVResponse struct {
Vulns []OSVVulnerability `json:"vulns"`
}
OSVResponse represents the response from OSV API
type OSVSeverity ¶
OSVSeverity represents severity information
type OSVVulnerability ¶
type OSVVulnerability struct {
ID string `json:"id"`
Summary string `json:"summary"`
Details string `json:"details"`
Aliases []string `json:"aliases"`
Modified string `json:"modified"`
Published string `json:"published"`
Withdrawn string `json:"withdrawn,omitempty"`
Affected []OSVAffected `json:"affected"`
References []OSVReference `json:"references"`
Severity []OSVSeverity `json:"severity"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}
OSVVulnerability represents a vulnerability in OSV format
type VulnerabilityDatabase ¶
type VulnerabilityDatabase interface {
CheckVulnerabilities(pkg *types.Package) ([]*types.Vulnerability, error)
GetVulnerabilityByID(id string) (*types.Vulnerability, error)
SearchVulnerabilities(query string) ([]*types.Vulnerability, error)
}
VulnerabilityDatabase provides access to vulnerability information
Source Files