Documentation
¶
Index ¶
- func ParseIntervalListQueryParam(intervalQuery string, def []time.Duration) ([]time.Duration, error)
- func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, ...)
- type APIServices
- type DigestHandler
- type EvidenceActivity
- type EvidenceActivityStep
- type EvidenceComponent
- type EvidenceCreateRequest
- type EvidenceHandler
- func (h *EvidenceHandler) ComplianceByControl(ctx echo.Context) error
- func (h *EvidenceHandler) ComplianceByFilter(ctx echo.Context) error
- func (h *EvidenceHandler) Create(ctx echo.Context) error
- func (h *EvidenceHandler) ForControl(ctx echo.Context) error
- func (h *EvidenceHandler) Get(ctx echo.Context) error
- func (h *EvidenceHandler) History(ctx echo.Context) error
- func (h *EvidenceHandler) Latest(ctx echo.Context) error
- func (h *EvidenceHandler) Register(api *echo.Group)
- func (h *EvidenceHandler) Search(ctx echo.Context) error
- func (h *EvidenceHandler) StatusOverTime(ctx echo.Context) error
- func (h *EvidenceHandler) StatusOverTimeByUUID(ctx echo.Context) error
- type EvidenceInventoryItem
- type EvidenceSubject
- type FilterHandler
- func (h *FilterHandler) Create(ctx echo.Context) error
- func (h *FilterHandler) Delete(ctx echo.Context) error
- func (h *FilterHandler) Get(ctx echo.Context) error
- func (h *FilterHandler) ImportFilters(ctx echo.Context) error
- func (h *FilterHandler) List(ctx echo.Context) error
- func (h *FilterHandler) Register(api *echo.Group)
- func (h *FilterHandler) Update(ctx echo.Context) error
- type FilterImportFileResult
- type FilterImportResponse
- type FilterWithAssociations
- type GenericDataListResponse
- type GenericDataResponse
- type HealthHandler
- type HeartbeatCreateRequest
- type HeartbeatHandler
- type OscalLikeEvidence
- type PoamItemsHandler
- func (h *PoamItemsHandler) AddControlLink(c echo.Context) error
- func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error
- func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error
- func (h *PoamItemsHandler) AddMilestone(c echo.Context) error
- func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error
- func (h *PoamItemsHandler) Create(c echo.Context) error
- func (h *PoamItemsHandler) Delete(c echo.Context) error
- func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error
- func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error
- func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error
- func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error
- func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error
- func (h *PoamItemsHandler) Get(c echo.Context) error
- func (h *PoamItemsHandler) List(c echo.Context) error
- func (h *PoamItemsHandler) ListControls(c echo.Context) error
- func (h *PoamItemsHandler) ListEvidence(c echo.Context) error
- func (h *PoamItemsHandler) ListFindings(c echo.Context) error
- func (h *PoamItemsHandler) ListMilestones(c echo.Context) error
- func (h *PoamItemsHandler) ListRisks(c echo.Context) error
- func (h *PoamItemsHandler) Register(g *echo.Group)
- func (h *PoamItemsHandler) RegisterSSPScoped(g *echo.Group)
- func (h *PoamItemsHandler) Update(c echo.Context) error
- func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error
- type RiskHandler
- func (h *RiskHandler) Accept(ctx echo.Context) error
- func (h *RiskHandler) AcceptForSSP(ctx echo.Context) error
- func (h *RiskHandler) AddComponentLink(ctx echo.Context) error
- func (h *RiskHandler) AddComponentLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) AddControlLink(ctx echo.Context) error
- func (h *RiskHandler) AddControlLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) AddEvidenceLink(ctx echo.Context) error
- func (h *RiskHandler) AddEvidenceLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) AddSubjectLink(ctx echo.Context) error
- func (h *RiskHandler) AddThreatRef(ctx echo.Context) error
- func (h *RiskHandler) AddThreatRefForSSP(ctx echo.Context) error
- func (h *RiskHandler) Create(ctx echo.Context) error
- func (h *RiskHandler) CreateForSSP(ctx echo.Context) error
- func (h *RiskHandler) CreateRemediationTemplate(ctx echo.Context) error
- func (h *RiskHandler) CreateRemediationTemplateForSSP(ctx echo.Context) error
- func (h *RiskHandler) Delete(ctx echo.Context) error
- func (h *RiskHandler) DeleteComponentLink(ctx echo.Context) error
- func (h *RiskHandler) DeleteComponentLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) DeleteControlLink(ctx echo.Context) error
- func (h *RiskHandler) DeleteControlLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) DeleteEvidenceLink(ctx echo.Context) error
- func (h *RiskHandler) DeleteEvidenceLinkForSSP(ctx echo.Context) error
- func (h *RiskHandler) DeleteForSSP(ctx echo.Context) error
- func (h *RiskHandler) DeleteRemediationTemplate(ctx echo.Context) error
- func (h *RiskHandler) DeleteRemediationTemplateForSSP(ctx echo.Context) error
- func (h *RiskHandler) DeleteThreatRef(ctx echo.Context) error
- func (h *RiskHandler) DeleteThreatRefForSSP(ctx echo.Context) error
- func (h *RiskHandler) Get(ctx echo.Context) error
- func (h *RiskHandler) GetComponentLinks(ctx echo.Context) error
- func (h *RiskHandler) GetComponentLinksForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetControlLinks(ctx echo.Context) error
- func (h *RiskHandler) GetControlLinksForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetEvents(ctx echo.Context) error
- func (h *RiskHandler) GetEventsForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetEvidenceLinks(ctx echo.Context) error
- func (h *RiskHandler) GetEvidenceLinksForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetRemediationTemplate(ctx echo.Context) error
- func (h *RiskHandler) GetRemediationTemplateForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetReviews(ctx echo.Context) error
- func (h *RiskHandler) GetReviewsForSSP(ctx echo.Context) error
- func (h *RiskHandler) GetSubjectLinks(ctx echo.Context) error
- func (h *RiskHandler) GetThreatRef(ctx echo.Context) error
- func (h *RiskHandler) GetThreatRefForSSP(ctx echo.Context) error
- func (h *RiskHandler) List(ctx echo.Context) error
- func (h *RiskHandler) ListForSSP(ctx echo.Context) error
- func (h *RiskHandler) ListThreatRefs(ctx echo.Context) error
- func (h *RiskHandler) ListThreatRefsForSSP(ctx echo.Context) error
- func (h *RiskHandler) Register(api *echo.Group)
- func (h *RiskHandler) RegisterSSPScoped(api *echo.Group)
- func (h *RiskHandler) Review(ctx echo.Context) error
- func (h *RiskHandler) ReviewForSSP(ctx echo.Context) error
- func (h *RiskHandler) Update(ctx echo.Context) error
- func (h *RiskHandler) UpdateForSSP(ctx echo.Context) error
- func (h *RiskHandler) UpdateThreatRef(ctx echo.Context) error
- func (h *RiskHandler) UpdateThreatRefForSSP(ctx echo.Context) error
- func (h *RiskHandler) UpsertRemediationTemplate(ctx echo.Context) error
- func (h *RiskHandler) UpsertRemediationTemplateForSSP(ctx echo.Context) error
- type StatusInterval
- type SubscriptionsResponse
- type UpdateSubscriptionsRequest
- type UserHandler
- func (h *UserHandler) ChangeLoggedInUserPassword(ctx echo.Context) error
- func (h *UserHandler) ChangePassword(ctx echo.Context) error
- func (h *UserHandler) CreateUser(ctx echo.Context) error
- func (h *UserHandler) DeleteUser(ctx echo.Context) error
- func (h *UserHandler) GetMe(ctx echo.Context) error
- func (h *UserHandler) GetPublicUser(ctx echo.Context) error
- func (h *UserHandler) GetSubscriptions(ctx echo.Context) error
- func (h *UserHandler) GetUser(ctx echo.Context) error
- func (h *UserHandler) ListSelectableUsers(ctx echo.Context) error
- func (h *UserHandler) ListUsers(ctx echo.Context) error
- func (h *UserHandler) Register(api *echo.Group)
- func (h *UserHandler) RegisterPublicRoutes(api *echo.Group)
- func (h *UserHandler) RegisterSelfRoutes(api *echo.Group)
- func (h *UserHandler) UpdateSubscriptions(ctx echo.Context) error
- func (h *UserHandler) UpdateUser(ctx echo.Context) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterHandlers ¶
func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, services *APIServices)
Types ¶
type APIServices ¶ added in v0.13.0
type APIServices struct {
EvidenceService *evidencesvc.EvidenceService
RiskEnqueuer evidencesvc.RiskJobEnqueuer
DigestService *digest.Service
WorkflowManager *workflow.Manager
NotificationEnqueuer workflow.NotificationEnqueuer
DAGExecutor *workflow.DAGExecutor
}
APIServices contains all services needed by API handlers
type DigestHandler ¶ added in v0.9.0
type DigestHandler struct {
// contains filtered or unexported fields
}
DigestHandler handles digest-related API endpoints
func NewDigestHandler ¶ added in v0.9.0
func NewDigestHandler(digestService *digest.Service, logger *zap.SugaredLogger) *DigestHandler
NewDigestHandler creates a new digest handler
func (*DigestHandler) PreviewDigest ¶ added in v0.9.0
func (h *DigestHandler) PreviewDigest(ctx echo.Context) error
PreviewDigest godoc
@Summary Preview evidence digest
@Description Returns the current evidence summary that would be included in a digest email
@Tags Digest
@Produce json
@Success 200 {object} GenericDataResponse[digest.EvidenceSummary]
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/digest/preview [get]
func (*DigestHandler) Register ¶ added in v0.9.0
func (h *DigestHandler) Register(api *echo.Group)
Register registers the digest endpoints
func (*DigestHandler) TriggerDigest ¶ added in v0.9.0
func (h *DigestHandler) TriggerDigest(ctx echo.Context) error
TriggerDigest godoc
@Summary Trigger evidence digest
@Description Manually triggers the evidence digest job to send emails to all users
@Tags Digest
@Produce json
@Param job query string false "Job name to trigger (default: global-evidence-digest)"
@Success 200 {object} map[string]string
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/digest/trigger [post]
type EvidenceActivity ¶
type EvidenceActivity struct {
UUID uuid.UUID
Title string
Description string
Remarks string
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
Steps []EvidenceActivityStep
}
type EvidenceActivityStep ¶
type EvidenceActivityStep struct {
UUID uuid.UUID
Title string
Description string
Remarks string
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
}
type EvidenceComponent ¶
type EvidenceComponent struct {
// components/common/ssh
// components/common/github-repository
// components/common/github-organisation
// components/common/ubuntu-22
// components/internal/auth-policy
Identifier string
// Software
// Service
Type string
Title string
Description string
Remarks string
Purpose string
Protocols []oscalTypes_1_1_3.Protocol
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
}
type EvidenceCreateRequest ¶
type EvidenceCreateRequest struct {
// UUID needs to remain consistent for a piece of evidence being collected periodically.
// It represents the "stream" of the same observation being made over time.
// For the same checks, performed on the same machine, the UUID for each check should remain the same.
// For the same check, performed on two different machines, the UUID should differ.
UUID uuid.UUID
Title string
Description string
Remarks *string
// Assigning labels to Evidence makes it searchable and easily usable in the UI
Labels map[string]string
// When did we start collecting the evidence, and when did the process end, and how long is it valid for ?
Start time.Time
End time.Time
Expires *time.Time
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
BackMatter *oscalTypes_1_1_3.BackMatter `json:"back-matter,omitempty"`
// Who or What is generating this evidence
Origins []oscalTypes_1_1_3.Origin
// What steps did we take to create this evidence
Activities []EvidenceActivity
InventoryItems []EvidenceInventoryItem
// Which components of the subject are being observed. A tool, user, policy etc.
Components []EvidenceComponent
// Who or What are we providing evidence for. What's under test.
Subjects []EvidenceSubject
// Did we satisfy what was being tested for, or did we fail ?
Status oscalTypes_1_1_3.ObjectiveStatus
}
type EvidenceHandler ¶
type EvidenceHandler struct {
// contains filtered or unexported fields
}
func NewEvidenceHandler ¶
func NewEvidenceHandler(sugar *zap.SugaredLogger, evidenceService *evidencesvc.EvidenceService) *EvidenceHandler
func (*EvidenceHandler) ComplianceByControl ¶
func (h *EvidenceHandler) ComplianceByControl(ctx echo.Context) error
ComplianceByControl godoc
@Summary Get compliance counts by control
@Description Retrieves the count of evidence statuses for filters associated with a specific Control ID.
@Tags Evidence
@Produce json
@Param id path string true "Control ID"
@Success 200 {object} GenericDataListResponse[evidence.StatusCount]
@Failure 500 {object} api.Error
@Router /evidence/compliance-by-control/{id} [get]
func (*EvidenceHandler) ComplianceByFilter ¶ added in v0.5.0
func (h *EvidenceHandler) ComplianceByFilter(ctx echo.Context) error
ComplianceByFilter godoc
@Summary Get compliance status counts by filter/dashboard ID
@Description Retrieves the count of evidence statuses for a specific filter/dashboard.
@Tags Evidence
@Produce json
@Param id path string true "Filter/Dashboard ID (UUID)"
@Success 200 {object} GenericDataListResponse[evidence.StatusCount]
@Failure 400 {object} api.Error "Invalid UUID"
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/compliance-by-filter/{id} [get]
func (*EvidenceHandler) Create ¶
func (h *EvidenceHandler) Create(ctx echo.Context) error
Create godoc
@Summary Create new Evidence
@Description Creates a new Evidence record including activities, inventory items, components, and subjects.
@Tags Evidence
@Accept json
@Produce json
@Param evidence body EvidenceCreateRequest true "Evidence create request"
@Success 201 {object} GenericDataResponse[relational.Evidence]
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /evidence [post]
func (*EvidenceHandler) ForControl ¶
func (h *EvidenceHandler) ForControl(ctx echo.Context) error
ForControl godoc
@Summary List Evidence for a Control
@Description Retrieves Evidence records associated with a specific Control ID, including related activities, inventory items, components, subjects, and labels.
@Tags Evidence
@Produce json
@Param id path string true "Control ID"
@Success 200 {object} handler.ForControl.EvidenceDataListResponse
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/for-control/{id} [get]
func (*EvidenceHandler) Get ¶
func (h *EvidenceHandler) Get(ctx echo.Context) error
Get godoc
@Summary Get Evidence by ID
@Description Retrieves a single Evidence record by its unique ID, including associated activities, inventory items, components, subjects, and labels.
@Tags Evidence
@Produce json
@Param id path string true "Evidence ID"
@Success 200 {object} GenericDataResponse[OscalLikeEvidence]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/{id} [get]
func (*EvidenceHandler) History ¶
func (h *EvidenceHandler) History(ctx echo.Context) error
History godoc
@Summary Get Evidence history by UUID
@Description Retrieves a the history for a Evidence record by its UUID, including associated activities, inventory items, components, subjects, and labels.
@Tags Evidence
@Produce json
@Param id path string true "Evidence UUID"
@Success 200 {object} GenericDataListResponse[OscalLikeEvidence]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/history/{id} [get]
func (*EvidenceHandler) Latest ¶ added in v0.13.0
func (h *EvidenceHandler) Latest(ctx echo.Context) error
Latest godoc
@Summary Get latest Evidence by UUID
@Description Retrieves the most recent Evidence record for a given UUID stream, including associated activities, inventory items, components, subjects, and labels.
@Tags Evidence
@Produce json
@Param id path string true "Evidence UUID"
@Success 200 {object} GenericDataResponse[OscalLikeEvidence]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/latest/{id} [get]
func (*EvidenceHandler) Register ¶
func (h *EvidenceHandler) Register(api *echo.Group)
func (*EvidenceHandler) Search ¶
func (h *EvidenceHandler) Search(ctx echo.Context) error
Search godoc
@Summary Search Evidence
@Description Searches Evidence records by label filters.
@Tags Evidence
@Accept json
@Produce json
@Param filter body labelfilter.Filter true "Label filter"
@Success 200 {object} GenericDataListResponse[relational.Evidence]
@Failure 422 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/search [post]
func (*EvidenceHandler) StatusOverTime ¶
func (h *EvidenceHandler) StatusOverTime(ctx echo.Context) error
StatusOverTime godoc
@Summary Evidence status metrics over intervals
@Description Retrieves counts of evidence statuses at various time intervals based on a label filter.
@Tags Evidence
@Accept json
@Produce json
@Param filter body labelfilter.Filter true "Label filter"
@Param intervals query string false "Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success 200 {object} handler.GenericDataListResponse[StatusInterval]
@Failure 400 {object} api.Error
@Failure 422 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/status-over-time [post]
func (*EvidenceHandler) StatusOverTimeByUUID ¶
func (h *EvidenceHandler) StatusOverTimeByUUID(ctx echo.Context) error
StatusOverTimeByUUID godoc
@Summary Evidence status metrics over intervals by UUID
@Description Retrieves counts of evidence statuses at various time intervals for a specific evidence stream identified by UUID.
@Tags Evidence
@Produce json
@Param id path string true "Evidence UUID"
@Param intervals query string false "Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success 200 {object} handler.GenericDataListResponse[StatusInterval]
@Failure 400 {object} api.Error
@Failure 422 {object} api.Error
@Failure 500 {object} api.Error
@Router /evidence/status-over-time/{id} [get]
type EvidenceInventoryItem ¶
type EvidenceInventoryItem struct {
// user/chris@linguine.tech
// operating-system/ubuntu/22.4
// web-server/ec2/i-12345
Identifier string
// "operating-system" description="System software that manages computer hardware, software resources, and provides common services for computer programs."
// "database" description="An electronic collection of data, or information, that is specially organized for rapid search and retrieval."
// "web-server" description="A system that delivers content or services to end users over the Internet or an intranet."
// "dns-server" description="A system that resolves domain names to internet protocol (IP) addresses."
// "email-server" description="A computer system that sends and receives electronic mail messages."
// "directory-server" description="A system that stores, organizes and provides access to directory information in order to unify network resources."
// "pbx" description="A private branch exchange (PBX) provides a a private telephone switchboard."
// "firewall" description="A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules."
// "router" description="A physical or virtual networking device that forwards data packets between computer networks."
// "switch" description="A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device."
// "storage-array" description="A consolidated, block-level data storage capability."
// "appliance" description="A physical or virtual machine that centralizes hardware, software, or services for a specific purpose."
Type string
Title string
Description string
Remarks string
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
ImplementedComponents []struct {
Identifier string
}
}
type EvidenceSubject ¶
type EvidenceSubject struct {
Identifier string
// InventoryItem
// Component
Type string
Description string
Remarks string
Props []oscalTypes_1_1_3.Property
Links []oscalTypes_1_1_3.Link
}
type FilterHandler ¶
type FilterHandler struct {
// contains filtered or unexported fields
}
FilterHandler handles CRUD operations for filters.
func NewFilterHandler ¶
func NewFilterHandler(sugar *zap.SugaredLogger, db *gorm.DB) *FilterHandler
func (*FilterHandler) Create ¶
func (h *FilterHandler) Create(ctx echo.Context) error
Create godoc
@Summary Create a new filter
@Description Creates a new filter.
@Tags Filters
@Accept json
@Produce json
@Param filter body createFilterRequest true "Filter to add"
@Success 201 {object} GenericDataResponse[relational.Filter]
@Failure 400 {object} api.Error
@Failure 422 {object} api.Error
@Failure 500 {object} api.Error
@Router /filters [post]
func (*FilterHandler) Delete ¶
func (h *FilterHandler) Delete(ctx echo.Context) error
Delete godoc
@Summary Delete a filter
@Description Deletes a filter.
@Tags Filters
@Param id path string true "Filter ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /filters/{id} [delete]
func (*FilterHandler) Get ¶
func (h *FilterHandler) Get(ctx echo.Context) error
Get godoc
@Summary Get a filter
@Description Retrieves a single filter by its unique ID.
@Tags Filters
@Produce json
@Param id path string true "Filter ID"
@Success 200 {object} GenericDataResponse[FilterWithAssociations]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /filters/{id} [get]
func (*FilterHandler) ImportFilters ¶ added in v0.7.0
func (h *FilterHandler) ImportFilters(ctx echo.Context) error
ImportFilters godoc
@Summary Import dashboard filters
@Description Import multiple dashboard filter JSON files
@Tags Filters
@Accept multipart/form-data
@Produce json
@Param files formData file true "Dashboard filter JSON files to import"
@Success 200 {object} GenericDataResponse[FilterImportResponse]
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Router /filters/import [post]
func (*FilterHandler) List ¶
func (h *FilterHandler) List(ctx echo.Context) error
List godoc
@Summary List filters
@Description Retrieves all filters, optionally filtered by controlId or componentId.
@Tags Filters
@Produce json
@Success 200 {object} GenericDataListResponse[FilterWithAssociations]
@Failure 500 {object} api.Error
@Router /filters [get]
func (*FilterHandler) Register ¶
func (h *FilterHandler) Register(api *echo.Group)
Register registers the filter endpoints.
func (*FilterHandler) Update ¶
func (h *FilterHandler) Update(ctx echo.Context) error
Update godoc
@Summary Update a filter
@Description Updates an existing filter.
@Tags Filters
@Accept json
@Produce json
@Param id path string true "Filter ID"
@Param filter body createFilterRequest true "Filter to update"
@Success 200 {object} GenericDataResponse[relational.Filter]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Router /filters/{id} [put]
type FilterImportFileResult ¶ added in v0.7.0
type FilterImportResponse ¶ added in v0.7.0
type FilterImportResponse struct {
TotalFiles int `json:"total_files"`
SuccessfulCount int `json:"successful_count"`
FailedCount int `json:"failed_count"`
TotalDashboards int `json:"total_dashboards"`
Results []FilterImportFileResult `json:"results"`
}
type FilterWithAssociations ¶ added in v0.9.0
type FilterWithAssociations struct {
relational.Filter
Controls []oscalTypes_1_1_3.Control `json:"controls"`
Components []oscalTypes_1_1_3.SystemComponent `json:"components"`
}
type GenericDataListResponse ¶
type GenericDataListResponse[T any] struct { // Items from the list response Data []T `json:"data" yaml:"data"` }
type GenericDataResponse ¶
type GenericDataResponse[T any] struct { // Items from the list response Data T `json:"data" yaml:"data"` }
type HealthHandler ¶ added in v0.5.0
type HealthHandler struct {
// contains filtered or unexported fields
}
func NewHealthHandler ¶ added in v0.5.0
func NewHealthHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HealthHandler
func (*HealthHandler) Health ¶ added in v0.5.0
func (h *HealthHandler) Health(ctx echo.Context) error
func (*HealthHandler) Register ¶ added in v0.5.0
func (h *HealthHandler) Register(api *echo.Group)
type HeartbeatCreateRequest ¶
type HeartbeatHandler ¶
type HeartbeatHandler struct {
// contains filtered or unexported fields
}
func NewHeartbeatHandler ¶
func NewHeartbeatHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HeartbeatHandler
func (*HeartbeatHandler) Create ¶
func (h *HeartbeatHandler) Create(ctx echo.Context) error
Create godoc
@Summary Create Heartbeat
@Description Creates a new heartbeat record for monitoring.
@Tags Heartbeat
@Accept json
@Produce json
@Param heartbeat body HeartbeatCreateRequest true "Heartbeat payload"
@Success 201 "Created"
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Router /agent/heartbeat [post]
func (*HeartbeatHandler) OverTime ¶
func (h *HeartbeatHandler) OverTime(ctx echo.Context) error
OverTime godoc
@Summary Get Heartbeat Metrics Over Time
@Description Retrieves heartbeat counts aggregated by 2-minute intervals.
@Tags Heartbeat
@Produce json
@Success 200 {object} handler.GenericDataListResponse[handler.OverTime.HeartbeatInterval]
@Failure 500 {object} api.Error
@Router /agent/heartbeat/over-time [get]
func (*HeartbeatHandler) Register ¶
func (h *HeartbeatHandler) Register(api *echo.Group)
type OscalLikeEvidence ¶
type OscalLikeEvidence struct {
relational.Evidence
BackMatter *oscalTypes_1_1_3.BackMatter `json:"back-matter,omitempty"`
Props []oscalTypes_1_1_3.Property `json:"props"`
Links []oscalTypes_1_1_3.Link `json:"links"`
Origins []oscalTypes_1_1_3.Origin `json:"origins,omitempty"`
Activities []oscalTypes_1_1_3.Activity `json:"activities,omitempty"`
InventoryItems []oscalTypes_1_1_3.InventoryItem `json:"inventory-items,omitempty"`
Components []oscalTypes_1_1_3.SystemComponent `json:"components,omitempty"`
Subjects []oscalTypes_1_1_3.AssessmentSubject `json:"subjects,omitempty"`
Status oscalTypes_1_1_3.ObjectiveStatus `json:"status"`
}
func (*OscalLikeEvidence) FromEvidence ¶
func (o *OscalLikeEvidence) FromEvidence(evidence *relational.Evidence) error
type PoamItemsHandler ¶ added in v0.13.0
type PoamItemsHandler struct {
// contains filtered or unexported fields
}
PoamItemsHandler handles all HTTP requests for POAM items and their sub-resources. It delegates all persistence to PoamService and never imports gorm directly for data access.
func NewPoamItemsHandler ¶ added in v0.13.0
func NewPoamItemsHandler(svc *poamsvc.PoamService, sugar *zap.SugaredLogger) *PoamItemsHandler
NewPoamItemsHandler constructs a PoamItemsHandler.
func (*PoamItemsHandler) AddControlLink ¶ added in v0.13.0
func (h *PoamItemsHandler) AddControlLink(c echo.Context) error
AddControlLink godoc
@Summary Add a control link
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body poamControlRefRequest true "Control ref payload"
@Success 201 {object} GenericDataResponse[poamsvc.PoamItemControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/controls [post]
func (*PoamItemsHandler) AddEvidenceLink ¶ added in v0.13.0
func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error
AddEvidenceLink godoc
@Summary Add an evidence link
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body addLinkRequest true "Evidence ID payload"
@Success 201 {object} GenericDataResponse[poamsvc.PoamItemEvidenceLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/evidence [post]
func (*PoamItemsHandler) AddFindingLink ¶ added in v0.13.0
func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error
AddFindingLink godoc
@Summary Add a finding link
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body addLinkRequest true "Finding ID payload"
@Success 201 {object} GenericDataResponse[poamsvc.PoamItemFindingLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/findings [post]
func (*PoamItemsHandler) AddMilestone ¶ added in v0.13.0
func (h *PoamItemsHandler) AddMilestone(c echo.Context) error
AddMilestone godoc
@Summary Add a milestone to a POAM item
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body createMilestoneRequest true "Milestone payload"
@Success 201 {object} GenericDataResponse[milestoneResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/milestones [post]
func (*PoamItemsHandler) AddRiskLink ¶ added in v0.13.0
func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error
AddRiskLink godoc
@Summary Add a risk link
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body addLinkRequest true "Risk ID payload"
@Success 201 {object} GenericDataResponse[poamsvc.PoamItemRiskLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/risks [post]
func (*PoamItemsHandler) Create ¶ added in v0.13.0
func (h *PoamItemsHandler) Create(c echo.Context) error
Create godoc
@Summary Create a POAM item
@Tags POAM Items
@Accept json
@Produce json
@Param body body createPoamItemRequest true "POAM item payload"
@Success 201 {object} GenericDataResponse[poamItemResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items [post]
func (*PoamItemsHandler) Delete ¶ added in v0.13.0
func (h *PoamItemsHandler) Delete(c echo.Context) error
Delete godoc
@Summary Delete a POAM item
@Tags POAM Items
@Param id path string true "POAM item ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id} [delete]
func (*PoamItemsHandler) DeleteControlLink ¶ added in v0.13.0
func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error
DeleteControlLink godoc
@Summary Delete a control link
@Tags POAM Items
@Param id path string true "POAM item ID"
@Param catalogId path string true "Catalog ID"
@Param controlId path string true "Control ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/controls/{catalogId}/{controlId} [delete]
func (*PoamItemsHandler) DeleteEvidenceLink ¶ added in v0.13.0
func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error
DeleteEvidenceLink godoc
@Summary Delete an evidence link
@Tags POAM Items
@Param id path string true "POAM item ID"
@Param evidenceId path string true "Evidence ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/evidence/{evidenceId} [delete]
func (*PoamItemsHandler) DeleteFindingLink ¶ added in v0.13.0
func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error
DeleteFindingLink godoc
@Summary Delete a finding link
@Tags POAM Items
@Param id path string true "POAM item ID"
@Param findingId path string true "Finding ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/findings/{findingId} [delete]
func (*PoamItemsHandler) DeleteMilestone ¶ added in v0.13.0
func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error
DeleteMilestone godoc
@Summary Delete a milestone
@Tags POAM Items
@Param id path string true "POAM item ID"
@Param milestoneId path string true "Milestone ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/milestones/{milestoneId} [delete]
func (*PoamItemsHandler) DeleteRiskLink ¶ added in v0.13.0
func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error
DeleteRiskLink godoc
@Summary Delete a risk link
@Tags POAM Items
@Param id path string true "POAM item ID"
@Param riskId path string true "Risk ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/risks/{riskId} [delete]
func (*PoamItemsHandler) Get ¶ added in v0.13.0
func (h *PoamItemsHandler) Get(c echo.Context) error
Get godoc
@Summary Get a POAM item
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataResponse[poamItemResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id} [get]
func (*PoamItemsHandler) List ¶ added in v0.13.0
func (h *PoamItemsHandler) List(c echo.Context) error
List godoc
@Summary List POAM items
@Tags POAM Items
@Produce json
@Param status query string false "Filter by status (open|in-progress|completed|overdue)"
@Param sspId query string false "Filter by SSP UUID"
@Param riskId query string false "Filter by linked risk UUID"
@Param deadlineBefore query string false "Filter by planned_completion_date before (RFC3339)"
@Param overdueOnly query bool false "Return only overdue items"
@Param ownerRef query string false "Filter by primary_owner_user_id UUID"
@Success 200 {object} GenericDataListResponse[poamItemResponse]
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items [get]
func (*PoamItemsHandler) ListControls ¶ added in v0.13.0
func (h *PoamItemsHandler) ListControls(c echo.Context) error
ListControls godoc
@Summary List linked controls
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataListResponse[poamsvc.PoamItemControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/controls [get]
func (*PoamItemsHandler) ListEvidence ¶ added in v0.13.0
func (h *PoamItemsHandler) ListEvidence(c echo.Context) error
ListEvidence godoc
@Summary List linked evidence
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataListResponse[poamsvc.PoamItemEvidenceLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/evidence [get]
func (*PoamItemsHandler) ListFindings ¶ added in v0.13.0
func (h *PoamItemsHandler) ListFindings(c echo.Context) error
ListFindings godoc
@Summary List linked findings
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataListResponse[poamsvc.PoamItemFindingLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/findings [get]
func (*PoamItemsHandler) ListMilestones ¶ added in v0.13.0
func (h *PoamItemsHandler) ListMilestones(c echo.Context) error
ListMilestones godoc
@Summary List milestones for a POAM item
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataListResponse[milestoneResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/milestones [get]
func (*PoamItemsHandler) ListRisks ¶ added in v0.13.0
func (h *PoamItemsHandler) ListRisks(c echo.Context) error
ListRisks godoc
@Summary List linked risks
@Tags POAM Items
@Produce json
@Param id path string true "POAM item ID"
@Success 200 {object} GenericDataListResponse[poamsvc.PoamItemRiskLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/risks [get]
func (*PoamItemsHandler) Register ¶ added in v0.13.0
func (h *PoamItemsHandler) Register(g *echo.Group)
Register mounts all POAM routes onto the given Echo group. JWT middleware is applied at the group level in api.go.
func (*PoamItemsHandler) RegisterSSPScoped ¶ added in v0.13.0
func (h *PoamItemsHandler) RegisterSSPScoped(g *echo.Group)
RegisterSSPScoped mounts all POAM routes under an SSP-scoped group (e.g. /system-security-plans/:sspId/poam-items). The :sspId path param is extracted and injected into list/create filters automatically.
func (*PoamItemsHandler) Update ¶ added in v0.13.0
func (h *PoamItemsHandler) Update(c echo.Context) error
Update godoc
@Summary Update a POAM item
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param body body updatePoamItemRequest true "Update payload"
@Success 200 {object} GenericDataResponse[poamItemResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id} [put]
func (*PoamItemsHandler) UpdateMilestone ¶ added in v0.13.0
func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error
UpdateMilestone godoc
@Summary Update a milestone
@Tags POAM Items
@Accept json
@Produce json
@Param id path string true "POAM item ID"
@Param milestoneId path string true "Milestone ID"
@Param body body updateMilestoneRequest true "Milestone update payload"
@Success 200 {object} GenericDataResponse[milestoneResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /poam-items/{id}/milestones/{milestoneId} [put]
type RiskHandler ¶ added in v0.13.0
type RiskHandler struct {
// contains filtered or unexported fields
}
func NewRiskHandler ¶ added in v0.13.0
func NewRiskHandler(sugar *zap.SugaredLogger, db *gorm.DB) *RiskHandler
func (*RiskHandler) Accept ¶ added in v0.13.0
func (h *RiskHandler) Accept(ctx echo.Context) error
Accept godoc
@Summary Accept risk
@Description Accepts a risk with required justification and a future review deadline.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param body body acceptRiskRequest true "Accept payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/accept [post]
func (*RiskHandler) AcceptForSSP ¶ added in v0.13.0
func (h *RiskHandler) AcceptForSSP(ctx echo.Context) error
AcceptForSSP godoc
@Summary Accept risk for SSP
@Description Accepts a risk by ID scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param body body acceptRiskRequest true "Accept payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/accept [post]
func (*RiskHandler) AddComponentLink ¶ added in v0.13.0
func (h *RiskHandler) AddComponentLink(ctx echo.Context) error
AddComponentLink godoc
@Summary Link component to risk
@Description Idempotently links a component to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param link body addComponentLinkRequest true "Component link payload"
@Success 201 {object} GenericDataResponse[risks.RiskComponentLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/components [post]
func (*RiskHandler) AddComponentLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) AddComponentLinkForSSP(ctx echo.Context) error
AddComponentLinkForSSP godoc
@Summary Link component to risk for SSP
@Description Idempotently links a component to a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param link body addComponentLinkRequest true "Component link payload"
@Success 201 {object} GenericDataResponse[risks.RiskComponentLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/components [post]
func (*RiskHandler) AddControlLink ¶ added in v0.13.0
func (h *RiskHandler) AddControlLink(ctx echo.Context) error
AddControlLink godoc
@Summary Link control to risk
@Description Idempotently links a control to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param link body addControlLinkRequest true "Control link payload"
@Success 201 {object} GenericDataResponse[risks.RiskControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/controls [post]
func (*RiskHandler) AddControlLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) AddControlLinkForSSP(ctx echo.Context) error
AddControlLinkForSSP godoc
@Summary Link control to risk for SSP
@Description Idempotently links a control to a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param link body addControlLinkRequest true "Control link payload"
@Success 201 {object} GenericDataResponse[risks.RiskControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/controls [post]
func (*RiskHandler) AddEvidenceLink ¶ added in v0.13.0
func (h *RiskHandler) AddEvidenceLink(ctx echo.Context) error
AddEvidenceLink godoc
@Summary Link evidence to risk
@Description Idempotently links an evidence item to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param link body addEvidenceLinkRequest true "Evidence link payload"
@Success 201 {object} GenericDataResponse[risks.RiskEvidenceLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/evidence [post]
func (*RiskHandler) AddEvidenceLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) AddEvidenceLinkForSSP(ctx echo.Context) error
AddEvidenceLinkForSSP godoc
@Summary Link evidence to risk for SSP
@Description Idempotently links an evidence item to a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param link body addEvidenceLinkRequest true "Evidence link payload"
@Success 201 {object} GenericDataResponse[risks.RiskEvidenceLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/evidence [post]
func (*RiskHandler) AddSubjectLink ¶ added in v0.13.0
func (h *RiskHandler) AddSubjectLink(ctx echo.Context) error
AddSubjectLink godoc
@Summary Link subject to risk
@Description Idempotently links a subject to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param link body addSubjectLinkRequest true "Subject link payload"
@Success 201 {object} GenericDataResponse[risks.RiskSubjectLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/subjects [post]
func (*RiskHandler) AddThreatRef ¶ added in v0.13.0
func (h *RiskHandler) AddThreatRef(ctx echo.Context) error
AddThreatRef godoc
@Summary Add risk threat reference
@Description Adds a threat reference to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param threat body threatIDRequest true "Threat reference payload"
@Success 201 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/threat-ids [post]
func (*RiskHandler) AddThreatRefForSSP ¶ added in v0.13.0
func (h *RiskHandler) AddThreatRefForSSP(ctx echo.Context) error
AddThreatRefForSSP godoc
@Summary Add risk threat reference for SSP
@Description Adds a threat reference to a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param threat body threatIDRequest true "Threat reference payload"
@Success 201 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/threat-ids [post]
func (*RiskHandler) Create ¶ added in v0.13.0
func (h *RiskHandler) Create(ctx echo.Context) error
Create godoc
@Summary Create risk
@Description Creates a risk register entry.
@Tags Risks
@Accept json
@Produce json
@Param risk body createRiskRequest true "Risk payload"
@Success 201 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks [post]
func (*RiskHandler) CreateForSSP ¶ added in v0.13.0
func (h *RiskHandler) CreateForSSP(ctx echo.Context) error
CreateForSSP godoc
@Summary Create risk for SSP
@Description Creates a risk register entry scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param risk body createRiskRequest true "Risk payload"
@Success 201 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks [post]
func (*RiskHandler) CreateRemediationTemplate ¶ added in v0.13.0
func (h *RiskHandler) CreateRemediationTemplate(ctx echo.Context) error
CreateRemediationTemplate godoc
@Summary Create risk remediation template
@Description Creates a remediation template for a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param template body remediationTemplateRequest true "Remediation template payload"
@Success 201 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 409 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/remediation-template [post]
func (*RiskHandler) CreateRemediationTemplateForSSP ¶ added in v0.13.0
func (h *RiskHandler) CreateRemediationTemplateForSSP(ctx echo.Context) error
CreateRemediationTemplateForSSP godoc
@Summary Create risk remediation template for SSP
@Description Creates a remediation template for a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param template body remediationTemplateRequest true "Remediation template payload"
@Success 201 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 409 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [post]
func (*RiskHandler) Delete ¶ added in v0.13.0
func (h *RiskHandler) Delete(ctx echo.Context) error
Delete godoc
@Summary Delete risk
@Description Deletes a risk register entry and link rows by ID.
@Tags Risks
@Param id path string true "Risk ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id} [delete]
func (*RiskHandler) DeleteComponentLink ¶ added in v0.13.0
func (h *RiskHandler) DeleteComponentLink(ctx echo.Context) error
DeleteComponentLink godoc
@Summary Delete risk component link
@Description Deletes the link between a risk and component.
@Tags Risks
@Param id path string true "Risk ID"
@Param componentId path string true "Component ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/components/{componentId} [delete]
func (*RiskHandler) DeleteComponentLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteComponentLinkForSSP(ctx echo.Context) error
DeleteComponentLinkForSSP godoc
@Summary Delete risk component link for SSP
@Description Deletes the link between a risk and component scoped to an SSP.
@Tags Risks
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param componentId path string true "Component ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/components/{componentId} [delete]
func (*RiskHandler) DeleteControlLink ¶ added in v0.13.0
func (h *RiskHandler) DeleteControlLink(ctx echo.Context) error
DeleteControlLink godoc
@Summary Delete risk control link
@Description Deletes the link between a risk and control.
@Tags Risks
@Param id path string true "Risk ID"
@Param catalogId path string true "Catalog ID"
@Param controlId path string true "Control ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/controls/{catalogId}/{controlId} [delete]
func (*RiskHandler) DeleteControlLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteControlLinkForSSP(ctx echo.Context) error
DeleteControlLinkForSSP godoc
@Summary Delete risk control link for SSP
@Description Deletes the link between a risk and control scoped to an SSP.
@Tags Risks
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param catalogId path string true "Catalog ID"
@Param controlId path string true "Control ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/controls/{catalogId}/{controlId} [delete]
func (*RiskHandler) DeleteEvidenceLink ¶ added in v0.13.0
func (h *RiskHandler) DeleteEvidenceLink(ctx echo.Context) error
DeleteEvidenceLink godoc
@Summary Delete risk evidence link
@Description Deletes the link between a risk and evidence item.
@Tags Risks
@Param id path string true "Risk ID"
@Param evidenceId path string true "Evidence ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/evidence/{evidenceId} [delete]
func (*RiskHandler) DeleteEvidenceLinkForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteEvidenceLinkForSSP(ctx echo.Context) error
DeleteEvidenceLinkForSSP godoc
@Summary Delete risk evidence link for SSP
@Description Deletes the link between a risk and evidence item scoped to an SSP.
@Tags Risks
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param evidenceId path string true "Evidence ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/evidence/{evidenceId} [delete]
func (*RiskHandler) DeleteForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteForSSP(ctx echo.Context) error
DeleteForSSP godoc
@Summary Delete risk for SSP
@Description Deletes a risk register entry by ID scoped to an SSP.
@Tags Risks
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Success 204 "No Content"
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id} [delete]
func (*RiskHandler) DeleteRemediationTemplate ¶ added in v0.13.0
func (h *RiskHandler) DeleteRemediationTemplate(ctx echo.Context) error
DeleteRemediationTemplate godoc
@Summary Delete risk remediation template
@Description Deletes the remediation template linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/remediation-template [delete]
func (*RiskHandler) DeleteRemediationTemplateForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteRemediationTemplateForSSP(ctx echo.Context) error
DeleteRemediationTemplateForSSP godoc
@Summary Delete risk remediation template for SSP
@Description Deletes the remediation template linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [delete]
func (*RiskHandler) DeleteThreatRef ¶ added in v0.13.0
func (h *RiskHandler) DeleteThreatRef(ctx echo.Context) error
DeleteThreatRef godoc
@Summary Delete risk threat reference
@Description Deletes a threat reference linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/threat-ids/{threatRefId} [delete]
func (*RiskHandler) DeleteThreatRefForSSP ¶ added in v0.13.0
func (h *RiskHandler) DeleteThreatRefForSSP(ctx echo.Context) error
DeleteThreatRefForSSP godoc
@Summary Delete risk threat reference for SSP
@Description Deletes a threat reference linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Success 204
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [delete]
func (*RiskHandler) Get ¶ added in v0.13.0
func (h *RiskHandler) Get(ctx echo.Context) error
Get godoc
@Summary Get risk
@Description Retrieves a risk register entry by ID.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id} [get]
func (*RiskHandler) GetComponentLinks ¶ added in v0.13.0
func (h *RiskHandler) GetComponentLinks(ctx echo.Context) error
GetComponentLinks godoc
@Summary List risk component links
@Description Lists components linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskComponentLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/components [get]
func (*RiskHandler) GetComponentLinksForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetComponentLinksForSSP(ctx echo.Context) error
GetComponentLinksForSSP godoc
@Summary List risk component links for SSP
@Description Lists components linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskComponentLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/components [get]
func (*RiskHandler) GetControlLinks ¶ added in v0.13.0
func (h *RiskHandler) GetControlLinks(ctx echo.Context) error
GetControlLinks godoc
@Summary List risk control links
@Description Lists controls linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/controls [get]
func (*RiskHandler) GetControlLinksForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetControlLinksForSSP(ctx echo.Context) error
GetControlLinksForSSP godoc
@Summary List risk control links for SSP
@Description Lists controls linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskControlLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/controls [get]
func (*RiskHandler) GetEvents ¶ added in v0.13.0
func (h *RiskHandler) GetEvents(ctx echo.Context) error
GetEvents godoc
@Summary List risk events
@Description Lists events for a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskEvent]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/events [get]
func (*RiskHandler) GetEventsForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetEventsForSSP(ctx echo.Context) error
GetEventsForSSP godoc
@Summary List risk events for SSP
@Description Lists events for a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskEvent]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/events [get]
func (*RiskHandler) GetEvidenceLinks ¶ added in v0.13.0
func (h *RiskHandler) GetEvidenceLinks(ctx echo.Context) error
GetEvidenceLinks godoc
@Summary List risk evidence links
@Description Lists evidence IDs linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[uuid.UUID]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/evidence [get]
func (*RiskHandler) GetEvidenceLinksForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetEvidenceLinksForSSP(ctx echo.Context) error
GetEvidenceLinksForSSP godoc
@Summary List risk evidence links for SSP
@Description Lists evidence IDs linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[uuid.UUID]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/evidence [get]
func (*RiskHandler) GetForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetForSSP(ctx echo.Context) error
GetForSSP godoc
@Summary Get risk for SSP
@Description Retrieves a risk register entry by ID scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id} [get]
func (*RiskHandler) GetRemediationTemplate ¶ added in v0.13.0
func (h *RiskHandler) GetRemediationTemplate(ctx echo.Context) error
GetRemediationTemplate godoc
@Summary Get risk remediation template
@Description Gets the remediation template linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Success 200 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/remediation-template [get]
func (*RiskHandler) GetRemediationTemplateForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetRemediationTemplateForSSP(ctx echo.Context) error
GetRemediationTemplateForSSP godoc
@Summary Get risk remediation template for SSP
@Description Gets the remediation template linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Success 200 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [get]
func (*RiskHandler) GetReviews ¶ added in v0.13.0
func (h *RiskHandler) GetReviews(ctx echo.Context) error
GetReviews godoc
@Summary List risk audit trail
@Description Lists risk reviews (audit trail) for a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskReview]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/reviews [get]
func (*RiskHandler) GetReviewsForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetReviewsForSSP(ctx echo.Context) error
GetReviewsForSSP godoc
@Summary List risk audit trail for SSP
@Description Lists risk reviews (audit trail) for a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskReview]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/reviews [get]
func (*RiskHandler) GetSubjectLinks ¶ added in v0.13.0
func (h *RiskHandler) GetSubjectLinks(ctx echo.Context) error
GetSubjectLinks godoc
@Summary List risk subject links
@Description Lists subjects linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[risks.RiskSubjectLink]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/subjects [get]
func (*RiskHandler) GetThreatRef ¶ added in v0.13.0
func (h *RiskHandler) GetThreatRef(ctx echo.Context) error
GetThreatRef godoc
@Summary Get risk threat reference
@Description Gets a threat reference linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Success 200 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/threat-ids/{threatRefId} [get]
func (*RiskHandler) GetThreatRefForSSP ¶ added in v0.13.0
func (h *RiskHandler) GetThreatRefForSSP(ctx echo.Context) error
GetThreatRefForSSP godoc
@Summary Get risk threat reference for SSP
@Description Gets a threat reference linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Success 200 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [get]
func (*RiskHandler) List ¶ added in v0.13.0
func (h *RiskHandler) List(ctx echo.Context) error
List godoc
@Summary List risks
@Description Lists risk register entries with filtering, sorting, and pagination.
@Tags Risks
@Produce json
@Param status query string false "Risk status"
@Param likelihood query string false "Risk likelihood"
@Param impact query string false "Risk impact"
@Param sspId query string false "SSP ID"
@Param controlId query string false "Control ID"
@Param componentId query string false "Component ID"
@Param evidenceId query string false "Evidence ID"
@Param ownerKind query string false "Owner kind"
@Param ownerRef query string false "Owner reference"
@Param reviewDeadlineBefore query string false "Review deadline upper bound (RFC3339)"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Param sort query string false "Sort field"
@Param order query string false "Sort order (asc|desc)"
@Success 200 {object} svc.ListResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks [get]
func (*RiskHandler) ListForSSP ¶ added in v0.13.0
func (h *RiskHandler) ListForSSP(ctx echo.Context) error
ListForSSP godoc
@Summary List risks for SSP
@Description Lists risk register entries scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param status query string false "Risk status"
@Param likelihood query string false "Risk likelihood"
@Param impact query string false "Risk impact"
@Param controlId query string false "Control ID"
@Param componentId query string false "Component ID"
@Param evidenceId query string false "Evidence ID"
@Param ownerKind query string false "Owner kind"
@Param ownerRef query string false "Owner reference"
@Param reviewDeadlineBefore query string false "Review deadline upper bound (RFC3339)"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Param sort query string false "Sort field"
@Param order query string false "Sort order (asc|desc)"
@Success 200 {object} svc.ListResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks [get]
func (*RiskHandler) ListThreatRefs ¶ added in v0.13.0
func (h *RiskHandler) ListThreatRefs(ctx echo.Context) error
ListThreatRefs godoc
@Summary List risk threat references
@Description Lists threat references linked to a risk.
@Tags Risks
@Produce json
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/threat-ids [get]
func (*RiskHandler) ListThreatRefsForSSP ¶ added in v0.13.0
func (h *RiskHandler) ListThreatRefsForSSP(ctx echo.Context) error
ListThreatRefsForSSP godoc
@Summary List risk threat references for SSP
@Description Lists threat references linked to a risk scoped to an SSP.
@Tags Risks
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param page query int false "Page number"
@Param limit query int false "Page size"
@Success 200 {object} svc.ListResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/threat-ids [get]
func (*RiskHandler) Register ¶ added in v0.13.0
func (h *RiskHandler) Register(api *echo.Group)
func (*RiskHandler) RegisterSSPScoped ¶ added in v0.13.0
func (h *RiskHandler) RegisterSSPScoped(api *echo.Group)
func (*RiskHandler) Review ¶ added in v0.13.0
func (h *RiskHandler) Review(ctx echo.Context) error
Review godoc
@Summary Review risk
@Description Records a structured review. For decision=extend, nextReviewDeadline is required and risk must be risk-accepted. For decision=reopen, nextReviewDeadline must be omitted and risk must be risk-accepted. For decision=reassess, likelihood and impact are required, nextReviewDeadline must be omitted, and risk must be open/investigating/mitigating-implemented.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param body body reviewRiskRequest true "Review payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/review [post]
func (*RiskHandler) ReviewForSSP ¶ added in v0.13.0
func (h *RiskHandler) ReviewForSSP(ctx echo.Context) error
ReviewForSSP godoc
@Summary Review risk for SSP
@Description Records a risk review by ID scoped to an SSP. For decision=extend, nextReviewDeadline is required and risk must be risk-accepted. For decision=reopen, nextReviewDeadline must be omitted and risk must be risk-accepted. For decision=reassess, likelihood and impact are required, nextReviewDeadline must be omitted, and risk must be open/investigating/mitigating-implemented.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param body body reviewRiskRequest true "Review payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/review [post]
func (*RiskHandler) Update ¶ added in v0.13.0
func (h *RiskHandler) Update(ctx echo.Context) error
Update godoc
@Summary Update risk
@Description Updates a risk register entry by ID.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param risk body updateRiskRequest true "Risk payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id} [put]
func (*RiskHandler) UpdateForSSP ¶ added in v0.13.0
func (h *RiskHandler) UpdateForSSP(ctx echo.Context) error
UpdateForSSP godoc
@Summary Update risk for SSP
@Description Updates a risk register entry by ID scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param risk body updateRiskRequest true "Risk payload"
@Success 200 {object} GenericDataResponse[riskResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id} [put]
func (*RiskHandler) UpdateThreatRef ¶ added in v0.13.0
func (h *RiskHandler) UpdateThreatRef(ctx echo.Context) error
UpdateThreatRef godoc
@Summary Update risk threat reference
@Description Updates a threat reference linked to a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Param threat body threatIDRequest true "Threat reference payload"
@Success 200 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/threat-ids/{threatRefId} [put]
func (*RiskHandler) UpdateThreatRefForSSP ¶ added in v0.13.0
func (h *RiskHandler) UpdateThreatRefForSSP(ctx echo.Context) error
UpdateThreatRefForSSP godoc
@Summary Update risk threat reference for SSP
@Description Updates a threat reference linked to a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param threatRefId path string true "Threat reference ID"
@Param threat body threatIDRequest true "Threat reference payload"
@Success 200 {object} GenericDataResponse[threatIDResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [put]
func (*RiskHandler) UpsertRemediationTemplate ¶ added in v0.13.0
func (h *RiskHandler) UpsertRemediationTemplate(ctx echo.Context) error
UpsertRemediationTemplate godoc
@Summary Upsert risk remediation template
@Description Replaces or creates the remediation template for a risk.
@Tags Risks
@Accept json
@Produce json
@Param id path string true "Risk ID"
@Param template body remediationTemplateRequest true "Remediation template payload"
@Success 200 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /risks/{id}/remediation-template [put]
func (*RiskHandler) UpsertRemediationTemplateForSSP ¶ added in v0.13.0
func (h *RiskHandler) UpsertRemediationTemplateForSSP(ctx echo.Context) error
UpsertRemediationTemplateForSSP godoc
@Summary Upsert risk remediation template for SSP
@Description Replaces or creates the remediation template for a risk scoped to an SSP.
@Tags Risks
@Accept json
@Produce json
@Param sspId path string true "SSP ID"
@Param id path string true "Risk ID"
@Param template body remediationTemplateRequest true "Remediation template payload"
@Success 200 {object} GenericDataResponse[remediationTemplateResponse]
@Failure 400 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [put]
type StatusInterval ¶
type StatusInterval struct {
Interval time.Time `json:"interval"`
Statuses []evidencesvc.StatusCount `json:"statuses"`
}
type SubscriptionsResponse ¶ added in v0.12.0
type UpdateSubscriptionsRequest ¶ added in v0.12.0
type UserHandler ¶ added in v0.4.2
type UserHandler struct {
// contains filtered or unexported fields
}
func NewUserHandler ¶ added in v0.4.2
func NewUserHandler(sugar *zap.SugaredLogger, db *gorm.DB) *UserHandler
func (*UserHandler) ChangeLoggedInUserPassword ¶ added in v0.4.2
func (h *UserHandler) ChangeLoggedInUserPassword(ctx echo.Context) error
ChangeLoggedInUserPassword godoc
@Summary Change password for logged-in user
@Description Changes the password for the currently logged-in user
@Tags Users
@Accept json
@Produce json
@Param changePasswordRequest body handler.UserHandler.ChangeLoggedInUserPassword.changePasswordRequest true "Change Password Request"
@Success 204 {object} nil
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/me/change-password [post]
func (*UserHandler) ChangePassword ¶ added in v0.4.2
func (h *UserHandler) ChangePassword(ctx echo.Context) error
ChangePassword godoc
@Summary Change password for a specific user
@Description Changes the password for a user by ID
@Tags Users
@Accept json
@Produce json
@Param id path string true "User ID"
@Param changePasswordRequest body handler.UserHandler.ChangePassword.changePasswordRequest true "Change Password Request"
@Success 204 {object} nil
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/{id}/change-password [post]
func (*UserHandler) CreateUser ¶ added in v0.4.2
func (h *UserHandler) CreateUser(ctx echo.Context) error
CreateUser godoc
@Summary Create a new user
@Description Creates a new user in the system
@Tags Users
@Accept json
@Produce json
@Param user body handler.UserHandler.CreateUser.createUserRequest true "User details"
@Success 201 {object} handler.GenericDataResponse[relational.User]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 409 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/users [post]
func (*UserHandler) DeleteUser ¶ added in v0.4.2
func (h *UserHandler) DeleteUser(ctx echo.Context) error
DeleteUser godoc
@Summary Delete a user
@Description Deletes a user from the system
@Tags Users
@Param id path string true "User ID"
@Success 204 {object} nil
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/users/{id} [delete]
func (*UserHandler) GetMe ¶ added in v0.4.2
func (h *UserHandler) GetMe(ctx echo.Context) error
GetMe godoc
@Summary Get logged-in user details
@Description Retrieves the details of the currently logged-in user
@Tags Users
@Produce json
@Success 200 {object} handler.GenericDataResponse[relational.User]
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/me [get]
func (*UserHandler) GetPublicUser ¶ added in v0.13.0
func (h *UserHandler) GetPublicUser(ctx echo.Context) error
GetPublicUser godoc
@Summary Get public user details by ID
@Description Get minimal user details by user ID
@Tags Users
@Produce json
@Param id path string true "User ID"
@Success 200 {object} handler.GenericDataResponse[handler.publicUserResponse]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/{id} [get]
func (*UserHandler) GetSubscriptions ¶ added in v0.12.0
func (h *UserHandler) GetSubscriptions(ctx echo.Context) error
GetSubscriptions godoc
@Summary Get notification preferences
@Description Gets the current user's digest and workflow notification email preferences
@Tags Users
@Produce json
@Success 200 {object} handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/me/subscriptions [get]
func (*UserHandler) GetUser ¶ added in v0.4.2
func (h *UserHandler) GetUser(ctx echo.Context) error
GetUser godoc
@Summary Get user by ID
@Description Get user details by user ID
@Tags Users
@Produce json
@Param id path string true "User ID"
@Success 200 {object} handler.GenericDataResponse[relational.User]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/users/{id} [get]
func (*UserHandler) ListSelectableUsers ¶ added in v0.13.0
func (h *UserHandler) ListSelectableUsers(ctx echo.Context) error
ListSelectableUsers godoc
@Summary List selectable users
@Description Lists users with only id and display name for selection controls
@Tags Users
@Produce json
@Param search query string false "Filter users by name"
@Param limit query int false "Maximum users to return"
@Param offset query int false "Number of users to skip"
@Success 200 {object} handler.GenericDataListResponse[handler.selectableUserResponse]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/select [get]
func (*UserHandler) ListUsers ¶ added in v0.4.2
func (h *UserHandler) ListUsers(ctx echo.Context) error
ListUsers godoc
@Summary List all users
@Description Lists all users in the system
@Tags Users
@Produce json
@Success 200 {object} handler.GenericDataListResponse[relational.User]
@Failure 401 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/users [get]
func (*UserHandler) Register ¶ added in v0.4.2
func (h *UserHandler) Register(api *echo.Group)
func (*UserHandler) RegisterPublicRoutes ¶ added in v0.13.0
func (h *UserHandler) RegisterPublicRoutes(api *echo.Group)
func (*UserHandler) RegisterSelfRoutes ¶ added in v0.5.0
func (h *UserHandler) RegisterSelfRoutes(api *echo.Group)
func (*UserHandler) UpdateSubscriptions ¶ added in v0.12.0
func (h *UserHandler) UpdateSubscriptions(ctx echo.Context) error
UpdateSubscriptions godoc
@Summary Update notification preferences
@Description Updates the current user's digest and workflow notification email preferences
@Tags Users
@Accept json
@Produce json
@Param subscription body handler.UpdateSubscriptionsRequest true "Notification preferences"
@Success 200 {object} handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /users/me/subscriptions [put]
func (*UserHandler) UpdateUser ¶ added in v0.4.2
func (h *UserHandler) UpdateUser(ctx echo.Context) error
UpdateUser godoc
@Summary Update user details
@Description Updates the details of an existing user
@Tags Users
@Accept json
@Produce json
@Param id path string true "User ID"
@Param user body handler.UserHandler.UpdateUser.updateUserRequest true "User details"
@Success 200 {object} handler.GenericDataResponse[relational.User]
@Failure 400 {object} api.Error
@Failure 401 {object} api.Error
@Failure 404 {object} api.Error
@Failure 500 {object} api.Error
@Security OAuth2Password
@Router /admin/users/{id} [put]
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.