Documentation
¶
Overview ¶
Copyright (C) 2024 Tim Bastin, l3montree UG (haftungsbeschränkt)
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
Index ¶
- Constants
- func CheckStatusType(statusType string) error
- type Affected
- type AffectedComponent
- type Asset
- type AssetType
- type CPEMatch
- type CVE
- type CVEWithAffectedComponent
- type CWE
- type Comment
- type Component
- type ComponentDependency
- type Config
- type Exploit
- type Flaw
- type FlawEvent
- type FlawEventType
- type FlawState
- type GithubAppInstallation
- type Mitigation
- type Model
- type OSV
- type Org
- type PAT
- type Project
- type RequirementLevel
- type Severity
- type Type
- type VulnInPackage
- type Weakness
Constants ¶
View Source
const LatestVersion = "latest"
Variables ¶
This section is empty.
Functions ¶
func CheckStatusType ¶
Types ¶
type AffectedComponent ¶
type AffectedComponent struct {
ID string `json:"id" gorm:"primaryKey;"`
PURL string `json:"purl" gorm:"type:text;column:purl;index"`
Ecosystem string `json:"ecosystem" gorm:"type:text;"`
Scheme string `json:"scheme" gorm:"type:text;"`
Type string `json:"type" gorm:"type:text;"`
Name string `json:"name" gorm:"type:text;"`
Namespace *string `json:"namespace" gorm:"type:text;"`
Qualifiers *string `json:"qualifiers" gorm:"type:text;"`
Subpath *string `json:"subpath" gorm:"type:text;"`
Version *string `json:"version" gorm:"index"` // either version or semver is defined
SemverIntroduced *string `json:"semver_start" gorm:"type:semver;index"`
SemverFixed *string `json:"semver_end" gorm:"type:semver;index"`
CVE []CVE `json:"cves" gorm:"many2many:cve_affected_component;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
}
func (*AffectedComponent) SetIdHash ¶
func (affectedComponent *AffectedComponent) SetIdHash()
func (AffectedComponent) TableName ¶
func (affectedComponent AffectedComponent) TableName() string
type Asset ¶
type Asset struct {
Model
Name string `json:"name" gorm:"type:text"`
Slug string `json:"slug" gorm:"type:text;uniqueIndex:idx_app_project_slug;not null;"`
ProjectID uuid.UUID `json:"projectId" gorm:"uniqueIndex:idx_app_project_slug;not null;type:uuid;"`
Description string `json:"description" gorm:"type:text"`
Flaws []Flaw `json:"flaws" gorm:"foreignKey:AssetID;constraint:OnDelete:CASCADE;"`
Type AssetType `json:"type" gorm:"type:text;not null;"`
Importance int `json:"importance" gorm:"default:1;"`
ReachableFromInternet bool `json:"reachableFromInternet" gorm:"default:false;"`
ConfidentialityRequirement RequirementLevel `json:"confidentialityRequirement" gorm:"default:'high';not null;type:text;"`
IntegrityRequirement RequirementLevel `json:"integrityRequirement" gorm:"default:'high';not null;type:text;"`
AvailabilityRequirement RequirementLevel `json:"availabilityRequirement" gorm:"default:'high';not null;type:text;"`
Components []ComponentDependency `json:"components" gorm:"hasMany;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
Version string `json:"version" gorm:"type:text;"`
LastComponentUpdate time.Time `json:"lastComponentUpdate"`
}
func (Asset) GetCurrentAssetComponents ¶
func (m Asset) GetCurrentAssetComponents() []ComponentDependency
type CPEMatch ¶
type CPEMatch struct {
MatchCriteriaID string `json:"matchCriteriaId" gorm:"primaryKey;type:text;"`
Criteria string `json:"criteria" gorm:"type:text;"`
Part string `json:"part" gorm:"type:text;"`
Vendor string `json:"vendor" gorm:"type:text;"`
Product string `json:"product" gorm:"type:text;"`
Version string `json:"version" gorm:"type:text;"`
Update string `json:"update" gorm:"type:text;"`
Edition string `json:"edition" gorm:"type:text;"`
Language string `json:"language" gorm:"type:text;"`
SwEdition string `json:"swEdition" gorm:"type:text;"`
TargetSw string `json:"targetSw" gorm:"type:text;"`
TargetHw string `json:"targetHw" gorm:"type:text;"`
Other string `json:"other" gorm:"type:text;"`
VersionEndExcluding string `json:"versionEndExcluding" gorm:"type:text;"`
VersionStartIncluding string `json:"versionStartIncluding" gorm:"type:text;"`
Vulnerable bool `json:"vulnerable" gorm:"type:boolean;"`
CVEs []*CVE `json:"cve" gorm:"many2many:cve_cpe_match;constraint:OnUpdate:CASCADE,OnDelete:CASCADE;"`
}
type CVE ¶
type CVE struct {
CVE string `json:"cve" gorm:"primaryKey;not null;type:text;"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
DatePublished time.Time `json:"datePublished"`
DateLastModified time.Time `json:"dateLastModified"`
Weaknesses []*Weakness `json:"weaknesses" gorm:"foreignKey:CVEID;constraint:OnDelete:CASCADE;"`
Description string `json:"description" gorm:"type:text;"`
CVSS float32 `json:"cvss" gorm:"type:decimal(4,2);"`
Severity Severity `json:"severity"`
ExploitabilityScore float32 `json:"exploitabilityScore" gorm:"type:decimal(4,2);"`
ImpactScore float32 `json:"impactScore" gorm:"type:decimal(4,2);"`
AttackVector string `json:"attackVector"`
AttackComplexity string `json:"attackComplexity"`
PrivilegesRequired string `json:"privilegesRequired"`
UserInteraction string `json:"userInteractionRequired"`
Scope string `json:"scope"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
References string `json:"references" gorm:"type:text;"`
CISAExploitAdd *datatypes.Date `json:"cisaExploitAdd" gorm:"type:date;"`
CISAActionDue *datatypes.Date `json:"cisaActionDue" gorm:"type:date;"`
CISARequiredAction string `json:"cisaRequiredAction" gorm:"type:text;"`
CISAVulnerabilityName string `json:"cisaVulnerabilityName" gorm:"type:text;"`
Configurations []*CPEMatch `json:"configurations" gorm:"many2many:cve_cpe_match;"`
EPSS *float64 `json:"epss" gorm:"type:decimal(6,5);"`
Percentile *float32 `json:"percentile" gorm:"type:decimal(6,5);"`
AffectedComponents []AffectedComponent `json:"affectedComponents" gorm:"many2many:cve_affected_component"`
Vector string `json:"vector" gorm:"type:text;"`
Risk obj.RiskMetrics `json:"risk" gorm:"-"`
Exploits []*Exploit `json:"exploits" gorm:"foreignKey:CVEID;"`
}
func (CVE) GetReferences ¶
type CVEWithAffectedComponent ¶
type CVEWithAffectedComponent struct {
CVE any
AffectedComponent
}
type CWE ¶
type Comment ¶
type Component ¶
type Component struct {
// either cpe or purl is set
PurlOrCpe string `json:"purlOrCpe" gorm:"primaryKey;column:purl_or_cpe"`
Dependencies []ComponentDependency `json:"dependsOn" gorm:"hasMany;"`
}
type ComponentDependency ¶
type ComponentDependency struct {
ID uuid.UUID `gorm:"primarykey;type:uuid;default:gen_random_uuid()" json:"id"`
// the provided sbom from cyclondx only contains the transitive dependencies, which do really get used
// this means, that the dependency graph between people using the same library might differ, since they use it differently
// we use edges, which provide the information, that a component is used by another component in one asset
AssetSemverStart string `json:"semverStart" gorm:"column:semver_start;type:semver"`
AssetSemverEnd *string `json:"semverEnd" gorm:"column:semver_end;type:semver"`
Component Component `json:"component" gorm:"foreignKey:ComponentPurlOrCpe;references:PurlOrCpe"`
ComponentPurlOrCpe *string `json:"componentPurlOrCpe" gorm:"column:component_purl_or_cpe;"` // will be nil, for direct dependencies
Dependency Component `json:"dependency" gorm:"foreignKey:DependencyPurlOrCpe;references:PurlOrCpe"`
DependencyPurlOrCpe string `json:"dependencyPurlOrCpe" gorm:"column:dependency_purl_or_cpe;"`
AssetID uuid.UUID `json:"assetId" gorm:"column:asset_id;type:uuid;"`
Asset Asset `json:"asset" gorm:"foreignKey:AssetID;constraint:OnDelete:CASCADE;"`
Depth int `json:"depth" gorm:"column:depth"`
}
func GetOnlyDirectDependencies ¶
func GetOnlyDirectDependencies(deps []ComponentDependency) []ComponentDependency
func (ComponentDependency) TableName ¶
func (c ComponentDependency) TableName() string
type Exploit ¶
type Exploit struct {
ID string ` gorm:"primaryKey;"`
Published *time.Time `json:"pushed_at" gorm:"type:date;"`
Updated *time.Time `json:"updated_at" gorm:"type:date;"`
Author string `json:"author" gorm:"type:text;"`
Type string `json:"type" gorm:"type:text;"`
Verified bool `json:"verified" gorm:"type:boolean;"`
SourceURL string `json:"sourceURL" gorm:"type:text;"`
Description string `json:"description" gorm:"type:text;"`
CVE CVE `json:"cve" gorm:"foreignKey:CVEID;constraint:OnDelete:CASCADE;"`
CVEID string `json:"cveID" gorm:"type:text;"`
Tags string `json:"tags" gorm:"type:text;"`
Forks int `json:"forks" gorm:"type:integer;"`
Watchers int `json:"watchers" gorm:"type:integer;"`
Subscribers int `json:"subscribers_count" gorm:"type:integer;"`
Stars int `json:"stargazers_count" gorm:"type:integer;"`
}
type Flaw ¶
type Flaw struct {
ID string `json:"id" gorm:"primaryKey;not null;"`
// the scanner which was used to detect this flaw
ScannerID string `json:"scanner" gorm:"not null;"`
Message *string `json:"message"`
Comments []Comment `gorm:"foreignKey:FlawID;constraint:OnDelete:CASCADE;" json:"comments"`
Events []FlawEvent `gorm:"foreignKey:FlawID;constraint:OnDelete:CASCADE;" json:"events"`
AssetID uuid.UUID `json:"assetId" gorm:"not null;"`
State FlawState `json:"state" gorm:"default:'open';not null;type:text;"`
CVE *CVE `json:"cve"`
CVEID string `json:"cveId" gorm:"null;type:text;default:null;"`
Component *Component `json:"component" gorm:"foreignKey:ComponentPurlOrCpe;constraint:OnDelete:CASCADE;"`
ComponentPurlOrCpe string `json:"componentPurlOrCpe" gorm:"type:text;default:null;"`
Effort *int `json:"effort" gorm:"default:null;"`
RiskAssessment *int `json:"riskAssessment" gorm:"default:null;"`
RawRiskAssessment *float64 `json:"rawRiskAssessment" gorm:"default:null;"`
Priority *int `json:"priority" gorm:"default:null;"`
ArbitraryJsonData string `json:"arbitraryJsonData" gorm:"type:text;"`
LastDetected time.Time `json:"lastDetected" gorm:"default:now();not null;"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
DeletedAt sql.NullTime `gorm:"index" json:"-"`
// contains filtered or unexported fields
}
func (*Flaw) CalculateHash ¶
func (*Flaw) GetArbitraryJsonData ¶
func (*Flaw) SetArbitraryJsonData ¶
type FlawEvent ¶
type FlawEvent struct {
Model
Type FlawEventType `json:"type" gorm:"type:text"`
FlawID string `json:"flawId"`
UserID string `json:"userId"`
Justification *string `json:"justification" gorm:"type:text;"`
ArbitraryJsonData string `json:"arbitraryJsonData" gorm:"type:text;"`
// contains filtered or unexported fields
}
func NewDetectedEvent ¶
func NewFixedEvent ¶
func (*FlawEvent) GetArbitraryJsonData ¶
func (*FlawEvent) SetArbitraryJsonData ¶
type FlawEventType ¶
type FlawEventType string
const ( EventTypeDetected FlawEventType = "detected" EventTypeFixed FlawEventType = "fixed" //EventTypeRiskAssessmentUpdated FlawEventType = "riskAssessmentUpdated" EventTypeAccepted FlawEventType = "accepted" EventTypeMarkedForMitigation FlawEventType = "markedForMitigation" EventTypeFalsePositive FlawEventType = "falsePositive" EventTypeMarkedForTransfer FlawEventType = "markedForTransfer" EventTypeRawRiskAssessmentUpdated FlawEventType = "rawRiskAssessmentUpdated" )
type FlawState ¶
type FlawState string
const ( FlawStateOpen FlawState = "open" FlawStateFixed FlawState = "fixed" // we did not find the flaw anymore in the last scan! FlawStateAccepted FlawState = "accepted" // like ignore FlawStateMarkedForMitigation FlawState = "markedForMitigation" FlawStateFalsePositive FlawState = "falsePositive" // we can use that for crowdsource vulnerability management. 27 People marked this as false positive and they have the same dependency tree - propably you are not either FlawStateMarkedForTransfer FlawState = "markedForTransfer" )
type GithubAppInstallation ¶
type GithubAppInstallation struct {
InstallationID int `json:"installationId" gorm:"primaryKey"`
Org *Org `json:"org" gorm:"foreignKey:OrgID;constraint:OnDelete:CASCADE;"`
OrgID *uuid.UUID `json:"orgId" gorm:"column:org_id"`
InstallationCreatedWebhookReceivedTime time.Time `json:"installationCreatedWebhookReceivedTime"`
}
func (GithubAppInstallation) TableName ¶
func (GithubAppInstallation) TableName() string
type Mitigation ¶
type Mitigation struct {
Model
Type Type `json:"mitigationType"`
InitiatingUserID string `json:"initiatingUserId"`
ResultID uuid.UUID `json:"resultId"`
DueDate *time.Time `json:"dueDate"`
Properties datatypes.JSON `gorm:"type:jsonb;default:'{}';not null"`
MitigationPending bool `json:"mitigationPending" gorm:"default:false"` // will be true for fix and transfer types - we are waiting for another scan report which verifies, that the related result is fixed. Will be false for avoid and accept types
Justification string `json:"justification"`
}
type Model ¶
type OSV ¶
type OSV struct {
ID string `json:"id"`
Summary string `json:"summary"`
Modified time.Time `json:"modified"`
Published time.Time `json:"published"`
Related []string `json:"related"`
Aliases []string `json:"aliases"`
Affected []Affected `json:"affected"`
SchemaVersion string `json:"schema_version"`
}
func (OSV) GetAffectedPackages ¶
func (osv OSV) GetAffectedPackages() []AffectedComponent
type Org ¶
type Org struct {
Model
Name string `json:"name" gorm:"type:text"`
ContactPhoneNumber *string `json:"contactPhoneNumber" gorm:"type:text"`
NumberOfEmployees *int `json:"numberOfEmployees"`
Country *string `json:"country" gorm:"type:text"`
Industry *string `json:"industry" gorm:"type:text"`
CriticalInfrastructure bool `json:"criticalInfrastructure"`
ISO27001 bool `json:"iso27001"`
NIST bool `json:"nist"`
Grundschutz bool `json:"grundschutz"`
Projects []Project `json:"projects" gorm:"foreignKey:OrganizationID;constraint:OnDelete:CASCADE;"`
Slug string `json:"slug" gorm:"type:text;unique;not null;index"`
Description string `json:"description" gorm:"type:text"`
}
type PAT ¶
type Project ¶
type Project struct {
Model
Name string `json:"name" gorm:"type:text"`
Assets []Asset `json:"assets" gorm:"foreignKey:ProjectID;constraint:OnDelete:CASCADE;"`
OrganizationID uuid.UUID `json:"organizationId" gorm:"uniqueIndex:idx_project_org_slug;not null;type:uuid"`
Slug string `json:"slug" gorm:"type:text;uniqueIndex:idx_project_org_slug;not null"`
Description string `json:"description" gorm:"type:text"`
}
type RequirementLevel ¶
type RequirementLevel string
const ( RequirementLevelLow RequirementLevel = "low" RequirementLevelMedium RequirementLevel = "medium" RequirementLevelHigh RequirementLevel = "high" )
type VulnInPackage ¶
type VulnInPackage struct {
CVEID string
CVE CVE
FixedVersion *string
IntroducedVersion *string
PackageName string
PurlWithVersion string
}
func (VulnInPackage) GetFixedVersion ¶
func (v VulnInPackage) GetFixedVersion() string
func (VulnInPackage) GetIntroducedVersion ¶
func (v VulnInPackage) GetIntroducedVersion() string
Source Files
¶
Click to show internal directories.
Click to hide internal directories.