normalize

package
v1.0.0-rc.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Copyright (C) 2025 l3montree GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Index

Constants

View Source 
const (
	NodeTypeComponent             nodeType = "component"
	NodeTypeSbomInformationSource nodeType = "sbom"
	NodeTypeVexInformationSource  nodeType = "vex"
	NodeTypeCSAFInformationSource nodeType = "csaf"
	NodeTypeUnknown               nodeType = "unknown"
)

Variables

View Source 
var PURLEcosystems = map[string]string{
	"Alpine":    "apk",
	"crates.io": "cargo",
	"Debian":    "deb",
	"Go":        "golang",
	"Hackage":   "hackage",
	"Hex":       "hex",
	"Maven":     "maven",
	"npm":       "npm",
	"NuGet":     "nuget",
	"OSS-Fuzz":  "generic",
	"Packagist": "composer",
	"Pub":       "pub",
	"PyPI":      "pypi",
	"RubyGems":  "gem",
}
View Source 
var ValidSemverRegex = regexp.MustCompile(`^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)(?:-(?P<prerelease>(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`)

Regex for validating a correct semver.

Functions

func ArtifactPurl 

func ArtifactPurl(scanner string, assetName string) string

func BeautifyPURL 

func BeautifyPURL(pURL string) (string, error)

function to make purl look more visually appealing

func ConvertToSemver 

func ConvertToSemver(originalVersion string) (string, error)

ConvertToSemver converts various version formats to semantic versioning format. It handles: - Epoch prefixes (e.g., "2:1.2.3" -> "1.2.3") - "v" prefixes (e.g., "v1.2.3" -> "1.2.3") - Pre-release identifiers with "-" (e.g., "1.2.3-rc1") - Build metadata with "+" (e.g., "1.2.3+build1") - Tilde versions "~" (e.g., "1.2.3~rc1" -> "1.2.3-rc1") - Missing version segments (e.g., "1.2" -> "1.2.0")

Returns an error if: - Version contains invalid characters (only 0-9 and . allowed in version part) - Version has more than 3 numeric segments

func DeepSort 

func DeepSort(el any) any

this is a deep sort function that sorts all maps and slices recursively it is REALLY expensive, so use it wisely! it treats any arrays as sets and sorts them by their canonical JSON representation

func FixFixedVersion 

func FixFixedVersion(purl string, fixedVersion *string) *string

func MapCDXToEventType 

func MapCDXToEventType(a *cdx.VulnerabilityAnalysis) string

func MapCDXToVulnStatus 

func MapCDXToVulnStatus(a *cdx.VulnerabilityAnalysis) string

map CycloneDX Analysis State / Response to internal status strings used by CreateVulnEventAndApply

func PackageToPurl 

func PackageToPurl(ecosystem, packageName string) string

func Purl 

func Purl(component cdx.Component) string

func PurlToEcosystem 

func PurlToEcosystem(purlType string) string

func Purlify 

func Purlify(artifactName string, assetVersionName string) string

func RemoveOriginTypePrefixIfExists 

func RemoveOriginTypePrefixIfExists(origin string) (nodeType, string)

func SemverCompare 

func SemverCompare(v1, v2 string) int

func SemverSort 

func SemverSort(versions []string)

func SortStringsSlice 

func SortStringsSlice(slice []string) []string

func StructuralCompareCdxBoms 

func StructuralCompareCdxBoms(a, b *cdx.BOM) error

Types

type CdxBom 

type CdxBom struct {
	// contains filtered or unexported fields
}

func FromCdxBom 

func FromCdxBom(bom *cdx.BOM, artifactName, ref string, informationSource string) *CdxBom

func FromComponents 

func FromComponents(assetSlug, artifactName, assetVersionName, assetVersionSlug, projectSlug, orgSlug, frontendURL string, components []CdxComponent, licenseOverwrites map[string]string) *CdxBom

func FromNormalizedCdxBom 

func FromNormalizedCdxBom(bom *cdx.BOM, rootPurl, artifactName, assetVersionSlug, assetSlug, projectSlug, orgSlug string, frontendURL string) *CdxBom

func FromVulnerabilities 

func FromVulnerabilities(assetSlug, artifactName, assetVersionName, assetVersionSlug, projectSlug, orgSlug, frontendURL string, vulns []cdx.Vulnerability) *CdxBom

func MergeCdxBoms 

func MergeCdxBoms(metadata *cdx.Metadata, artifactName string, boms ...*CdxBom) *CdxBom

func (*CdxBom) AddChild 

func (bom *CdxBom) AddChild(parent *TreeNode[cdxBomNode], child *TreeNode[cdxBomNode])

func (*CdxBom) AddDirectChildWhichInheritsChildren 

func (bom *CdxBom) AddDirectChildWhichInheritsChildren(parent cdxBomNode, child cdxBomNode)

func (*CdxBom) AddSourceChildrenToTarget 

func (bom *CdxBom) AddSourceChildrenToTarget(source *TreeNode[cdxBomNode], target *TreeNode[cdxBomNode])

func (*CdxBom) CalculateDepth 

func (bom *CdxBom) CalculateDepth() map[string]int

func (*CdxBom) CountParentTypes 

func (bom *CdxBom) CountParentTypes() map[string]map[nodeType]int

func (*CdxBom) EjectMinimalDependencyTree 

func (bom *CdxBom) EjectMinimalDependencyTree() *minimalTreeNode

func (*CdxBom) EjectSBOM 

func (bom *CdxBom) EjectSBOM(assetID *uuid.UUID) *cdx.BOM

func (*CdxBom) EjectVex 

func (bom *CdxBom) EjectVex(assetID *uuid.UUID) *cdx.BOM

func (*CdxBom) GetAllParentNodes 

func (bom *CdxBom) GetAllParentNodes(nodeID string) []string

func (*CdxBom) GetComponents 

func (bom *CdxBom) GetComponents() *[]cdx.Component

func (*CdxBom) GetComponentsIncludingFakeNodes 

func (bom *CdxBom) GetComponentsIncludingFakeNodes() *[]cdx.Component

func (*CdxBom) GetCsafRootPurls 

func (bom *CdxBom) GetCsafRootPurls() []string

this returns direct csaf children of csaf information source nodes since csaf does not scope transitive dependencies but we might be able to redistribute found cves to the subtree reachable from those purls.

func (*CdxBom) GetDependencies 

func (bom *CdxBom) GetDependencies() *[]cdx.Dependency

func (*CdxBom) GetDependenciesIncludingFakeNodes 

func (bom *CdxBom) GetDependenciesIncludingFakeNodes() *[]cdx.Dependency

func (*CdxBom) GetDependenciesOfComponent 

func (bom *CdxBom) GetDependenciesOfComponent(componentRef string) *cdx.Dependency

func (*CdxBom) GetDirectDependencies 

func (bom *CdxBom) GetDirectDependencies() *[]cdx.Dependency

func (*CdxBom) GetInformationSourceNodes 

func (bom *CdxBom) GetInformationSourceNodes() []*TreeNode[cdxBomNode]

func (*CdxBom) GetInformationSources 

func (bom *CdxBom) GetInformationSources() []string

func (*CdxBom) GetMetadata 

func (bom *CdxBom) GetMetadata() *cdx.Metadata

func (*CdxBom) GetTransitiveDependencies 

func (bom *CdxBom) GetTransitiveDependencies() *[]cdx.Dependency

func (*CdxBom) GetVulnerabilities 

func (bom *CdxBom) GetVulnerabilities() *[]cdx.Vulnerability

func (*CdxBom) InformationFromVexOrMultipleSBOMs 

func (bom *CdxBom) InformationFromVexOrMultipleSBOMs() []string

func (*CdxBom) ReplaceOrAddInformationSourceNode 

func (bom *CdxBom) ReplaceOrAddInformationSourceNode(subTree *TreeNode[cdxBomNode])

func (*CdxBom) ReplaceRoot 

func (bom *CdxBom) ReplaceRoot(newRoot cdxBomNode)

type CdxComponent 

type CdxComponent interface {
	GetPurl() string
	GetDependentPurl() *string
	ToCdxComponent(componentLicenseOverwrites map[string]string) cdx.Component
}

type Node 

type Node interface {
	GetID() string
}

type PurlMatchContext 

type PurlMatchContext struct {
	SearchPurl        string
	TargetVersion     string
	NormalizedVersion string
	VersionIsValid    error
	Qualifiers        packageurl.Qualifiers
	Namespace         string
}

PurlMatchContext holds the parsed purl information for matching

func ParsePurlForMatching 

func ParsePurlForMatching(purl, version string) (*PurlMatchContext, error)

ParsePurlForMatching parses a purl and version into a context for database matching

type Tree 

type Tree[Element Node] struct {
	Root *TreeNode[Element] `json:"root"`
	// contains filtered or unexported fields
}

func BuildDependencyTree 

func BuildDependencyTree[Element Node](root Element, elements []Element, depMap map[string][]string) Tree[Element]

func (*Tree[Element]) AddChild 

func (tree *Tree[Element]) AddChild(parent *TreeNode[Element], child *TreeNode[Element])

func (*Tree[Element]) AddDirectChildWhichInheritsChildren 

func (tree *Tree[Element]) AddDirectChildWhichInheritsChildren(parent Element, child Element)

func (*Tree[Element]) AddSourceChildrenToTarget 

func (tree *Tree[Element]) AddSourceChildrenToTarget(source *TreeNode[Element], target *TreeNode[Element])

func (*Tree[Data]) Reachable 

func (tree *Tree[Data]) Reachable(id string) bool

func (*Tree[Data]) RenderToMermaid 

func (tree *Tree[Data]) RenderToMermaid() string

func (*Tree[Element]) ReplaceNode 

func (tree *Tree[Element]) ReplaceNode(old *TreeNode[Element], new *TreeNode[Element])

func (*Tree[Element]) ReplaceRoot 

func (tree *Tree[Element]) ReplaceRoot(node Element)

func (*Tree[Element]) ReplaceSubtree 

func (tree *Tree[Element]) ReplaceSubtree(other *TreeNode[Element])

func (*Tree[Element]) Visitable 

func (tree *Tree[Element]) Visitable() ([]string, []string)

type TreeNode 

type TreeNode[Element Node] struct {
	ID       string               `json:"name"`
	Children []*TreeNode[Element] `json:"children"`
	// contains filtered or unexported fields
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.