Documentation
¶
Index ¶
- Constants
- Variables
- func CheckExpandedDb(path string, checkHash bool) (float64, string, error)
- func CreateImagePath(uid string) string
- func GetCVEDBEncryptKey() []byte
- func GetDbVersion(path string) (float64, string, error)
- func GetImagePath(uid string) string
- func InitDebugFilters(s string)
- func LoadAppVulsTb(path string) (map[string][]AppModuleVul, error)
- func LoadCveDb(path, desPath string, encryptKey []byte) (string, string, error)
- func LoadFullVulnerabilities(path, osname string) (map[string]VulFull, error)
- func LoadRawFile(path, name string) ([]byte, error)
- type AppModuleVersion
- type AppModuleVul
- type CVSS
- type CveDB
- type DebugFilter
- type FeaFull
- type FeaShort
- type KeyVersion
- type NVDMetadata
- type NVDvulnerableVersion
- type OutputCVEEntry
- type OutputCVEVul
- type OutputPackage
- type Priority
- type VulFull
- type VulShort
Constants ¶
View Source
const ( DBUbuntu = iota DBDebian DBCentos DBAlpine DBAmazon DBOracle DBMariner DBSuse DBPhoton DBRocky DBMax )
View Source
const CveDBExpandPath = "/tmp/neuvector/db/"
View Source
const DBAppName = "apps"
View Source
const ImageLayerCacherFile = ImageLayersCachePath + "/cacher.json"
View Source
const ImageLayerLockFile = ImageLayersCachePath + "/lock"
View Source
const ImageLayersCachePath = "/tmp/images/caches"
View Source
const ImageWorkingPath = "/tmp/images"
View Source
const MaxRecordCacherSizeMB = 1000
View Source
const RHELCpeMapFile = "rhel-cpe.map"
Variables ¶
View Source
var ( // ErrFilesystem occurs when a filesystem interaction fails. ErrFilesystem = errors.New("something went wrong when interacting with the fs") // ErrCouldNotDownload occurs when a download fails. ErrCouldNotDownload = errors.New("could not download requested resource") // ErrNotFound occurs when a resource could not be found. ErrNotFound = errors.New("the resource cannot be found") // ErrCouldNotParse is returned when a fetcher fails to parse the update data. ErrCouldNotParse = errors.New("updater/fetchers: could not parse") )
View Source
var DBS dbSpace = dbSpace{ Buffers: [DBMax]dbBuffer{ DBUbuntu: {Name: "ubuntu"}, DBDebian: {Name: "debian"}, DBCentos: {Name: "centos"}, DBAlpine: {Name: "alpine"}, DBAmazon: {Name: "amazon"}, DBOracle: {Name: "oracle"}, DBMariner: {Name: "mariner"}, DBPhoton: {Name: "photon"}, DBSuse: {Name: "suse"}, DBRocky: {Name: "rocky"}, }, }
View Source
var DebianReleasesMapping = map[string]string{
"squeeze": "6",
"wheezy": "7",
"jessie": "8",
"stretch": "9",
"buster": "10",
"bullseye": "11",
"bookworm": "12",
"trixie": "13",
"forky": "14",
"sid": "unstable",
"oldoldstable": "7",
"oldstable": "8",
"stable": "9",
"testing": "10",
"unstable": "unstable",
}
View Source
var Priorities = []Priority{Unknown, Negligible, Low, Medium, High, Critical, Defcon1}
View Source
var UbuntuReleasesMapping = map[string]string{
"upstream": "upstream",
"precise": "12.04",
"precise/esm": "12.04",
"quantal": "12.10",
"raring": "13.04",
"trusty": "14.04",
"trusty/esm": "14.04",
"utopic": "14.10",
"vivid": "15.04",
"wily": "15.10",
"xenial": "16.04",
"esm-infra/xenial": "16.04",
"yakkety": "16.10",
"zesty": "17.04",
"artful": "17.10",
"bionic": "18.04",
"cosmic": "18.10",
"disco": "19.04",
"eoan": "19.10",
"focal": "20.04",
"groovy": "20.10",
"hirsute": "21.04",
"impish": "21.10",
"jammy": "22.04",
"kinetic": "22.10",
"lunar": "23.04",
"mantic": "23.10",
"noble": "24.04",
}
UbuntuReleasesMapping translates Ubuntu code names to version numbers
Functions ¶
func CreateImagePath ¶
Get an unique image folder under /tmp, return "" if can not allocate a good folder
func GetCVEDBEncryptKey ¶
func GetCVEDBEncryptKey() []byte
func GetImagePath ¶
func InitDebugFilters ¶
func InitDebugFilters(s string)
func LoadAppVulsTb ¶
func LoadAppVulsTb(path string) (map[string][]AppModuleVul, error)
func LoadFullVulnerabilities ¶
func LoadRawFile ¶
Types ¶
type AppModuleVersion ¶
type AppModuleVul ¶
type AppModuleVul struct {
VulName string `json:"VN"`
AppName string `json:"AN"`
ModuleName string `json:"MN"`
Description string `json:"D"`
Link string `json:"L"`
Score float64 `json:"SC"`
Vectors string `json:"VV2"`
ScoreV3 float64 `json:"SC3"`
VectorsV3 string `json:"VV3"`
Severity string `json:"SE"`
AffectedVer []AppModuleVersion `json:"AV"`
FixedVer []AppModuleVersion `json:"FV"`
UnaffectedVer []AppModuleVersion `json:"UV,omitempty"`
IssuedDate time.Time `json:"Issue"`
LastModDate time.Time `json:"LastMod"`
CVEs []string `json:"-"`
}
type DebugFilter ¶
var Debugs DebugFilter
type KeyVersion ¶
type NVDMetadata ¶
type NVDMetadata struct {
Description string `json:"description,omitempty"`
CVSSv2 CVSS
CVSSv3 CVSS
VulnVersions []NVDvulnerableVersion
}
type NVDvulnerableVersion ¶
type OutputCVEEntry ¶
type OutputCVEEntry struct {
OSApp string `json:"OSApp"`
OSAppVer string `json:"OSAppVersion"`
PublishedDate string `json:"PublishedDate"`
LastModifiedDate string `json:"LastModifiedDate"`
Packages []*OutputPackage `json:"Packages"`
}
type OutputCVEVul ¶
type OutputCVEVul struct {
Name string `json:"Name"`
Severity string `json:"Severity"`
Score float32 `json:"Score"`
Vectors string `json:"Vectors"`
ScoreV3 float32 `json:"ScoreV3"`
VectorsV3 string `json:"VectorsV3"`
Entries []*OutputCVEEntry `json:"Entries"`
}
func ReadCveDbMeta ¶
func ReadCveDbMeta(path string, output bool) (map[string]*share.ScanVulnerability, []*OutputCVEVul, error)
type OutputPackage ¶
type VulFull ¶
type VulFull struct {
Name string `json:"N"`
Namespace string `json:"NS"`
Description string `json:"D"`
Link string `json:"L"`
Severity string `json:"S"`
CVSSv2 CVSS `json:"C2"`
CVSSv3 CVSS `json:"C3"`
FixedBy string `json:"FB"`
FixedIn []FeaFull `json:"FI"`
CPEs []string `json:"CPE,omitempty"`
CVEs []string `json:"CVE,omitempty"`
FeedRating string `json:"RATE,omitempty"`
IssuedDate time.Time `json:"Issue"`
LastModDate time.Time `json:"LastMod"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.