Documentation
¶
Overview ¶
Package csaf provides a library for Common Security Advisory Framework Version 2.0 (CSAF) documents.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSAF ¶
type CSAF struct {
// Document contains metadata about the CSAF document itself.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
Document DocumentMetadata `json:"document"`
// ProductTree contains information about the product tree (branches only).
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#322-product-tree-property
ProductTree ProductBranch `json:"product_tree"`
// Vulnerabilities contains information about the vulnerabilities,
// (i.e. CVEs), associated threats, and product status.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
// Notes holds notes associated with the whole document.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3217-document-property---notes
Notes []Note `json:"notes"`
}
CSAF is a Common Security Advisory Framework Version 2.0 document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
func Open ¶
Open reads and parses a given file path and returns a CSAF document or an error if the file could not be opened or parsed.
func (*CSAF) FirstProductName ¶
FirstProductName returns the first product name in the product tree or an empty string if no product name is found.
func (*CSAF) ListProducts ¶ added in v0.2.1
func (csafDoc *CSAF) ListProducts() ProductList
type CVSSV2 ¶ added in v0.2.7
type CVSSV2 struct {
AccessVector string `json:"accessVector"`
AccessComplexity string `json:"accessComplexity"`
Authentication string `json:"authentication"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
Exploitability string `json:"exploitability"`
RemediationLevel string `json:"remediationLevel"`
ReportConfidence string `json:"reportConfidence"`
TemporalScore float64 `json:"temporalScore"`
CollateralDamagePotential string `json:"collateralDamagePotential"`
TargetDistribution string `json:"targetDistribution"`
ConfidentialityRequirement string `json:"confidentialityRequirement"`
IntegrityRequirement string `json:"integrityRequirement"`
AvailabilityRequirement string `json:"availabilityRequirement"`
EnvironmentalScore float64 `json:"environmentalScore"`
}
CVSSV2 describes CVSSv2.0 specification as defined here:
type CVSSV3 ¶ added in v0.2.7
type CVSSV3 struct {
AttackComplexity string `json:"attackComplexity"`
AttackVector string `json:"attackVector"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
PrivilegesRequired string `json:"privilegesRequired"`
Scope string `json:"scope"`
UserInteraction string `json:"userInteraction"`
VectorString string `json:"vectorString"`
Version string `json:"version"`
}
CVSSV3 describes both the CVSSv3.0 and CVSSv3.1 specifications as defined here:
type DocumentMetadata ¶
type DocumentMetadata struct {
Title string `json:"title"`
Tracking Tracking `json:"tracking"`
References []Reference `json:"references"`
Publisher Publisher `json:"publisher"`
}
DocumentMetadata contains metadata about the CSAF document itself.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#321-document-property
type Flag ¶ added in v0.2.1
type Flag struct {
Label string `json:"label"`
Date time.Time `json:"date"`
GroupIDs []string `json:"group_ids"`
ProductIDs []string `json:"product_ids"`
}
Machine readable flags for products related to the Vulnerability
type Product ¶
type Product struct {
Name string `json:"name"`
ID string `json:"product_id"`
IdentificationHelper map[string]string `json:"product_identification_helper"`
}
Product contains information used to identify a product.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3124-branches-type---product
type ProductBranch ¶
type ProductBranch struct {
Category string `json:"category"`
Name string `json:"name"`
Branches []ProductBranch `json:"branches"`
Product Product `json:"product,omitempty"`
Relationships []Relationship `json:"relationships"`
}
ProductBranch is a recursive struct that contains information about a product and its nested products.
func (*ProductBranch) FindFirstProduct ¶
func (branch *ProductBranch) FindFirstProduct() string
FindFirstProduct recursively searches for the first product identifier in the tree and returns it or an empty string if no product identifier is found.
func (*ProductBranch) FindFirstProductName ¶ added in v0.2.1
func (branch *ProductBranch) FindFirstProductName() string
FindFirstProductName recursively searches for the first product name in the tree and returns it or an empty string if no product name is found.
func (*ProductBranch) FindProductIdentifier ¶
func (branch *ProductBranch) FindProductIdentifier(helperType, helperValue string) *Product
FindProductIdentifier recursively searches for the first product identifier in the tree
func (*ProductBranch) ListProducts ¶ added in v0.2.1
func (branch *ProductBranch) ListProducts() ProductList
ListProducts returns a flat list of all products in the branch
type ProductList ¶ added in v0.2.1
type ProductList []Product
func (*ProductList) Add ¶ added in v0.2.1
func (pl *ProductList) Add(p Product)
Add adds a product to the product list if its not there, matching id and software identifiers.
type Publisher ¶ added in v0.2.7
type Publisher struct {
Category string `json:"category"`
ContactDetails string `json:"contact_details"`
IssuingAuthority string `json:"issuing_authority"`
Name string `json:"name"`
Namespace string `json:"namespace"`
}
Publisher provides information on the publishing entity.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3218-document-property---publisher
type Reference ¶ added in v0.2.1
type Reference struct {
Category string `json:"category"`
Summary string `json:"summary"`
URL string `json:"url"`
}
Document references holds a list of references associated with the whole document.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3219-document-property---references
type Relationship ¶ added in v0.2.1
type Relationship struct {
Category string `json:"category"`
FullProductName Product `json:"full_product_name"`
ProductRef string `json:"product_reference"`
RelatesToProductRef string `json:"relates_to_product_reference"`
}
Relationship establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.
type RemediationData ¶ added in v0.2.1
type RemediationData struct {
Category string `json:"category"`
Date time.Time `json:"date"`
Details string `json:"details"`
Entitlements []string `json:"entitlements"`
GroupIDs []string `json:"group_ids"`
ProductIDs []string `json:"product_ids"`
Restart RestartData `json:"restart_required"`
URL string `json:"url"`
}
RemediationData contains information about how to remediate a vulnerability for a set of products.
type RestartData ¶ added in v0.2.1
Remediation instructions for restart of affected software.
type Score ¶ added in v0.2.7
type Score struct {
CVSSV2 CVSSV2 `json:"cvss_v2"`
CVSSV3 CVSSV3 `json:"cvss_v3"`
ProductIDs []string `json:"products"`
}
Score contains score information tied to the listed products.
type ThreatData ¶
type ThreatData struct {
Category string `json:"category"`
Details string `json:"details"`
ProductIDs []string `json:"product_ids"`
}
ThreatData contains information about a threat to a product.
type Tracking ¶
type Tracking struct {
ID string `json:"id"`
CurrentReleaseDate time.Time `json:"current_release_date"`
InitialReleaseDate time.Time `json:"initial_release_date"`
}
Tracking contains information used to track the CSAF document through its lifecycle.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32112-document-property---tracking
type TrackingID ¶ added in v0.2.1
Every ID item with the two mandatory properties System Name (system_name) and Text (text) contains a single unique label or tracking ID for the vulnerability.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
type Vulnerability ¶
type Vulnerability struct {
// MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3232-vulnerabilities-property---cve
CVE string `json:"cve"`
// List of IDs represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3236-vulnerabilities-property---ids
IDs []TrackingID `json:"ids"`
// Provide details on the status of the referenced product related to the vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3239-vulnerabilities-property---product-status
ProductStatus map[string][]string `json:"product_status"`
// Provide details of threats associated with a vulnerability.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32314-vulnerabilities-property---threats
Threats []ThreatData `json:"threats"`
// Provide details of remediations associated with a Vulnerability
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32312-vulnerabilities-property---remediations
Remediations []RemediationData `json:"remediations"`
// Machine readable flags for products related to vulnerability
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3235-vulnerabilities-property---flags
Flags []Flag `json:"flags"`
// Vulnerability references holds a list of references associated with this vulnerability item.
//
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32310-vulnerabilities-property---references
References []Reference `json:"references"`
ReleaseDate time.Time `json:"release_date"`
// Notes holds notes associated with the Vulnerability object.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3238-vulnerabilities-property---notes
Notes []Note `json:"notes"`
// Scores holds the scores associated with the Vulnerability object.
// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#32313-vulnerabilities-property---scores
// Currently only CVSS v3 is supported.
Scores []Score `json:"scores"`
}
Vulnerability contains information about a CVE and its associated threats.
https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property
Source Files