driver

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrDuplicateRef = errors.New("an UpdateOperation with that ref already exists")

ErrDuplicateRef is reported when a ref is attempted to be created when it already exists.

View Source 
var ErrUnchanged = errors.New("driver: database contents unchanged")

ErrUnchanged is returned by Fetchers when the database has not changed.

Functions

This section is empty.

Types

type ConfigUnmarshaler 

type ConfigUnmarshaler func(interface{}) error

ConfigUnmarshaler can be thought of as an Unmarshal function with the byte slice provided, or a Decode function.

The function should populate a passed struct with any configuration information.

type Configs 

type Configs map[string]ConfigUnmarshaler

Configs is a map of name to ConfigUnmarshaler.

It's used for runtime configuration in the Updater.

type Distribution 

type Distribution struct {
	ID        string
	VersionID string // Numeric version, like os-release
	Arch      string
	CPE       cpe.WFN
}

Distribution describes a distribution.

type EnrichmentParser 

type EnrichmentParser interface {
	ParseEnrichment(context.Context, fs.FS) ([]EnrichmentRecord, error)
}

EnrichmentParser takes a provided fs and reports the Enrichments found.

type EnrichmentRecord 

type EnrichmentRecord struct {
	Tags       []string
	Enrichment json.RawMessage
}

EnrichmentRecord is a simple container for JSON enrichment data and the tags it will be queried by.

type Fingerprint 

type Fingerprint string

Fingerprint is some identifying information about a vulnerability database.

type Package 

type Package struct {
	Name              string
	Version           string
	Database          string
	Arch              string
	Module            string
	CPE               cpe.WFN
	NormalizedVersion types.Version
	Kind              types.PackageKind
	Repository        int // optional, -1 to omit
	Source            int // optional, -1 to omit
}

Package describes a package.

type ParsedVulnerabilities 

type ParsedVulnerabilities struct {
	Updater       string
	Vulnerability []Vulnerability
	Package       []Package
	Distribution  []Distribution
	Repository    []Repository
}

ParsedVulnerabilities is an entity-component system describing discovered vulnerabilities.

type Repository 

type Repository struct {
	Name string
	Key  string
	URI  string
	CPE  cpe.WFN
}

Repository describes a repository.

type Severity 

type Severity struct {
	// Upstream should be the value the upstream database provides.
	Upstream string
	// Normalized should be one of the proscribed Severity values. They roughly
	// correlate to CVSSv3 severity levels.
	Normalized types.Severity
}

Severity is severity information

type UpdateDiff 

type UpdateDiff struct {
	Added, Removed []Vulnerability
	Prev, Cur      UpdateOperation
}

UpdateDiff represents added or removed vulnerabilities between update operations.

type UpdateKind 

type UpdateKind string

UpdateKind is used to tag the kind of update being handled. 

const (
	VulnerabilityKind UpdateKind = "vulnerability"
	EnrichmentKind    UpdateKind = "enrichment"
)

Known update kinds.

type UpdateOperation 

type UpdateOperation struct {
	Date        time.Time
	Updater     string
	Kind        UpdateKind
	Fingerprint Fingerprint
	Ref         uuid.UUID
}

UpdateOperation is a unique update to the Store by an Updater.

type Updater 

type Updater interface {
	// Name is a unique name for this updater.
	//
	// The name preferably indicates the vendor who implemented it and the data
	// source it's fetching and interpreting.
	//
	// For Enrichers, this must be paired with an Enricher using the same value.
	Name() string
	// Fetch
	//
	// When called, the function should determine if new security advisory data
	// is available. A Fingerprint may be passed into in order for the Fetcher to
	// determine if the content has changed.
	//
	// If it has, the entirety of the database should be written to the provided
	// zip.Writer.
	//
	// If the content has not changed, ErrUnchanged should be returned.
	Fetch(context.Context, *zip.Writer, Fingerprint, *http.Client) (Fingerprint, error)
}

Updater is the interface for fetching security advisory information.

An Updater should implement at least one of the Parser interfaces.

type UpdaterFactory 

type UpdaterFactory interface {
	// Name is used to determine what configuration to use when calling Create.
	Name() string
	// Create is called whenever Updaters are needed to run.
	//
	// The Updater runner makes no assumptions about the lifecycle of the
	// updaters, so implementations may construct new objects on every call, or
	// create a set once and return it repeatedly.
	Create(context.Context, ConfigUnmarshaler) ([]Updater, error)
}

UpdaterFactory is called to construct new Updaters.

type Vulnerability 

type Vulnerability struct {
	Issued         time.Time
	Name           string
	Description    string
	FixedInVersion string
	Severity       Severity
	Links          []string
	Package        []int // need at least one entry
	Range          types.Range
	ArchOperation  types.ArchOp
	Distribution   int // optional, -1 to omit
	Repository     int // optional, -1 to omit
}

Vulnerability is all per-vulnerability information.

type VulnerabilityParser 

type VulnerabilityParser interface {
	ParseVulnerability(context.Context, fs.FS) (*ParsedVulnerabilities, error)
}

VulnerabilityParser takes a provided fs and reports the Vulnerabilites found.

The returned ParsedVulnerabilites object may have its "Updater" member changed to match the value reported by the Name method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.