forked from quay/claircore
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnerability.go
46 lines (43 loc) · 2.09 KB
/
vulnerability.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package claircore
import (
"context"
"time"
)
type Vulnerability struct {
// unique ID of this vulnerability. this will be created as discovered by the library
// and used for persistence and hash map indexes
ID string `json:"id"`
// the updater that discovered this vulnerability
Updater string `json:"updater"`
// the name of the vulnerability. for example if the vulnerability exists in a CVE database this
// would the unique CVE name such as CVE-2017-11722
Name string `json:"name"`
// the description of the vulnerability
Description string `json:"description"`
// the timestamp when vulnerability was issued
Issued time.Time `json:"issued"`
// any links to more details about the vulnerability
Links string `json:"links"`
// the severity string retrieved from the security database
Severity string `json:"severity"`
// a normalized Severity type providing client guaranteed severity information
NormalizedSeverity Severity `json:"normalized_severity"`
// the package information associated with the vulnerability. ideally these fields can be matched
// to packages discovered by libindex PackageScanner structs.
Package *Package `json:"package"`
// the distribution information associated with the vulnerability.
Dist *Distribution `json:"distribution,omitempty"`
// the repository information associated with the vulnerability
Repo *Repository `json:"repository,omitempty"`
// a string specifying the package version the fix was released in
FixedInVersion string `json:"fixed_in_version"`
// Range describes the range of versions that are vulnerable.
Range *Range `json:"range,omitempty"`
// ArchOperation indicates how the affected Package's "arch" should be
// compared.
ArchOperation ArchOp `json:"arch_op,omitempty"`
}
// CheckVulnernableFunc takes a vulnerability and an indexRecord and checks if the record is
// vulnerable to the vulnerability, it is by the Querier.AffectedManifests method and allows
// a backdoor to introduce application filtering logic into the DB layer.
type CheckVulnernableFunc func(ctx context.Context, record *IndexRecord, vuln *Vulnerability) (bool, error)