-
Notifications
You must be signed in to change notification settings - Fork 337
/
vulnerability.go
100 lines (91 loc) · 3.84 KB
/
vulnerability.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package models
import "time"
// Package identifies the affected code library or command provided by the
// package.
//
// See: https://ossf.github.io/osv-schema/#affectedpackage-field
type Package struct {
Ecosystem Ecosystem `json:"ecosystem,omitempty"`
Name string `json:"name,omitempty"`
Purl string `json:"purl,omitempty"`
}
// Event describes a single version that either:
//
// - Introduces a vulnerability: {"introduced": string}
// - Fixes a vulnerability: {"fixed": string}
// - Describes the last known affected version: {"last_affected": string}
// - Sets an upper limit on the range being described: {"limit": string}
//
// Event instances form part of a “timeline” of status changes for the affected
// package described by the Affected struct.
//
// See: https://ossf.github.io/osv-schema/#affectedrangesevents-fields
type Event struct {
Introduced string `json:"introduced,omitempty"`
Fixed string `json:"fixed,omitempty"`
LastAffected string `json:"last_affected,omitempty"`
Limit string `json:"limit,omitempty"`
}
// Range describes the affected range of given version for a specific package.
//
// See: https://ossf.github.io/osv-schema/#affectedranges-field
type Range struct {
Type RangeType `json:"type"`
Events []Event `json:"events"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}
// Severity is used to describe the severity of a vulnerability for an affected
// package using one or more quantitative scoring methods.
//
// See: https://ossf.github.io/osv-schema/#severity-field
type Severity struct {
Type SeverityType `json:"type"`
Score string `json:"score"`
}
// Affected describes an affected package version, meaning one instance that
// contains the vulnerability.
//
// See: https://ossf.github.io/osv-schema/#affected-fields
type Affected struct {
Package Package `json:"package"`
Severity []Severity `json:"severity,omitempty"`
Ranges []Range `json:"ranges,omitempty"`
Versions []string `json:"versions,omitempty"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
EcosystemSpecific map[string]interface{} `json:"ecosystem_specific,omitempty"`
}
// Reference links to additional information, advisories, issue tracker entries,
// and so on about the vulnerability itself.
//
// See: https://ossf.github.io/osv-schema/#references-field
type Reference struct {
Type ReferenceType `json:"type"`
URL string `json:"url"`
}
// Credit gives credit for the discovery, confirmation, patch, or other events
// in the life cycle of a vulnerability.
//
// See: https://ossf.github.io/osv-schema/#credits-fields
type Credit struct {
Name string `json:"name"`
Contact []string `json:"contact,omitempty"`
Type CreditType `json:"type"`
}
// Vulnerability is the core Open Source Vulnerability (OSV) data type.
//
// The full documentation for the schema is available at
// https://ossf.github.io/osv-schema.
type Vulnerability struct {
SchemaVersion string `json:"schema_version"`
ID string `json:"id"`
Modified time.Time `json:"modified"`
Published time.Time `json:"published"`
Aliases []string `json:"aliases,omitempty"`
Summary string `json:"summary"`
Details string `json:"details"`
Affected []Affected `json:"affected"`
Severity []Severity `json:"severity,omitempty"`
References []Reference `json:"references,omitempty"`
Credits []Credit `json:"credits,omitempty"`
DatabaseSpecific map[string]interface{} `json:"database_specific,omitempty"`
}