-
Notifications
You must be signed in to change notification settings - Fork 1
/
vulnerability.go
93 lines (81 loc) · 3.67 KB
/
vulnerability.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package model
import (
"encoding/json"
"fmt"
sqlite "github.com/nextlinux/govulners/govulners/db/internal/sqlite"
v4 "github.com/nextlinux/govulners/govulners/db/v4"
)
const (
VulnerabilityTableName = "vulnerability"
GetVulnerabilityIndexName = "get_vulnerability_index"
)
// VulnerabilityModel is a struct used to serialize db.Vulnerability information into a sqlite3 DB.
type VulnerabilityModel struct {
PK uint64 `gorm:"primary_key;auto_increment;"`
ID string `gorm:"column:id"`
PackageName string `gorm:"column:package_name; index:get_vulnerability_index"`
Namespace string `gorm:"column:namespace; index:get_vulnerability_index"`
VersionConstraint string `gorm:"column:version_constraint"`
VersionFormat string `gorm:"column:version_format"`
CPEs sqlite.NullString `gorm:"column:cpes; default:null"`
RelatedVulnerabilities sqlite.NullString `gorm:"column:related_vulnerabilities; default:null"`
FixedInVersions sqlite.NullString `gorm:"column:fixed_in_versions; default:null"`
FixState string `gorm:"column:fix_state"`
Advisories sqlite.NullString `gorm:"column:advisories; default:null"`
}
// NewVulnerabilityModel generates a new model from a db.Vulnerability struct.
func NewVulnerabilityModel(vulnerability v4.Vulnerability) VulnerabilityModel {
return VulnerabilityModel{
ID: vulnerability.ID,
PackageName: vulnerability.PackageName,
Namespace: vulnerability.Namespace,
VersionConstraint: vulnerability.VersionConstraint,
VersionFormat: vulnerability.VersionFormat,
FixedInVersions: sqlite.ToNullString(vulnerability.Fix.Versions),
FixState: string(vulnerability.Fix.State),
Advisories: sqlite.ToNullString(vulnerability.Advisories),
CPEs: sqlite.ToNullString(vulnerability.CPEs),
RelatedVulnerabilities: sqlite.ToNullString(vulnerability.RelatedVulnerabilities),
}
}
// TableName returns the table which all db.Vulnerability model instances are stored into.
func (VulnerabilityModel) TableName() string {
return VulnerabilityTableName
}
// Inflate generates a db.Vulnerability object from the serialized model instance.
func (m *VulnerabilityModel) Inflate() (v4.Vulnerability, error) {
var cpes []string
err := json.Unmarshal(m.CPEs.ToByteSlice(), &cpes)
if err != nil {
return v4.Vulnerability{}, fmt.Errorf("unable to unmarshal CPEs (%+v): %w", m.CPEs, err)
}
var related []v4.VulnerabilityReference
err = json.Unmarshal(m.RelatedVulnerabilities.ToByteSlice(), &related)
if err != nil {
return v4.Vulnerability{}, fmt.Errorf("unable to unmarshal related vulnerabilities (%+v): %w", m.RelatedVulnerabilities, err)
}
var advisories []v4.Advisory
err = json.Unmarshal(m.Advisories.ToByteSlice(), &advisories)
if err != nil {
return v4.Vulnerability{}, fmt.Errorf("unable to unmarshal advisories (%+v): %w", m.Advisories, err)
}
var versions []string
err = json.Unmarshal(m.FixedInVersions.ToByteSlice(), &versions)
if err != nil {
return v4.Vulnerability{}, fmt.Errorf("unable to unmarshal versions (%+v): %w", m.FixedInVersions, err)
}
return v4.Vulnerability{
ID: m.ID,
PackageName: m.PackageName,
Namespace: m.Namespace,
VersionConstraint: m.VersionConstraint,
VersionFormat: m.VersionFormat,
CPEs: cpes,
RelatedVulnerabilities: related,
Fix: v4.Fix{
Versions: versions,
State: v4.FixState(m.FixState),
},
Advisories: advisories,
}, nil
}