From 1fee5201f2d127efca9602f1691f290a1df2e05d Mon Sep 17 00:00:00 2001 From: aidenwang Date: Fri, 8 Jul 2022 17:17:44 -0700 Subject: [PATCH] temp --- pkg/check-depdiff/dependencies.go | 5 -- pkg/check-depdiff/vulnerabilities.go | 92 ---------------------------- 2 files changed, 97 deletions(-) delete mode 100644 pkg/check-depdiff/vulnerabilities.go diff --git a/pkg/check-depdiff/dependencies.go b/pkg/check-depdiff/dependencies.go index 2ec62820dc1..bfdb060897f 100644 --- a/pkg/check-depdiff/dependencies.go +++ b/pkg/check-depdiff/dependencies.go @@ -35,11 +35,6 @@ func (ct *ChangeType) IsValid() bool { // Dependency is a dependency. type Dependency struct { - // // IsDirect suggests if the dependency is a direct dependency of a code commit. - // TODO: IsDirect remains a future feature since the current GitHub Dependency Review API - // mixes up direct and indirect dependencies in manifest files of different ecosystems. - IsDirect bool - // ChangeType indicates whether the dependency is added, updated, or removed. ChangeType ChangeType `json:"change_type"` diff --git a/pkg/check-depdiff/vulnerabilities.go b/pkg/check-depdiff/vulnerabilities.go deleted file mode 100644 index 646c63aeea0..00000000000 --- a/pkg/check-depdiff/vulnerabilities.go +++ /dev/null @@ -1,92 +0,0 @@ -// Copyright 2022 Security Scorecard Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package depdiff - -import ( - "time" -) - -// SeverityLevel is the level of severity of a vulnerability. -type SeverityLevel string - -const ( - Critical SeverityLevel = "CRITICAL" - High SeverityLevel = "HIGH" - Medium SeverityLevel = "MEDIUM" - Moderate SeverityLevel = "MODERATE" - Low SeverityLevel = "LOW" - None SeverityLevel = "NONE" - Unknown SeverityLevel = "UNKNOWN" -) - -// IsValid determines if a SeverityLevel is valid. -func (sl *SeverityLevel) IsValid() bool { - switch *sl { - case Critical, High, Medium, Moderate, Low, None, Unknown: - return true - default: - return false - } -} - -// Source is an authoritative source of a vulnerability. -type Source string - -const ( - GHSA Source = "GHSA" - NSWG Source = "NSWG" - OSV Source = "OSV" -) - -// IsValid determines if a Source is valid. -func (src *Source) IsValid() bool { - switch *src { - case GHSA, NSWG, OSV: - return true - default: - return false - } -} - -// Vulnerability is a security vulnerability of a dependency. -type Vulnerability struct { - // Source is the source of a vulnerability. - Source string `bigquery:"Source"` - - // ID is the identifier of a vulnerability. - ID string `json:"advisory_ghsa_id" bigquery:"SourceID"` - - // SourceURL is the source URL of a vulnerability. - SourceURL string `json:"advisory_url" bigquery:"SourceURL"` - - // Title is the text summary of a vulnerability. - Title string `json:"advisory_summary" bigquery:"Title"` - - // Description is a long text paragraph of a vulnerability. - Description string `json:"description" bigquery:"Description"` - - // Score is the score of a vulnerability given by an authoritative src. - // TODO: this is not a version-zero property and will be included in future versions. - // Score bigquery.NullFloat64 `bigquery:"Score"` - - // GitHubSeverity is the severity level of a vulnerability determined by GitHub. - GitHubSeverity SeverityLevel `json:"github_severity" bigquery:"GitHubSeverity"` - - // ReferenceURLs include all URLs that are related to a vulnerability. - ReferenceURLs []string `json:"reference_urls" bigquery:"ReferenceURLs"` - - // DisclosedTime is the time when a vulenrability is publicly disclosed. - DisclosedTime time.Time `json:"disclosed_time" bigquery:"Disclosed"` -}