1package types 2 3import ( 4 "fmt" 5 "time" 6 7 "github.com/fatih/color" 8) 9 10type Severity int 11 12type VendorSeverity map[string]Severity 13 14type CVSS struct { 15 V2Vector string `json:"V2Vector,omitempty"` 16 V3Vector string `json:"V3Vector,omitempty"` 17 V2Score float64 `json:"V2Score,omitempty"` 18 V3Score float64 `json:"V3Score,omitempty"` 19} 20 21type CVSSVector struct { 22 V2 string `json:"v2,omitempty"` 23 V3 string `json:"v3,omitempty"` 24} 25 26type VendorCVSS map[string]CVSS 27type VendorVectors map[string]CVSSVector 28 29const ( 30 SeverityUnknown Severity = iota 31 SeverityLow 32 SeverityMedium 33 SeverityHigh 34 SeverityCritical 35) 36 37var ( 38 SeverityNames = []string{ 39 "UNKNOWN", 40 "LOW", 41 "MEDIUM", 42 "HIGH", 43 "CRITICAL", 44 } 45 SeverityColor = []func(a ...interface{}) string{ 46 color.New(color.FgCyan).SprintFunc(), 47 color.New(color.FgBlue).SprintFunc(), 48 color.New(color.FgYellow).SprintFunc(), 49 color.New(color.FgHiRed).SprintFunc(), 50 color.New(color.FgRed).SprintFunc(), 51 } 52) 53 54func NewSeverity(severity string) (Severity, error) { 55 for i, name := range SeverityNames { 56 if severity == name { 57 return Severity(i), nil 58 } 59 } 60 return SeverityUnknown, fmt.Errorf("unknown severity: %s", severity) 61} 62 63func CompareSeverityString(sev1, sev2 string) int { 64 s1, _ := NewSeverity(sev1) 65 s2, _ := NewSeverity(sev2) 66 return int(s2) - int(s1) 67} 68 69func ColorizeSeverity(severity string) string { 70 for i, name := range SeverityNames { 71 if severity == name { 72 return SeverityColor[i](severity) 73 } 74 } 75 return color.New(color.FgBlue).SprintFunc()(severity) 76} 77 78func (s Severity) String() string { 79 return SeverityNames[s] 80} 81 82type LastUpdated struct { 83 Date time.Time 84} 85type VulnerabilityDetail struct { 86 ID string `json:",omitempty"` // e.g. CVE-2019-8331, OSVDB-104365 87 CvssScore float64 `json:",omitempty"` 88 CvssVector string `json:",omitempty"` 89 CvssScoreV3 float64 `json:",omitempty"` 90 CvssVectorV3 string `json:",omitempty"` 91 Severity Severity `json:",omitempty"` 92 SeverityV3 Severity `json:",omitempty"` 93 CweIDs []string `json:",omitempty"` // e.g. CWE-78, CWE-89 94 References []string `json:",omitempty"` 95 Title string `json:",omitempty"` 96 Description string `json:",omitempty"` 97 PublishedDate *time.Time `json:",omitempty"` 98 LastModifiedDate *time.Time `json:",omitempty"` 99} 100 101type AdvisoryDetail struct { 102 PlatformName string 103 PackageName string 104 AdvisoryItem interface{} 105} 106 107type Advisory struct { 108 VulnerabilityID string `json:",omitempty"` 109 110 // for os package 111 FixedVersion string `json:",omitempty"` 112 113 // for library 114 // Some advisories provide VulnerableVersions only, others provide PatchedVersions and UnaffectedVersions 115 VulnerableVersions []string `json:",omitempty"` 116 PatchedVersions []string `json:",omitempty"` 117 UnaffectedVersions []string `json:",omitempty"` 118} 119 120type Vulnerability struct { 121 Title string `json:",omitempty"` 122 Description string `json:",omitempty"` 123 Severity string `json:",omitempty"` // Deprecated: Severity is only for backwards compatibility. Use VendorSeverity instead. 124 CweIDs []string `json:",omitempty"` // e.g. CWE-78, CWE-89 125 VendorSeverity VendorSeverity `json:",omitempty"` 126 VendorVectors VendorVectors `json:",omitempty"` // Deprecated: VendorVectors is only for backwards compatibility. Use CVSS instead. 127 CVSS VendorCVSS `json:",omitempty"` 128 References []string `json:",omitempty"` 129 PublishedDate *time.Time `json:",omitempty"` 130 LastModifiedDate *time.Time `json:",omitempty"` 131} 132 133type VulnSrc interface { 134 Update(dir string) (err error) 135 Get(release string, pkgName string) (advisories []Advisory, err error) 136} 137