Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding advisory model #473

Merged
merged 33 commits into from
Oct 25, 2023
Merged

Adding advisory model #473

Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
a1ea10b
feat: added model for a CSAF advisory
cintek Sep 1, 2023
96608a0
Move defer.Close to right position.
s-l-teichmann Sep 2, 2023
e821683
Add generator for CVSS enums
s-l-teichmann Sep 2, 2023
11c1a2c
Merge pull request #1 from s-l-teichmann/close-load-advisory
cintek Sep 4, 2023
12d2464
Merge pull request #2 from s-l-teichmann/generate-cvss-enums
cintek Sep 4, 2023
f59a8cc
use generated types
cintek Sep 4, 2023
4fc2fd9
added omitempty for cvss structs
cintek Sep 4, 2023
3acabdf
reusing TLPLabel and Category from models.go
cintek Sep 4, 2023
7f36ecb
added missing types for CVSS2 + changed variable names for more consi…
cintek Sep 5, 2023
22ef2a9
Unexport patterns
s-l-teichmann Sep 5, 2023
58bad8a
Merge pull request #3 from s-l-teichmann/unexport-patterns
cintek Sep 5, 2023
f45d273
fixed versionPattern
cintek Sep 5, 2023
b03df55
added explanation for cvss3VectorStringPattern
cintek Sep 6, 2023
4206c2e
only using enums from CVSS 3.0
cintek Sep 6, 2023
dc41aae
use up-to-date schema for CVSS 3.0
cintek Sep 7, 2023
5a3661e
use type FileHashValue
cintek Sep 8, 2023
f868b13
added function to validate document
cintek Sep 8, 2023
ed42f19
added function to validate ProductTree
cintek Sep 8, 2023
4da9f67
Distribute the validation to the types to reduce the overall complexity.
s-l-teichmann Sep 9, 2023
bdd7f24
fix: product tree properties
cintek Sep 11, 2023
094fe37
Merge branch 'main' into cleanup-validation
cintek Sep 12, 2023
f145a63
Merge pull request #4 from s-l-teichmann/cleanup-validation
cintek Sep 12, 2023
b5db976
completed validation of product tree
cintek Sep 12, 2023
c8f1361
added validation for vulnerabilites
cintek Sep 12, 2023
37cdda7
dont use pointer for lists of elements
cintek Sep 13, 2023
20b2bd2
Fix typo in comment.
s-l-teichmann Sep 13, 2023
b3332cf
Merge pull request #5 from s-l-teichmann/fix-lint
cintek Sep 13, 2023
5f25966
Add new binary, the searcher(, the main and docs) from https://github…
Oct 12, 2023
c05a402
Merge branch 'csaf-poc:main' into main
cintek Oct 12, 2023
226dc96
Merge branch 'main' into csaf_searcher
Oct 18, 2023
d9e5792
Added csaf_searcher to README
Oct 18, 2023
0b5c7a2
Merge pull request #6 from cintek/csaf_searcher
cintek Oct 18, 2023
5215d78
Adjust requirement
Oct 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,12 @@ Download the binaries from the most recent release assets on Github.

Binaries will be placed in directories named like `bin-linux-amd64/` and `bin-windows-amd64/`.

- Maintainers only: No need to do this if you have cloned this repository for unmodified usage only.
```
go generate ./...
```
will update the machine generated code.


### Setup (Trusted Provider)

Expand Down
1,646 changes: 1,646 additions & 0 deletions csaf/advisory.go
View file
Open in desktop

Large diffs are not rendered by default.

314 changes: 314 additions & 0 deletions csaf/cvss20enums.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,314 @@
// This file is Free Software under the MIT License
// without warranty, see README.md and LICENSES/MIT.txt for details.
//
// SPDX-License-Identifier: MIT
//
// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
//
// THIS FILE IS MACHINE GENERATED. EDIT WITH CARE!

package csaf

// CVSS20AccessComplexity represents the accessComplexityType in CVSS20.
type CVSS20AccessComplexity string

const (
// CVSS20AccessComplexityHigh is a constant for "HIGH".
CVSS20AccessComplexityHigh CVSS20AccessComplexity = "HIGH"
// CVSS20AccessComplexityMedium is a constant for "MEDIUM".
CVSS20AccessComplexityMedium CVSS20AccessComplexity = "MEDIUM"
// CVSS20AccessComplexityLow is a constant for "LOW".
CVSS20AccessComplexityLow CVSS20AccessComplexity = "LOW"
)

var cvss20AccessComplexityPattern = alternativesUnmarshal(
string(CVSS20AccessComplexityHigh),
string(CVSS20AccessComplexityMedium),
string(CVSS20AccessComplexityLow),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20AccessComplexity) UnmarshalText(data []byte) error {
s, err := cvss20AccessComplexityPattern(data)
if err == nil {
*e = CVSS20AccessComplexity(s)
}
return err
}

// CVSS20AccessVector represents the accessVectorType in CVSS20.
type CVSS20AccessVector string

const (
// CVSS20AccessVectorNetwork is a constant for "NETWORK".
CVSS20AccessVectorNetwork CVSS20AccessVector = "NETWORK"
// CVSS20AccessVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".
CVSS20AccessVectorAdjacentNetwork CVSS20AccessVector = "ADJACENT_NETWORK"
// CVSS20AccessVectorLocal is a constant for "LOCAL".
CVSS20AccessVectorLocal CVSS20AccessVector = "LOCAL"
)

var cvss20AccessVectorPattern = alternativesUnmarshal(
string(CVSS20AccessVectorNetwork),
string(CVSS20AccessVectorAdjacentNetwork),
string(CVSS20AccessVectorLocal),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20AccessVector) UnmarshalText(data []byte) error {
s, err := cvss20AccessVectorPattern(data)
if err == nil {
*e = CVSS20AccessVector(s)
}
return err
}

// CVSS20Authentication represents the authenticationType in CVSS20.
type CVSS20Authentication string

const (
// CVSS20AuthenticationMultiple is a constant for "MULTIPLE".
CVSS20AuthenticationMultiple CVSS20Authentication = "MULTIPLE"
// CVSS20AuthenticationSingle is a constant for "SINGLE".
CVSS20AuthenticationSingle CVSS20Authentication = "SINGLE"
// CVSS20AuthenticationNone is a constant for "NONE".
CVSS20AuthenticationNone CVSS20Authentication = "NONE"
)

var cvss20AuthenticationPattern = alternativesUnmarshal(
string(CVSS20AuthenticationMultiple),
string(CVSS20AuthenticationSingle),
string(CVSS20AuthenticationNone),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20Authentication) UnmarshalText(data []byte) error {
s, err := cvss20AuthenticationPattern(data)
if err == nil {
*e = CVSS20Authentication(s)
}
return err
}

// CVSS20CiaRequirement represents the ciaRequirementType in CVSS20.
type CVSS20CiaRequirement string

const (
// CVSS20CiaRequirementLow is a constant for "LOW".
CVSS20CiaRequirementLow CVSS20CiaRequirement = "LOW"
// CVSS20CiaRequirementMedium is a constant for "MEDIUM".
CVSS20CiaRequirementMedium CVSS20CiaRequirement = "MEDIUM"
// CVSS20CiaRequirementHigh is a constant for "HIGH".
CVSS20CiaRequirementHigh CVSS20CiaRequirement = "HIGH"
// CVSS20CiaRequirementNotDefined is a constant for "NOT_DEFINED".
CVSS20CiaRequirementNotDefined CVSS20CiaRequirement = "NOT_DEFINED"
)

var cvss20CiaRequirementPattern = alternativesUnmarshal(
string(CVSS20CiaRequirementLow),
string(CVSS20CiaRequirementMedium),
string(CVSS20CiaRequirementHigh),
string(CVSS20CiaRequirementNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20CiaRequirement) UnmarshalText(data []byte) error {
s, err := cvss20CiaRequirementPattern(data)
if err == nil {
*e = CVSS20CiaRequirement(s)
}
return err
}

// CVSS20Cia represents the ciaType in CVSS20.
type CVSS20Cia string

const (
// CVSS20CiaNone is a constant for "NONE".
CVSS20CiaNone CVSS20Cia = "NONE"
// CVSS20CiaPartial is a constant for "PARTIAL".
CVSS20CiaPartial CVSS20Cia = "PARTIAL"
// CVSS20CiaComplete is a constant for "COMPLETE".
CVSS20CiaComplete CVSS20Cia = "COMPLETE"
)

var cvss20CiaPattern = alternativesUnmarshal(
string(CVSS20CiaNone),
string(CVSS20CiaPartial),
string(CVSS20CiaComplete),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20Cia) UnmarshalText(data []byte) error {
s, err := cvss20CiaPattern(data)
if err == nil {
*e = CVSS20Cia(s)
}
return err
}

// CVSS20CollateralDamagePotential represents the collateralDamagePotentialType in CVSS20.
type CVSS20CollateralDamagePotential string

const (
// CVSS20CollateralDamagePotentialNone is a constant for "NONE".
CVSS20CollateralDamagePotentialNone CVSS20CollateralDamagePotential = "NONE"
// CVSS20CollateralDamagePotentialLow is a constant for "LOW".
CVSS20CollateralDamagePotentialLow CVSS20CollateralDamagePotential = "LOW"
// CVSS20CollateralDamagePotentialLowMedium is a constant for "LOW_MEDIUM".
CVSS20CollateralDamagePotentialLowMedium CVSS20CollateralDamagePotential = "LOW_MEDIUM"
// CVSS20CollateralDamagePotentialMediumHigh is a constant for "MEDIUM_HIGH".
CVSS20CollateralDamagePotentialMediumHigh CVSS20CollateralDamagePotential = "MEDIUM_HIGH"
// CVSS20CollateralDamagePotentialHigh is a constant for "HIGH".
CVSS20CollateralDamagePotentialHigh CVSS20CollateralDamagePotential = "HIGH"
// CVSS20CollateralDamagePotentialNotDefined is a constant for "NOT_DEFINED".
CVSS20CollateralDamagePotentialNotDefined CVSS20CollateralDamagePotential = "NOT_DEFINED"
)

var cvss20CollateralDamagePotentialPattern = alternativesUnmarshal(
string(CVSS20CollateralDamagePotentialNone),
string(CVSS20CollateralDamagePotentialLow),
string(CVSS20CollateralDamagePotentialLowMedium),
string(CVSS20CollateralDamagePotentialMediumHigh),
string(CVSS20CollateralDamagePotentialHigh),
string(CVSS20CollateralDamagePotentialNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20CollateralDamagePotential) UnmarshalText(data []byte) error {
s, err := cvss20CollateralDamagePotentialPattern(data)
if err == nil {
*e = CVSS20CollateralDamagePotential(s)
}
return err
}

// CVSS20Exploitability represents the exploitabilityType in CVSS20.
type CVSS20Exploitability string

const (
// CVSS20ExploitabilityUnproven is a constant for "UNPROVEN".
CVSS20ExploitabilityUnproven CVSS20Exploitability = "UNPROVEN"
// CVSS20ExploitabilityProofOfConcept is a constant for "PROOF_OF_CONCEPT".
CVSS20ExploitabilityProofOfConcept CVSS20Exploitability = "PROOF_OF_CONCEPT"
// CVSS20ExploitabilityFunctional is a constant for "FUNCTIONAL".
CVSS20ExploitabilityFunctional CVSS20Exploitability = "FUNCTIONAL"
// CVSS20ExploitabilityHigh is a constant for "HIGH".
CVSS20ExploitabilityHigh CVSS20Exploitability = "HIGH"
// CVSS20ExploitabilityNotDefined is a constant for "NOT_DEFINED".
CVSS20ExploitabilityNotDefined CVSS20Exploitability = "NOT_DEFINED"
)

var cvss20ExploitabilityPattern = alternativesUnmarshal(
string(CVSS20ExploitabilityUnproven),
string(CVSS20ExploitabilityProofOfConcept),
string(CVSS20ExploitabilityFunctional),
string(CVSS20ExploitabilityHigh),
string(CVSS20ExploitabilityNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20Exploitability) UnmarshalText(data []byte) error {
s, err := cvss20ExploitabilityPattern(data)
if err == nil {
*e = CVSS20Exploitability(s)
}
return err
}

// CVSS20RemediationLevel represents the remediationLevelType in CVSS20.
type CVSS20RemediationLevel string

const (
// CVSS20RemediationLevelOfficialFix is a constant for "OFFICIAL_FIX".
CVSS20RemediationLevelOfficialFix CVSS20RemediationLevel = "OFFICIAL_FIX"
// CVSS20RemediationLevelTemporaryFix is a constant for "TEMPORARY_FIX".
CVSS20RemediationLevelTemporaryFix CVSS20RemediationLevel = "TEMPORARY_FIX"
// CVSS20RemediationLevelWorkaround is a constant for "WORKAROUND".
CVSS20RemediationLevelWorkaround CVSS20RemediationLevel = "WORKAROUND"
// CVSS20RemediationLevelUnavailable is a constant for "UNAVAILABLE".
CVSS20RemediationLevelUnavailable CVSS20RemediationLevel = "UNAVAILABLE"
// CVSS20RemediationLevelNotDefined is a constant for "NOT_DEFINED".
CVSS20RemediationLevelNotDefined CVSS20RemediationLevel = "NOT_DEFINED"
)

var cvss20RemediationLevelPattern = alternativesUnmarshal(
string(CVSS20RemediationLevelOfficialFix),
string(CVSS20RemediationLevelTemporaryFix),
string(CVSS20RemediationLevelWorkaround),
string(CVSS20RemediationLevelUnavailable),
string(CVSS20RemediationLevelNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20RemediationLevel) UnmarshalText(data []byte) error {
s, err := cvss20RemediationLevelPattern(data)
if err == nil {
*e = CVSS20RemediationLevel(s)
}
return err
}

// CVSS20ReportConfidence represents the reportConfidenceType in CVSS20.
type CVSS20ReportConfidence string

const (
// CVSS20ReportConfidenceUnconfirmed is a constant for "UNCONFIRMED".
CVSS20ReportConfidenceUnconfirmed CVSS20ReportConfidence = "UNCONFIRMED"
// CVSS20ReportConfidenceUncorroborated is a constant for "UNCORROBORATED".
CVSS20ReportConfidenceUncorroborated CVSS20ReportConfidence = "UNCORROBORATED"
// CVSS20ReportConfidenceConfirmed is a constant for "CONFIRMED".
CVSS20ReportConfidenceConfirmed CVSS20ReportConfidence = "CONFIRMED"
// CVSS20ReportConfidenceNotDefined is a constant for "NOT_DEFINED".
CVSS20ReportConfidenceNotDefined CVSS20ReportConfidence = "NOT_DEFINED"
)

var cvss20ReportConfidencePattern = alternativesUnmarshal(
string(CVSS20ReportConfidenceUnconfirmed),
string(CVSS20ReportConfidenceUncorroborated),
string(CVSS20ReportConfidenceConfirmed),
string(CVSS20ReportConfidenceNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20ReportConfidence) UnmarshalText(data []byte) error {
s, err := cvss20ReportConfidencePattern(data)
if err == nil {
*e = CVSS20ReportConfidence(s)
}
return err
}

// CVSS20TargetDistribution represents the targetDistributionType in CVSS20.
type CVSS20TargetDistribution string

const (
// CVSS20TargetDistributionNone is a constant for "NONE".
CVSS20TargetDistributionNone CVSS20TargetDistribution = "NONE"
// CVSS20TargetDistributionLow is a constant for "LOW".
CVSS20TargetDistributionLow CVSS20TargetDistribution = "LOW"
// CVSS20TargetDistributionMedium is a constant for "MEDIUM".
CVSS20TargetDistributionMedium CVSS20TargetDistribution = "MEDIUM"
// CVSS20TargetDistributionHigh is a constant for "HIGH".
CVSS20TargetDistributionHigh CVSS20TargetDistribution = "HIGH"
// CVSS20TargetDistributionNotDefined is a constant for "NOT_DEFINED".
CVSS20TargetDistributionNotDefined CVSS20TargetDistribution = "NOT_DEFINED"
)

var cvss20TargetDistributionPattern = alternativesUnmarshal(
string(CVSS20TargetDistributionNone),
string(CVSS20TargetDistributionLow),
string(CVSS20TargetDistributionMedium),
string(CVSS20TargetDistributionHigh),
string(CVSS20TargetDistributionNotDefined),
)

// UnmarshalText implements the [encoding.TextUnmarshaler] interface.
func (e *CVSS20TargetDistribution) UnmarshalText(data []byte) error {
s, err := cvss20TargetDistributionPattern(data)
if err == nil {
*e = CVSS20TargetDistribution(s)
}
return err
}
Loading
Loading