forked from quay/claircore
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnerability.go
43 lines (40 loc) · 1.69 KB
/
vulnerability.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package claircore
type Severity string
const (
Unknown Severity = "Unknown"
Negligible Severity = "Negligible"
Low Severity = "Low"
Medium Severity = "Medium"
High Severity = "High"
Critical Severity = "Critical"
Defcon1 Severity = "Defcon1"
)
type Vulnerability struct {
// unique ID of this vulnerability. this will be created as discovered by the library
// and used for persistence and hash map indexes
ID string `json:"id"`
// the updater that discovered this vulnerability
Updater string `json:"updater"`
// the name of the vulnerability. for example if the vulnerability exists in a CVE database this
// would the unique CVE name such as CVE-2017-11722
Name string `json:"name"`
// the description of the vulnerability
Description string `json:"description"`
// any links to more details about the vulnerability
Links string `json:"links"`
// the severity string retrieved from the security database
Severity string `json:"severity"`
// a normalized Severity type providing client guaranteed severity information
NormalizedSeverity Severity `json:"normalized_severity"`
// the package information associated with the vulnerability. ideally these fields can be matched
// to packages discovered by libindex PackageScanner structs.
Package *Package `json:"-"`
// the distribution information associated with the vulnerability.
Dist *Distribution `json:"-"`
// the repository information associated with the vulnerability
Repo *Repository `json:"-"`
// a string specifying the package version the fix was relased in
FixedInVersion string `json:"fixed_in_version"`
// Range describes the range of versions that are vulnerable.
Range *Range `json:"range,omitempty"`
}