Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Vulnerability ¶
type Vulnerability struct {
VulnerabilityID uuid.UUID `json:"vulnerabilityID" gorm:"Column:vulnerability_id" example:"00000000-0000-0000-0000-000000000000"`
Line string `json:"line" gorm:"Column:line" example:"1"`
Column string `json:"column" gorm:"Column:column" example:"1"`
Confidence confidence.Confidence `json:"confidence" gorm:"Column:confidence" example:"HIGH" enums:"HIGH,MEDIUM,LOW"`
File string `json:"file" gorm:"Column:file" example:"/deployments/cert.pem"`
Code string `json:"code" gorm:"Column:code" example:"-----BEGIN RSA PRIVATE KEY-----"`
Details string `` /* 374-byte string literal not displayed */
SecurityTool tools.Tool `` /* 239-byte string literal not displayed */
Language languages.Language `` /* 172-byte string literal not displayed */
Severity severities.Severity `json:"severity" gorm:"Column:severity" example:"CRITICAL" enums:"CRITICAL, HIGH, MEDIUM, LOW, INFO"`
Type vulnerability.Type `json:"type" gorm:"Column:type" example:"Vulnerability" enums:"Vulnerability, Risk Accepted, False Positive, Corrected"`
CWEs []string `json:"-" gorm:"-" example:"[\"https://cwe.mitre.org/data/definitions/000.html\"]"`
CVEs []string `json:"-" gorm:"-" example:"[\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-0000-00000\"]"`
Mitigation string `json:"-" gorm:"-" example:"Use a secret manager or environment variable"`
Reference string `json:"-" gorm:"-" example:"https://example.com"`
SafeExample string `json:"-" gorm:"-" example:"setPassword(env.get(\"HORUSEC_PASSWORD\"))"`
UnsafeExample string `json:"-" gorm:"-" example:"setPassword(\"s@f3P@a$$w0rd\")"`
CommitAuthor string `json:"commitAuthor" gorm:"Column:commit_author" example:"horusec"`
CommitEmail string `json:"commitEmail" gorm:"Column:commit_email" example:"[email protected]"`
CommitHash string `json:"commitHash" gorm:"Column:commit_hash" example:"a21fa164c00a15f3e91f5ee6659cb6a793b39a8d"`
CommitMessage string `json:"commitMessage" gorm:"Column:commit_message" example:"Initial commit"`
CommitDate string `json:"commitDate" gorm:"Column:commit_date" example:"2021-12-30"`
// RuleID is the rule id used to generate Vulnerability.
// This field can bem empty if Vulnerability was not generated from horusec-engine.
RuleID string `json:"rule_id" gorm:"-"`
// VulnHash is the vulnerability hash
VulnHash string `json:"vulnHash" gorm:"Column:vuln_hash" example:"8bcac7908eb950419537b91e19adc83ce2c9cbfdacf4f81157fdadfec11f7017"`
// DeprecatedHashes contains some hashes generated in different versions and in different ways, but which are
// still valid. This field exists only to avoid breaking changes to the users and will be removed in a future
// release. Until then, when a hash of this field is identified, an alert will be displayed to the user so
// that he can change this hash to the updated one, which is in the VulnHash field
// TODO: This will be removed after the release v2.10.0 of the Horusec CLI be released.
DeprecatedHashes []string `json:"deprecatedHashes" gorm:"-" example:""`
SecurityToolVersion string `json:"securityToolVersion" gorm:"-"`
SecurityToolInfoURI string `json:"securityToolInfoUri" gorm:"-"`
}
Vulnerability this struct represents a possible vulnerability and contains all necessary data to identify it. TODO: The fields CWEs, CVEs, Mitigation, Reference, SafeExample, UnsafeExample are going to be ignored until we start to fill the data into the engine rules. After completed it's necessary to add then into the json notation.
func (*Vulnerability) GenerateID ¶
func (v *Vulnerability) GenerateID()
func (*Vulnerability) GetTable ¶
func (v *Vulnerability) GetTable() string
func (*Vulnerability) SetSeverity ¶
func (v *Vulnerability) SetSeverity(severity severities.Severity)
func (*Vulnerability) SetType ¶
func (v *Vulnerability) SetType(vulnType vulnerability.Type)
Source Files
Click to show internal directories.
Click to hide internal directories.