-
Notifications
You must be signed in to change notification settings - Fork 0
/
references.go
146 lines (116 loc) · 4.2 KB
/
references.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
package osv_schema
import (
"database/sql"
"database/sql/driver"
"encoding/json"
"fmt"
)
// ------------------------------------------------ ---------------------------------------------------------------------
type References []*Reference
var _ sql.Scanner = &References{}
var _ driver.Valuer = &References{}
func (x References) FilterByType(referenceTypes ...ReferenceType) References {
if len(referenceTypes) == 0 {
return nil
}
referenceTypeSet := make(map[ReferenceType]struct{}, 0)
for _, r := range referenceTypes {
referenceTypeSet[r] = struct{}{}
}
slice := make([]*Reference, 0)
for _, r := range x {
if _, exists := referenceTypeSet[r.Type]; exists {
slice = append(slice, r)
}
}
return slice
}
func (x *References) Scan(src any) error {
if src == nil {
return nil
}
bytes, ok := src.([]byte)
if !ok {
return fmt.Errorf("scan error")
}
if len(bytes) == 0 {
return nil
}
return json.Unmarshal(bytes, &x)
}
func (x References) Value() (driver.Value, error) {
if len(x) == 0 {
return nil, nil
}
marshal, err := json.Marshal(x)
if err != nil {
return nil, err
}
if len(marshal) == 0 {
return nil, nil
}
return string(marshal), nil
}
// ------------------------------------------------ ---------------------------------------------------------------------
type ReferenceType string
const (
// ReferenceTypeAdvisory A published security advisory for the vulnerability.
ReferenceTypeAdvisory ReferenceType = "ADVISORY"
// ReferenceTypeArticle An article or blog post describing the vulnerability.
ReferenceTypeArticle ReferenceType = "ARTICLE"
// ReferenceTypeDetection A tool, script, scanner, or other mechanism that allows for detection of the vulnerability
// in production environments. e.g. YARA rules, hashes, virus signature, or other scanners.
ReferenceTypeDetection ReferenceType = "DETECTION"
// ReferenceTypeDiscussion A social media discussion regarding the vulnerability, e.g. a Twitter, Mastodon, Hacker News,
// or Reddit thread.
ReferenceTypeDiscussion ReferenceType = "DISCUSSION"
// ReferenceTypeReport A report, typically on a bug or issue tracker, of the vulnerability.
ReferenceTypeReport ReferenceType = "REPORT"
// ReferenceTypeFix A source code browser link to the fix (e.g., a GitHub commit) Note that the fix type is meant for
// viewing by people using web browsers. Programs interested in analyzing the exact commit range would do better to use
// the GIT-typed affected[].ranges entries (described above).
ReferenceTypeFix ReferenceType = "FIX"
// ReferenceTypeIntroduced A source code browser link to the introduction of the vulnerability (e.g., a GitHub commit)
// Note that the introduced type is meant for viewing by people using web browsers. Programs interested in analyzing the
// exact commit range would do better to use the GIT-typed affected[].ranges entries (described above).
ReferenceTypeIntroduced ReferenceType = "introduced"
// ReferenceTypePackage A home web page for the package.
ReferenceTypePackage ReferenceType = "PACKAGE"
// ReferenceTypeEvidence A demonstration of the validity of a vulnerability claim, e.g. app.any.run replaying the
// exploitation of the vulnerability.
ReferenceTypeEvidence ReferenceType = "evidence"
// ReferenceTypeWeb A web page of some unspecified kind.
ReferenceTypeWeb ReferenceType = "WEB"
)
// ------------------------------------------------- --------------------------------------------------------------------
// Reference
// Example:
//
// {
// "type": "WEB",
// "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw"
// }
type Reference struct {
// 引用的类型
Type ReferenceType `mapstructure:"type" json:"type" yaml:"type" db:"type" bson:"type" gorm:"column:type"`
// 具体的引用链接
URL string `mapstructure:"url" json:"url" yaml:"url" db:"url" bson:"url" gorm:"column:url"`
}
var _ sql.Scanner = &Reference{}
var _ driver.Valuer = &Reference{}
func (x *Reference) Value() (driver.Value, error) {
if x == nil {
return nil, nil
}
return json.Marshal(x)
}
func (x *Reference) Scan(src any) error {
if src == nil {
return nil
}
bytes, ok := src.([]byte)
if !ok {
return wrapScanError(src, x)
}
return json.Unmarshal(bytes, &x)
}