clair/severity.go

140 lines
4.0 KiB
Go
Raw Normal View History

// Copyright 2017 clair authors
2015-11-13 19:11:28 +00:00
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package clair
2015-11-13 19:11:28 +00:00
import (
"database/sql/driver"
"errors"
"strings"
)
var (
// ErrFailedToParseSeverity is the error returned when a severity could not
// be parsed from a string.
ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
)
// Severity defines a standard scale for measuring the severity of a
// vulnerability.
type Severity string
2015-11-13 19:11:28 +00:00
const (
// Unknown is either a security problem that has not been
// assigned to a priority yet or a priority that our system
// did not recognize.
Unknown Severity = "Unknown"
2015-11-13 19:11:28 +00:00
// Negligible is technically a security problem, but is
// only theoretical in nature, requires a very special
// situation, has almost no install base, or does no real
// damage. These tend not to get backport from upstreams,
// and will likely not be included in security updates unless
// there is an easy fix and some other issue causes an update.
Negligible Severity = "Negligible"
2015-11-13 19:11:28 +00:00
// Low is a security problem, but is hard to
// exploit due to environment, requires a user-assisted
// attack, a small install base, or does very little damage.
// These tend to be included in security updates only when
// higher priority issues require an update, or if many
// low priority issues have built up.
Low Severity = "Low"
2015-11-13 19:11:28 +00:00
// Medium is a real security problem, and is exploitable
// for many people. Includes network daemon denial of service
// attacks, cross-site scripting, and gaining user privileges.
// Updates should be made soon for this priority of issue.
Medium Severity = "Medium"
2015-11-13 19:11:28 +00:00
// High is a real problem, exploitable for many people in a default
// installation. Includes serious remote denial of services,
// local root privilege escalations, or data loss.
High Severity = "High"
2015-11-13 19:11:28 +00:00
// Critical is a world-burning problem, exploitable for nearly all people
// in a default installation of Linux. Includes remote root
// privilege escalations, or massive data loss.
Critical Severity = "Critical"
2015-11-13 19:11:28 +00:00
// Defcon1 is a Critical problem which has been manually highlighted by
// the team. It requires an immediate attention.
Defcon1 Severity = "Defcon1"
2015-11-13 19:11:28 +00:00
)
// Severities lists all known severities, ordered from lowest to highest.
var Severities = []Severity{
Unknown,
Negligible,
Low,
Medium,
High,
Critical,
Defcon1,
}
2015-11-13 19:11:28 +00:00
// NewSeverity attempts to parse a string into a standard Severity value.
func NewSeverity(s string) (Severity, error) {
for _, ss := range Severities {
if strings.EqualFold(s, string(ss)) {
return ss, nil
2015-11-13 19:11:28 +00:00
}
}
return Unknown, ErrFailedToParseSeverity
2015-11-13 19:11:28 +00:00
}
// Compare determines the equality of two severities.
//
// If the severities are equal, returns 0.
// If the receiever is less, returns -1.
// If the receiver is greater, returns 1.
func (s Severity) Compare(s2 Severity) int {
2015-11-13 19:11:28 +00:00
var i1, i2 int
for i1 = 0; i1 < len(Severities); i1 = i1 + 1 {
if s == Severities[i1] {
2015-11-13 19:11:28 +00:00
break
}
}
for i2 = 0; i2 < len(Severities); i2 = i2 + 1 {
if s2 == Severities[i2] {
2015-11-13 19:11:28 +00:00
break
}
}
return i1 - i2
}
// Scan implements the database/sql.Scanner interface.
func (s *Severity) Scan(value interface{}) error {
val, ok := value.([]byte)
if !ok {
return errors.New("could not scan a Severity from a non-string input")
}
var err error
*s, err = NewSeverity(string(val))
if err != nil {
return err
}
return nil
}
// Value implements the database/sql/driver.Valuer interface.
func (s Severity) Value() (driver.Value, error) {
return string(s), nil
}