parent
6e8e6ad26b
commit
9c63a63944
@ -0,0 +1,134 @@
|
|||||||
|
// Copyright 2017 clair authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package database
|
||||||
|
|
||||||
|
import (
|
||||||
|
"database/sql/driver"
|
||||||
|
"errors"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ErrFailedToParseSeverity is the error returned when a severity could not
|
||||||
|
// be parsed from a string.
|
||||||
|
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
|
||||||
|
|
||||||
|
// Severity defines a standard scale for measuring the severity of a
|
||||||
|
// vulnerability.
|
||||||
|
type Severity string
|
||||||
|
|
||||||
|
const (
|
||||||
|
// UnknownSeverity is either a security problem that has not been assigned to
|
||||||
|
// a priority yet or a priority that our system did not recognize.
|
||||||
|
UnknownSeverity Severity = "Unknown"
|
||||||
|
|
||||||
|
// NegligibleSeverity is technically a security problem, but is only
|
||||||
|
// theoretical in nature, requires a very special situation, has almost no
|
||||||
|
// install base, or does no real damage. These tend not to get backport from
|
||||||
|
// upstreams, and will likely not be included in security updates unless
|
||||||
|
// there is an easy fix and some other issue causes an update.
|
||||||
|
NegligibleSeverity Severity = "Negligible"
|
||||||
|
|
||||||
|
// LowSeverity is a security problem, but is hard to exploit due to
|
||||||
|
// environment, requires a user-assisted attack, a small install base, or
|
||||||
|
// does very little damage. These tend to be included in security updates
|
||||||
|
// only when higher priority issues require an update, or if many low
|
||||||
|
// priority issues have built up.
|
||||||
|
LowSeverity Severity = "Low"
|
||||||
|
|
||||||
|
// MediumSeverity is a real security problem, and is exploitable for many
|
||||||
|
// people. Includes network daemon denial of service attacks, cross-site
|
||||||
|
// scripting, and gaining user privileges. Updates should be made soon for
|
||||||
|
// this priority of issue.
|
||||||
|
MediumSeverity Severity = "Medium"
|
||||||
|
|
||||||
|
// HighSeverity is a real problem, exploitable for many people in a default
|
||||||
|
// installation. Includes serious remote denial of services, local root
|
||||||
|
// privilege escalations, or data loss.
|
||||||
|
HighSeverity Severity = "High"
|
||||||
|
|
||||||
|
// CriticalSeverity is a world-burning problem, exploitable for nearly all
|
||||||
|
// people in a default installation of Linux. Includes remote root privilege
|
||||||
|
// escalations, or massive data loss.
|
||||||
|
CriticalSeverity Severity = "Critical"
|
||||||
|
|
||||||
|
// Defcon1Severity is a Critical problem which has been manually highlighted
|
||||||
|
// by the team. It requires an immediate attention.
|
||||||
|
Defcon1Severity Severity = "Defcon1"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Severities lists all known severities, ordered from lowest to highest.
|
||||||
|
var Severities = []Severity{
|
||||||
|
UnknownSeverity,
|
||||||
|
NegligibleSeverity,
|
||||||
|
LowSeverity,
|
||||||
|
MediumSeverity,
|
||||||
|
HighSeverity,
|
||||||
|
CriticalSeverity,
|
||||||
|
Defcon1Severity,
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSeverity attempts to parse a string into a standard Severity value.
|
||||||
|
func NewSeverity(s string) (Severity, error) {
|
||||||
|
for _, ss := range Severities {
|
||||||
|
if strings.EqualFold(s, string(ss)) {
|
||||||
|
return ss, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return UnknownSeverity, ErrFailedToParseSeverity
|
||||||
|
}
|
||||||
|
|
||||||
|
// Compare determines the equality of two severities.
|
||||||
|
//
|
||||||
|
// If the severities are equal, returns 0.
|
||||||
|
// If the receiever is less, returns -1.
|
||||||
|
// If the receiver is greater, returns 1.
|
||||||
|
func (s Severity) Compare(s2 Severity) int {
|
||||||
|
var i1, i2 int
|
||||||
|
|
||||||
|
for i1 = 0; i1 < len(Severities); i1 = i1 + 1 {
|
||||||
|
if s == Severities[i1] {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for i2 = 0; i2 < len(Severities); i2 = i2 + 1 {
|
||||||
|
if s2 == Severities[i2] {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return i1 - i2
|
||||||
|
}
|
||||||
|
|
||||||
|
// Scan implements the database/sql.Scanner interface.
|
||||||
|
func (s *Severity) Scan(value interface{}) error {
|
||||||
|
val, ok := value.([]byte)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("could not scan a Severity from a non-string input")
|
||||||
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
*s, err = NewSeverity(string(val))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Value implements the database/sql/driver.Valuer interface.
|
||||||
|
func (s Severity) Value() (driver.Value, error) {
|
||||||
|
return string(s), nil
|
||||||
|
}
|
@ -1,139 +0,0 @@
|
|||||||
// Copyright 2017 clair authors
|
|
||||||
//
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package clair
|
|
||||||
|
|
||||||
import (
|
|
||||||
"database/sql/driver"
|
|
||||||
"errors"
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
// ErrFailedToParseSeverity is the error returned when a severity could not
|
|
||||||
// be parsed from a string.
|
|
||||||
ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
|
|
||||||
)
|
|
||||||
|
|
||||||
// Severity defines a standard scale for measuring the severity of a
|
|
||||||
// vulnerability.
|
|
||||||
type Severity string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// Unknown is either a security problem that has not been
|
|
||||||
// assigned to a priority yet or a priority that our system
|
|
||||||
// did not recognize.
|
|
||||||
Unknown Severity = "Unknown"
|
|
||||||
|
|
||||||
// Negligible is technically a security problem, but is
|
|
||||||
// only theoretical in nature, requires a very special
|
|
||||||
// situation, has almost no install base, or does no real
|
|
||||||
// damage. These tend not to get backport from upstreams,
|
|
||||||
// and will likely not be included in security updates unless
|
|
||||||
// there is an easy fix and some other issue causes an update.
|
|
||||||
Negligible Severity = "Negligible"
|
|
||||||
|
|
||||||
// Low is a security problem, but is hard to
|
|
||||||
// exploit due to environment, requires a user-assisted
|
|
||||||
// attack, a small install base, or does very little damage.
|
|
||||||
// These tend to be included in security updates only when
|
|
||||||
// higher priority issues require an update, or if many
|
|
||||||
// low priority issues have built up.
|
|
||||||
Low Severity = "Low"
|
|
||||||
|
|
||||||
// Medium is a real security problem, and is exploitable
|
|
||||||
// for many people. Includes network daemon denial of service
|
|
||||||
// attacks, cross-site scripting, and gaining user privileges.
|
|
||||||
// Updates should be made soon for this priority of issue.
|
|
||||||
Medium Severity = "Medium"
|
|
||||||
|
|
||||||
// High is a real problem, exploitable for many people in a default
|
|
||||||
// installation. Includes serious remote denial of services,
|
|
||||||
// local root privilege escalations, or data loss.
|
|
||||||
High Severity = "High"
|
|
||||||
|
|
||||||
// Critical is a world-burning problem, exploitable for nearly all people
|
|
||||||
// in a default installation of Linux. Includes remote root
|
|
||||||
// privilege escalations, or massive data loss.
|
|
||||||
Critical Severity = "Critical"
|
|
||||||
|
|
||||||
// Defcon1 is a Critical problem which has been manually highlighted by
|
|
||||||
// the team. It requires an immediate attention.
|
|
||||||
Defcon1 Severity = "Defcon1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Severities lists all known severities, ordered from lowest to highest.
|
|
||||||
var Severities = []Severity{
|
|
||||||
Unknown,
|
|
||||||
Negligible,
|
|
||||||
Low,
|
|
||||||
Medium,
|
|
||||||
High,
|
|
||||||
Critical,
|
|
||||||
Defcon1,
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewSeverity attempts to parse a string into a standard Severity value.
|
|
||||||
func NewSeverity(s string) (Severity, error) {
|
|
||||||
for _, ss := range Severities {
|
|
||||||
if strings.EqualFold(s, string(ss)) {
|
|
||||||
return ss, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return Unknown, ErrFailedToParseSeverity
|
|
||||||
}
|
|
||||||
|
|
||||||
// Compare determines the equality of two severities.
|
|
||||||
//
|
|
||||||
// If the severities are equal, returns 0.
|
|
||||||
// If the receiever is less, returns -1.
|
|
||||||
// If the receiver is greater, returns 1.
|
|
||||||
func (s Severity) Compare(s2 Severity) int {
|
|
||||||
var i1, i2 int
|
|
||||||
|
|
||||||
for i1 = 0; i1 < len(Severities); i1 = i1 + 1 {
|
|
||||||
if s == Severities[i1] {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
for i2 = 0; i2 < len(Severities); i2 = i2 + 1 {
|
|
||||||
if s2 == Severities[i2] {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return i1 - i2
|
|
||||||
}
|
|
||||||
|
|
||||||
// Scan implements the database/sql.Scanner interface.
|
|
||||||
func (s *Severity) Scan(value interface{}) error {
|
|
||||||
val, ok := value.([]byte)
|
|
||||||
if !ok {
|
|
||||||
return errors.New("could not scan a Severity from a non-string input")
|
|
||||||
}
|
|
||||||
|
|
||||||
var err error
|
|
||||||
*s, err = NewSeverity(string(val))
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Value implements the database/sql/driver.Valuer interface.
|
|
||||||
func (s Severity) Value() (driver.Value, error) {
|
|
||||||
return string(s), nil
|
|
||||||
}
|
|
Loading…
Reference in new issue