github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/types/vulnerability.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/types/vulnerability.go (about)

     1  package types
     2  
     3  import (
     4  	"github.com/aquasecurity/trivy-db/pkg/types"
     5  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
     6  )
     7  
     8  // DetectedVulnerability holds the information of detected vulnerabilities
     9  type DetectedVulnerability struct {
    10  	VulnerabilityID  string         `json:",omitempty"`
    11  	VendorIDs        []string       `json:",omitempty"`
    12  	PkgID            string         `json:",omitempty"` // It is used to construct dependency graph.
    13  	PkgName          string         `json:",omitempty"`
    14  	PkgPath          string         `json:",omitempty"` // This field is populated in the case of language-specific packages such as egg/wheel and gemspec
    15  	InstalledVersion string         `json:",omitempty"`
    16  	FixedVersion     string         `json:",omitempty"`
    17  	Status           types.Status   `json:",omitempty"`
    18  	Layer            ftypes.Layer   `json:",omitempty"`
    19  	SeveritySource   types.SourceID `json:",omitempty"`
    20  	PrimaryURL       string         `json:",omitempty"`
    21  
    22  	// PkgRef is populated only when scanning SBOM and contains the reference ID used in the SBOM.
    23  	// It could be PURL, UUID, etc.
    24  	// e.g.
    25  	//    - pkg:npm/acme/component@1.0.0
    26  	//    - b2a46a4b-8367-4bae-9820-95557cfe03a8
    27  	PkgRef string `json:",omitempty"`
    28  
    29  	// DataSource holds where the advisory comes from
    30  	DataSource *types.DataSource `json:",omitempty"`
    31  
    32  	// Custom is for extensibility and not supposed to be used in OSS
    33  	Custom interface{} `json:",omitempty"`
    34  
    35  	// Embed vulnerability details
    36  	types.Vulnerability
    37  }
    38  
    39  // GetID retrun Vulnerability ID
    40  func (vuln *DetectedVulnerability) GetID() string {
    41  	return vuln.VulnerabilityID
    42  }
    43  
    44  // BySeverity implements sort.Interface based on the Severity field.
    45  type BySeverity []DetectedVulnerability
    46  
    47  // Len returns the length of DetectedVulnerabilities
    48  func (v BySeverity) Len() int { return len(v) }
    49  
    50  // Less compares 2 DetectedVulnerabilities based on package name, severity, vulnerabilityID and package path
    51  func (v BySeverity) Less(i, j int) bool {
    52  	if v[i].PkgName != v[j].PkgName {
    53  		return v[i].PkgName < v[j].PkgName
    54  	} else if v[i].InstalledVersion != v[j].InstalledVersion {
    55  		return v[i].InstalledVersion < v[j].InstalledVersion
    56  	}
    57  	ret := types.CompareSeverityString(
    58  		v[j].Severity, v[i].Severity,
    59  	)
    60  	if ret != 0 {
    61  		return ret > 0
    62  	}
    63  	if v[i].VulnerabilityID != v[j].VulnerabilityID {
    64  		return v[i].VulnerabilityID < v[j].VulnerabilityID
    65  	}
    66  	return v[i].PkgPath < v[j].PkgPath
    67  }
    68  
    69  // Swap swaps 2 vulnerability
    70  func (v BySeverity) Swap(i, j int) { v[i], v[j] = v[j], v[i] }