github.com/google/osv-scalibr@v0.4.1/binary/proto/finding.go

github.com/google/osv-scalibr@v0.4.1/binary/proto/finding.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package proto
    16  
    17  import (
    18  	"errors"
    19  
    20  	"github.com/google/osv-scalibr/inventory"
    21  	"github.com/google/osv-scalibr/inventory/vex"
    22  
    23  	spb "github.com/google/osv-scalibr/binary/proto/scan_result_go_proto"
    24  )
    25  
    26  var (
    27  	// --- Errors
    28  
    29  	// ErrAdvisoryMissing will be returned if the Advisory is not set on a finding.
    30  	ErrAdvisoryMissing = errors.New("advisory missing in finding")
    31  
    32  	// ErrAdvisoryIDMissing will be returned if the Advisory ID is not set on a finding.
    33  	ErrAdvisoryIDMissing = errors.New("advisory ID missing in finding")
    34  
    35  	genericFindingSeverityEnumToProto = map[inventory.SeverityEnum]spb.SeverityEnum{
    36  		inventory.SeverityMinimal:     spb.SeverityEnum_MINIMAL,
    37  		inventory.SeverityLow:         spb.SeverityEnum_LOW,
    38  		inventory.SeverityMedium:      spb.SeverityEnum_MEDIUM,
    39  		inventory.SeverityHigh:        spb.SeverityEnum_HIGH,
    40  		inventory.SeverityCritical:    spb.SeverityEnum_CRITICAL,
    41  		inventory.SeverityUnspecified: spb.SeverityEnum_SEVERITY_UNSPECIFIED,
    42  	}
    43  
    44  	genericFindingSeverityEnumToStruct = func() map[spb.SeverityEnum]inventory.SeverityEnum {
    45  		m := make(map[spb.SeverityEnum]inventory.SeverityEnum)
    46  		for k, v := range genericFindingSeverityEnumToProto {
    47  			m[v] = k
    48  		}
    49  		if len(m) != len(genericFindingSeverityEnumToProto) {
    50  			panic("genericFindingSeverityEnumToProto does not contain all values from genericFindingSeverityEnumToStruct")
    51  		}
    52  		return m
    53  	}()
    54  )
    55  
    56  // --- Struct to Proto
    57  
    58  // GenericFindingToProto converts a GenericFinding go struct into the equivalent proto.
    59  func GenericFindingToProto(f *inventory.GenericFinding) (*spb.GenericFinding, error) {
    60  	if f == nil {
    61  		return nil, nil
    62  	}
    63  	if f.Adv == nil {
    64  		return nil, ErrAdvisoryMissing
    65  	}
    66  	if f.Adv.ID == nil {
    67  		return nil, ErrAdvisoryIDMissing
    68  	}
    69  
    70  	var target *spb.GenericFindingTargetDetails
    71  	if f.Target != nil {
    72  		target = &spb.GenericFindingTargetDetails{
    73  			Extra: f.Target.Extra,
    74  		}
    75  	}
    76  
    77  	var exps []*spb.FindingExploitabilitySignal
    78  	for _, exp := range f.ExploitabilitySignals {
    79  		expProto := FindingVEXToProto(exp)
    80  		exps = append(exps, expProto)
    81  	}
    82  
    83  	return &spb.GenericFinding{
    84  		Adv: &spb.GenericFindingAdvisory{
    85  			Id: &spb.AdvisoryId{
    86  				Publisher: f.Adv.ID.Publisher,
    87  				Reference: f.Adv.ID.Reference,
    88  			},
    89  			Title:          f.Adv.Title,
    90  			Description:    f.Adv.Description,
    91  			Recommendation: f.Adv.Recommendation,
    92  			Sev:            genericFindingSeverityEnumToProto[f.Adv.Sev],
    93  		},
    94  		Target:                target,
    95  		Plugins:               f.Plugins,
    96  		ExploitabilitySignals: exps,
    97  	}, nil
    98  }
    99  
   100  // --- Proto to Struct
   101  
   102  // GenericFindingToStruct converts a GenericFinding proto into the equivalent go struct.
   103  func GenericFindingToStruct(f *spb.GenericFinding) (*inventory.GenericFinding, error) {
   104  	if f == nil {
   105  		return nil, nil
   106  	}
   107  	if f.Adv == nil {
   108  		return nil, ErrAdvisoryMissing
   109  	}
   110  	if f.Adv.Id == nil {
   111  		return nil, ErrAdvisoryIDMissing
   112  	}
   113  
   114  	target := &inventory.GenericFindingTargetDetails{
   115  		Extra: f.Target.GetExtra(),
   116  	}
   117  
   118  	var exps []*vex.FindingExploitabilitySignal
   119  	for _, exp := range f.GetExploitabilitySignals() {
   120  		expStruct := FindingVEXToStruct(exp)
   121  		exps = append(exps, expStruct)
   122  	}
   123  
   124  	return &inventory.GenericFinding{
   125  		Adv: &inventory.GenericFindingAdvisory{
   126  			ID: &inventory.AdvisoryID{
   127  				Publisher: f.Adv.Id.GetPublisher(),
   128  				Reference: f.Adv.Id.GetReference(),
   129  			},
   130  			Title:          f.Adv.GetTitle(),
   131  			Description:    f.Adv.GetDescription(),
   132  			Recommendation: f.Adv.GetRecommendation(),
   133  			Sev:            genericFindingSeverityEnumToStruct[f.Adv.GetSev()],
   134  		},
   135  		Target:                target,
   136  		Plugins:               f.GetPlugins(),
   137  		ExploitabilitySignals: exps,
   138  	}, nil
   139  }