This repository has been archived by the owner on Dec 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathanalysis.go
139 lines (116 loc) · 4.99 KB
/
analysis.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package dtrack
import (
"context"
"encoding/json"
"net/http"
"github.com/google/uuid"
)
type AnalysisJustification string
const (
AnalysisJustificationCodeNotPresent AnalysisJustification = "CODE_NOT_PRESENT"
AnalysisJustificationCodeNotReachable AnalysisJustification = "CODE_NOT_REACHABLE"
AnalysisJustificationNotSet AnalysisJustification = "NOT_SET"
AnalysisJustificationProtectedAtPerimeter AnalysisJustification = "PROTECTED_AT_PERIMETER"
AnalysisJustificationProtectedAtRuntime AnalysisJustification = "PROTECTED_AT_RUNTIME"
AnalysisJustificationProtectedByCompiler AnalysisJustification = "PROTECTED_BY_COMPILER"
AnalysisJustificationProtectedByMitigatingControl AnalysisJustification = "PROTECTED_BY_MITIGATING_CONTROL"
AnalysisJustificationRequiresConfiguration AnalysisJustification = "REQUIRES_CONFIGURATION"
AnalysisJustificationRequiresDependency AnalysisJustification = "REQUIRES_DEPENDENCY"
AnalysisJustificationRequiresEnvironment AnalysisJustification = "REQUIRES_ENVIRONMENT"
)
type AnalysisResponse string
const (
AnalysisResponseCanNotFix AnalysisResponse = "CAN_NOT_FIX"
AnalysisResponseNotSet AnalysisResponse = "NOT_SET"
AnalysisResponseRollback AnalysisResponse = "ROLLBACK"
AnalysisResponseUpdate AnalysisResponse = "UPDATE"
AnalysisResponseWillNotFix AnalysisResponse = "WILL_NOT_FIX"
AnalysisResponseWorkaroundAvailable AnalysisResponse = "WORKAROUND_AVAILABLE"
)
type AnalysisState string
const (
AnalysisStateExploitable AnalysisState = "EXPLOITABLE"
AnalysisStateFalsePositive AnalysisState = "FALSE_POSITIVE"
AnalysisStateInTriage AnalysisState = "IN_TRIAGE"
AnalysisStateNotAffected AnalysisState = "NOT_AFFECTED"
AnalysisStateNotSet AnalysisState = "NOT_SET"
AnalysisStateResolved AnalysisState = "RESOLVED"
)
type Analysis struct {
Comments []AnalysisComment `json:"analysisComments"`
State AnalysisState `json:"analysisState"`
Justification AnalysisJustification `json:"analysisJustification"`
Response AnalysisResponse `json:"analysisResponse"`
Details string `json:"analysisDetails"`
Suppressed bool `json:"isSuppressed"`
}
// findingAnalysis represents the Analysis object as returned by the findings API.
// Instead of `analysisState`, the state of an analysis is provided as `state` field.
// See https://github.com/DependencyTrack/dependency-track/blob/4.3.2/src/main/java/org/dependencytrack/model/Finding.java#L116
type findingAnalysis struct {
Comments []AnalysisComment `json:"analysisComments"`
State AnalysisState `json:"analysisState"`
Justification AnalysisJustification `json:"analysisJustification"`
Response AnalysisResponse `json:"analysisResponse"`
Details string `json:"analysisDetails"`
StateAlias AnalysisState `json:"state"`
Suppressed bool `json:"isSuppressed"`
}
func (a *Analysis) UnmarshalJSON(bytes []byte) error {
var fa findingAnalysis
if err := json.Unmarshal(bytes, &fa); err != nil {
return err
}
*a = Analysis{
Comments: fa.Comments,
State: fa.State,
Justification: fa.Justification,
Response: fa.Response,
Details: fa.Details,
Suppressed: fa.Suppressed,
}
if fa.State == "" && fa.StateAlias != "" {
a.State = fa.StateAlias
}
return nil
}
type AnalysisComment struct {
Comment string `json:"comment"`
Commenter string `json:"commenter"`
Timestamp int `json:"timestamp"`
}
type AnalysisRequest struct {
Component uuid.UUID `json:"component"`
Project uuid.UUID `json:"project"`
Vulnerability uuid.UUID `json:"vulnerability"`
Comment string `json:"comment,omitempty"`
State AnalysisState `json:"analysisState,omitempty"`
Justification AnalysisJustification `json:"analysisJustification,omitempty"`
Response AnalysisResponse `json:"analysisResponse,omitempty"`
Details string `json:"analysisDetails,omitempty"`
Suppressed *bool `json:"isSuppressed,omitempty"`
}
type AnalysisService struct {
client *Client
}
func (as AnalysisService) Get(ctx context.Context, component, project, vulnerability uuid.UUID) (a Analysis, err error) {
params := map[string]string{
"component": component.String(),
"project": project.String(),
"vulnerability": vulnerability.String(),
}
req, err := as.client.newRequest(ctx, http.MethodGet, "/api/v1/analysis", withParams(params))
if err != nil {
return
}
_, err = as.client.doRequest(req, &a)
return
}
func (as AnalysisService) Create(ctx context.Context, analysisReq AnalysisRequest) (a Analysis, err error) {
req, err := as.client.newRequest(ctx, http.MethodPut, "/api/v1/analysis", withBody(analysisReq))
if err != nil {
return
}
_, err = as.client.doRequest(req, &a)
return
}