zot/pkg/extensions/search/cve/model/models.go

package model

import (
	"strings"
	"time"

	godigest "github.com/opencontainers/go-digest"
	"golang.org/x/exp/slices"
)

type ImageCVESummary struct {
	Count         int
	UnknownCount  int
	LowCount      int
	MediumCount   int
	HighCount     int
	CriticalCount int
	MaxSeverity   string
}

//nolint:tagliatelle // graphQL schema
type CVE struct {
	ID          string    `json:"Id"`
	Description string    `json:"Description"`
	Severity    string    `json:"Severity"`
	Title       string    `json:"Title"`
	Reference   string    `json:"Reference"`
	PackageList []Package `json:"PackageList"`
}

func (cve *CVE) ContainsStr(str string) bool {
	str = strings.ToUpper(str)

	return strings.Contains(strings.ToUpper(cve.Title), str) ||
		strings.Contains(strings.ToUpper(cve.ID), str) ||
		strings.Contains(strings.ToUpper(cve.Severity), str) ||
		strings.Contains(strings.ToUpper(cve.Reference), str) ||
		strings.Contains(strings.ToUpper(cve.Description), str) ||
		slices.ContainsFunc(cve.PackageList, func(pack Package) bool {
			return strings.Contains(strings.ToUpper(pack.Name), str) ||
				strings.Contains(strings.ToUpper(pack.FixedVersion), str) ||
				strings.Contains(strings.ToUpper(pack.InstalledVersion), str) ||
				strings.Contains(strings.ToUpper(pack.PackagePath), str)
		})
}

//nolint:tagliatelle // graphQL schema
type Package struct {
	Name             string `json:"Name"`
	PackagePath      string `json:"PackagePath"`
	InstalledVersion string `json:"InstalledVersion"`
	FixedVersion     string `json:"FixedVersion"`
}

const (
	unScanned = iota
	none
	unknown
	low
	medium
	high
	critical
)

// Values from https://www.first.org/cvss/v3.0/specification-document
const (
	SeverityNotScanned = ""         // scanning was not done or was not complete
	SeverityNone       = "NONE"     // no vulnerabilities were detected at all
	SeverityUnknown    = "UNKNOWN"  // coresponds to CVSS 3 score NONE
	SeverityLow        = "LOW"      // coresponds to CVSS 3 score LOW
	SeverityMedium     = "MEDIUM"   // coresponds to CVSS 3 score MEDIUM
	SeverityHigh       = "HIGH"     // coresponds to CVSS 3 score HIGH
	SeverityCritical   = "CRITICAL" // coresponds to CVSS 3 score CRITICAL
)

func severityInt(severity string) int {
	sevMap := map[string]int{
		SeverityNotScanned: unScanned,
		SeverityNone:       none,
		SeverityUnknown:    unknown,
		SeverityLow:        low,
		SeverityMedium:     medium,
		SeverityHigh:       high,
		SeverityCritical:   critical,
	}

	severityInt, ok := sevMap[severity]

	if !ok {
		// In the unlikely case the key is not in the map we
		// return the unknown severity level
		return unknown
	}

	return severityInt
}

func CompareSeverities(sev1, sev2 string) int {
	return severityInt(sev2) - severityInt(sev1)
}

type Descriptor struct {
	Digest    godigest.Digest
	MediaType string
}

type DescriptorInfo struct {
	Descriptor

	Timestamp time.Time
}

type TagInfo struct {
	Tag        string
	Descriptor Descriptor
	Manifests  []DescriptorInfo
	Timestamp  time.Time
}