vulnerability.go

package dtrack

import (
	"context"
	"fmt"
	"net/http"

	"github.com/google/uuid"
)

type Vulnerability struct {
	UUID                         uuid.UUID `json:"uuid"`
	VulnID                       string    `json:"vulnId"`
	Source                       string    `json:"source"`
	Title                        string    `json:"title"`
	SubTitle                     string    `json:"subTitle"`
	Description                  string    `json:"description"`
	Recommendation               string    `json:"recommendation"`
	References                   string    `json:"references"`
	Credits                      string    `json:"credits"`
	Created                      string    `json:"created"`
	Published                    string    `json:"published"`
	Updated                      string    `json:"updated"`
	CWE                          CWE       `json:"cwe"`
	CWEs                         []CWE     `json:"cwes"`
	CVSSV2BaseScore              float64   `json:"cvssV2BaseScore"`
	CVSSV2ImpactSubScore         float64   `json:"cvssV2ImpactSubScore"`
	CVSSV2ExploitabilitySubScore float64   `json:"cvssV2ExploitabilitySubScore"`
	CVSSV2Vector                 string    `json:"cvssV2Vector"`
	CVSSV3BaseScore              float64   `json:"cvssV3BaseScore"`
	CVSSV3ImpactSubScore         float64   `json:"cvssV3ImpactSubScore"`
	CVSSV3ExploitabilitySubScore float64   `json:"cvssV3ExploitabilitySubScore"`
	CVSSV3Vector                 string    `json:"cvssV3Vector"`
	Severity                     string    `json:"severity"`
	VulnerableVersions           string    `json:"vulnerableVersions"`
	PatchedVersions              string    `json:"patchedVersions"`
}

type CWE struct {
	ID   int    `json:"cweId"`
	Name string `json:"name"`
}

type VulnerabilityService struct {
	client *Client
}

func (vs VulnerabilityService) Get(ctx context.Context, vulnUUID uuid.UUID) (v Vulnerability, err error) {
	req, err := vs.client.newRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/vulnerability/%s", vulnUUID))
	if err != nil {
		return
	}

	_, err = vs.client.doRequest(req, &v)
	return
}

func (vs VulnerabilityService) GetAllForComponent(ctx context.Context, componentUUID uuid.UUID, po PageOptions) (p Page[Vulnerability], err error) {
	req, err := vs.client.newRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/vulnerability/component/%s", componentUUID), withPageOptions(po))
	if err != nil {
		return
	}

	res, err := vs.client.doRequest(req, &p.Items)
	if err != nil {
		return
	}

	p.TotalCount = res.TotalCount
	return
}

func (vs VulnerabilityService) GetAllForProject(ctx context.Context, projectUUID uuid.UUID, po PageOptions) (p Page[Vulnerability], err error) {
	req, err := vs.client.newRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/vulnerability/project/%s", projectUUID), withPageOptions(po))
	if err != nil {
		return
	}

	res, err := vs.client.doRequest(req, &p.Items)
	if err != nil {
		return
	}

	p.TotalCount = res.TotalCount
	return
}

func (vs VulnerabilityService) Assign(ctx context.Context, vulnUUID, componentUUID uuid.UUID) (err error) {
	req, err := vs.client.newRequest(ctx, http.MethodPost, fmt.Sprintf("/api/v1/vulnerability/%s/component/%s", vulnUUID, componentUUID))
	if err != nil {
		return
	}

	_, err = vs.client.doRequest(req, nil)
	return
}

func (vs VulnerabilityService) Unassign(ctx context.Context, vulnUUID, componentUUID uuid.UUID) (err error) {
	req, err := vs.client.newRequest(ctx, http.MethodDelete, fmt.Sprintf("/api/v1/vulnerability/%s/component/%s", vulnUUID, componentUUID))
	if err != nil {
		return
	}

	_, err = vs.client.doRequest(req, nil)
	return
}