csaf-matching/io.csaf.matching

Package-level declarations

Types

Link copied to clipboard
data object CaseInsensitiveIgnoreDashMatch : MatchingConfidence

A CaseInsensitiveIgnoreDashMatch indicates a (string-based) match that is case-insensitive and ignores dashes. This is a relatively high match value, but not as high as a CaseInsensitiveMatch.

Link copied to clipboard
data object CaseInsensitiveMatch : MatchingConfidence

A CaseInsensitiveMatch indicates a (string-based) match that is case-insensitive. This is a high match value, but not as high as a DefiniteMatch.

Link copied to clipboard
data class CombinedMatch(val elements: List<MatchingConfidence>) : MatchingConfidence

A CombinedMatch indicates a match that is combined from multiple elements with different confidence.

Link copied to clipboard
expect interface Cpe

An interface for a class that represents a CPE (Common Platform Enumeration).

actual typealias Cpe = ICpe
Link copied to clipboard
data object DefinitelyNoMatch : MatchingConfidence

A DefinitelyNoMatch indicates a definite no match. This is the lowest possible match value.

Link copied to clipboard
data object DefiniteMatch : MatchingConfidence

A DefiniteMatch indicates a definite match. This is the highest possible match value. This should be used if two properties match exactly -- either lexically or by rules defined in a specification. For example if one Cpe matches another, this is a DefiniteMatch.

Link copied to clipboard
data class DifferentSources(val sources: List<PropertySource>) : MatchingConfidence

A DifferentSources indicates that the information comes from different sources (e.g., matching a Cpe.getVendor to a vendor specified in a Csaf.Branche. This can be used to "multiply" the matching confidence with this value to adjust it for the different sources.

Link copied to clipboard
class FastHash<T>(val o: T)

A wrapper class for usage of immutable objects as Keys in HashMaps/HashSets. The wrapper calls hashCode() of the wrapped object only once and caches its result. This is valid for immutable objects and speeds up HashMaps/HashSets operations considerably.

Link copied to clipboard
data class Match(val document: <Error class: unknown class>, val product: <Error class: unknown class>, val matchedComponent: SBOMComponent, val confidence: MatchingConfidence)

A data class representing a match between an Csaf.Product to an SBOMComponent with given MatchingConfidence.

Link copied to clipboard
class Matcher(val documents: List<<Error class: unknown class>>, val threshold: Float = 0.5f)

Matcher for matching an SBOM database with provided CSAF documents.

Link copied to clipboard
Link copied to clipboard
data object MatchPackageNoVersion : MatchingConfidence

A MatchPackageNoVersion indicates a match, but the version is not set. This is a partial match because we consider that semantically means that the package is affected, but we do not know which version. So in theory, all versions that are in the SBOM could be a match. It is not a definite match, but it is also not a no match. It is a partial match.

Link copied to clipboard
data object MatchWithoutVendor : MatchingConfidence

A MatchWithoutVendor indicates that the match is without a vendor. This is a partial match because vendors are often omitted in SBOMs, but they are important for exact matching. So we consider this a partial match.

Link copied to clipboard
data object PartialStringMatch : MatchingConfidence

A PartialStringMatch indicates that a string property of the vulnerable product partially matches the affected component's string property.

Link copied to clipboard
data class ProductWithBranches(var advisory: <Error class: unknown class>, var product: <Error class: unknown class>, var branches: List<<Error class: unknown class>>)

A utility class for a Product and a list of Csaf.Branches that define the "path" from the root of the Csaf.ProductTree to the Product

Link copied to clipboard
expect class Purl(purl: String)
actual typealias Purl = PackageURL
Link copied to clipboard
typealias SBOM = Document

A single Bill-of-Materials (SBOM).

Link copied to clipboard
typealias SBOMComponent = Node

A single component in an SBOM.

Link copied to clipboard
typealias SBOMDatabase = List<Document>

A database of SBOMs represented as a list of SBOM instances.

Link copied to clipboard
expect class Vers
actual typealias Vers = io.github.nscuro.versatile.Vers

Properties

Link copied to clipboard
val Node.cpe: Cpe?

A Cpe object that is derived from a Node.identifiers.

Link copied to clipboard
val Node.purl: Purl?

Functions

Link copied to clipboard
fun <Error class: unknown class>.gatherProductsWithBranches(predicate: (<Error class: unknown class>) -> Boolean? = null): List<ProductWithBranches>

Gathers all Products in the current document and their branches. The predicate is used to filter the products. If it is null, all products are returned.

Link copied to clipboard
fun matchProperties(vulnerable: ProductWithBranches, node: Node): MatchingConfidence

This is the core function of the Matcher. It matches a vulnerable product against a component by comparing different Property objects in a defined order.

Link copied to clipboard
fun <RawType, PropertyType : Property<RawType>, ProviderType : PropertyProvider<PropertyType>> matchProperty(provider: ProviderType, vulnerable: ProductWithBranches, node: Node, default: MatchingConfidence = DefinitelyNoMatch): MatchingConfidence

Matches a certain property (of type PropertyType) from a vulnerable product against a property from a component. The property is provided by a ProviderType.

Link copied to clipboard
expect fun parseCpe(cpe: String): Cpe

Parses a CPE string into a Cpe object.

actual fun parseCpe(cpe: String): Cpe
Link copied to clipboard
expect fun parseVers(versString: String): Vers?
actual fun parseVers(versString: String): Vers?