ExtractProviderURL extracts URLs of provider metadata.

LoadAdvisory loads an advisory from a file.

LoadProviderMetadata loads a metadata provider from a reader.

LoadROLIECategoryDocument loads a ROLIE category document from a reader.

LoadROLIEFeed loads a ROLIE feed from a reader.

LoadROLIEServiceDocument loads a ROLIE service document from a reader.

NewAdvisoryFileProcessor constructs an filename extractor for a given metadata document.

NewAdvisorySummary creates a summary from an advisory doc with the help of an expression evaluator expr.

NewProviderMetadata creates a new provider with the given URL.

NewProviderMetadataDomain creates a new provider with the given URL and tlps feeds.

NewProviderMetadataLoader create a new loader.

NewProviderMetadataPrefix creates a new provider with a given prefix and tlps feeds.

NewROLIECategoryDocument creates a new ROLIE category document from a list of categories.

SaveAdvisory writes the JSON encoding of the given advisory to a file with the given name.

SynchronizedRemoteValidator returns a serialized variant of the given remote validator.

ValidateAggregator validates the document doc against the JSON schema of aggregator.

ValidateCSAF validates the document doc against the JSON schema of CSAF.

ValidateProviderMetadata validates the document doc against the JSON schema of provider metadata.

ValidateROLIE validates the ROLIE feed against the JSON schema of ROLIE.

AggregatorAggregator represents the "aggregator" type of aggregators.

AggregatorLister represents the "listers" type of aggregators.

AggregatorVersion20 is version 2.0 of the aggregator.

CSAFBranchCategoryArchitecture is the "architecture" category.

CSAFBranchCategoryHostName is the "host_name" category.

CSAFBranchCategoryLanguage is the "language" category.

CSAFBranchCategoryLegacy is the "legacy" category.

CSAFBranchCategoryPatchLevel is the "patch_level" category.

CSAFBranchCategoryProductFamily is the "product_family" category.

CSAFBranchCategoryProductName is the "product_name" category.

CSAFBranchCategoryProductVersion is the "product_version" category.

CSAFBranchCategoryProductVersionRange is the "product_version_range" category.

CSAFBranchCategoryServicePack is the "service_pack" category.

CSAFBranchCategorySpecification is the "specification" category.

CSAFBranchCategoryVendor is the "vendor" category.

CSAFCategoryCoordinator is the "coordinator" category.

CSAFCategoryDiscoverer is the "discoverer" category.

CSAFCategoryOther is the "other" category.

CSAFCategoryTranslator is the "translator" category.

CSAFCategoryUser is the "user" category.

CSAFCategoryVendor is the "vendor" category.

CSAFFlagLabelComponentNotPresent is the "component_not_present" label.

CSAFFlagLabelInlineMitigationsAlreadyExist is the "inline_mitigations_already_exist" label.

CSAFFlagLabelVulnerableCodeCannotBeControlledByAdversary is the "vulnerable_code_cannot_be_controlled_by_adversary" label.

CSAFFlagLabelVulnerableCodeNotInExecutePath is the "vulnerable_code_not_in_execute_path" label.

CSAFFlagLabelVulnerableCodeNotPresent is the "vulnerable_code_not_present" label.

CSAFInvolvementPartyCoordinator is the "coordinator" party.

CSAFInvolvementPartyDiscoverer is the "discoverer" party.

CSAFInvolvementPartyOther is the "other" party.

CSAFInvolvementPartyUser is the "user" party.

CSAFInvolvementPartyVendor is the "vendor" party.

CSAFInvolvementStatusCompleted is the "completed" status.

CSAFInvolvementStatusContactAttempted is the "contact_attempted" status.

CSAFInvolvementStatusDisputed is the "disputed" status.

CSAFInvolvementStatusInProgress is the "in_progress" status.

CSAFInvolvementStatusNotContacted is the "not_contacted" status.

CSAFInvolvementStatusOpen is the "open" status.

CSAFNoteCategoryDescription is the "description" category.

CSAFNoteCategoryDetails is the "details" category.

CSAFNoteCategoryFaq is the "faq" category.

CSAFNoteCategoryGeneral is the "general" category.

CSAFNoteCategoryLegalDisclaimer is the "legal_disclaimer" category.

CSAFNoteCategoryOther is the "other" category.

CSAFNoteCategorySummary is the "summary" category.

CSAFReferenceCategoryExternal is the "external" category.

CSAFReferenceCategorySelf is the "self" category.

CSAFRelationshipCategoryDefaultComponentOf is the "default_component_of" category.

CSAFRelationshipCategoryExternalComponentOf is the "external_component_of" category.

CSAFRelationshipCategoryInstalledOn is the "installed_on" category.

CSAFRelationshipCategoryInstalledWith is the "installed_with" category.

CSAFRelationshipCategoryOptionalComponentOf is the "optional_component_of" category.

CSAFRemediationCategoryMitigation is the "mitigation" category.

CSAFRemediationCategoryNoFixPlanned is the "no_fix_planned" category.

CSAFRemediationCategoryNoneAvailable is the "none_available" category.

CSAFRemediationCategoryVendorFix is the "vendor_fix" category.

CSAFRemediationCategoryWorkaround is the "workaround" category.

CSAFRestartRequiredCategoryConnected is the "connected" category.

CSAFRestartRequiredCategoryDependencies is the "dependencies" category.

CSAFRestartRequiredCategoryMachine is the "machine" category.

CSAFRestartRequiredCategoryNone is the "none" category.

CSAFRestartRequiredCategoryParent is the "parent" category.

CSAFRestartRequiredCategoryService is the "service" category.

CSAFRestartRequiredCategorySystem is the "system" category.

CSAFRestartRequiredCategoryVulnerableComponent is the "vulnerable_component" category.

CSAFRestartRequiredCategoryZone is the "zone" category.

CSAFThreatCategoryExploitStatus is the "exploit_status" category.

CSAFThreatCategoryImpact is the "impact" category.

CSAFThreatCategoryTargetSet is the "target_set" category.

CSAFTrackingStatusDraft is the "draft" category.

CSAFTrackingStatusFinal is the "final" category.

CSAFTrackingStatusInterim is the "interim" category.

CSAFVersion20 is the current version of CSAF.

CVSS20AccessComplexityHigh is a constant for "HIGH".

CVSS20AccessComplexityLow is a constant for "LOW".

CVSS20AccessComplexityMedium is a constant for "MEDIUM".

CVSS20AccessVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".

CVSS20AccessVectorLocal is a constant for "LOCAL".

CVSS20AccessVectorNetwork is a constant for "NETWORK".

CVSS20AuthenticationMultiple is a constant for "MULTIPLE".

CVSS20AuthenticationNone is a constant for "NONE".

CVSS20AuthenticationSingle is a constant for "SINGLE".

CVSS20CiaComplete is a constant for "COMPLETE".

CVSS20CiaNone is a constant for "NONE".

CVSS20CiaPartial is a constant for "PARTIAL".

CVSS20CiaRequirementHigh is a constant for "HIGH".

CVSS20CiaRequirementLow is a constant for "LOW".

CVSS20CiaRequirementMedium is a constant for "MEDIUM".

CVSS20CiaRequirementNotDefined is a constant for "NOT_DEFINED".

CVSS20CollateralDamagePotentialHigh is a constant for "HIGH".

CVSS20CollateralDamagePotentialLow is a constant for "LOW".

CVSS20CollateralDamagePotentialLowMedium is a constant for "LOW_MEDIUM".

CVSS20CollateralDamagePotentialMediumHigh is a constant for "MEDIUM_HIGH".

CVSS20CollateralDamagePotentialNone is a constant for "NONE".

CVSS20CollateralDamagePotentialNotDefined is a constant for "NOT_DEFINED".

CVSS20ExploitabilityFunctional is a constant for "FUNCTIONAL".

CVSS20ExploitabilityHigh is a constant for "HIGH".

CVSS20ExploitabilityNotDefined is a constant for "NOT_DEFINED".

CVSS20ExploitabilityProofOfConcept is a constant for "PROOF_OF_CONCEPT".

CVSS20ExploitabilityUnproven is a constant for "UNPROVEN".

CVSS20RemediationLevelNotDefined is a constant for "NOT_DEFINED".

CVSS20RemediationLevelOfficialFix is a constant for "OFFICIAL_FIX".

CVSS20RemediationLevelTemporaryFix is a constant for "TEMPORARY_FIX".

CVSS20RemediationLevelUnavailable is a constant for "UNAVAILABLE".

CVSS20RemediationLevelWorkaround is a constant for "WORKAROUND".

CVSS20ReportConfidenceConfirmed is a constant for "CONFIRMED".

CVSS20ReportConfidenceNotDefined is a constant for "NOT_DEFINED".

CVSS20ReportConfidenceUnconfirmed is a constant for "UNCONFIRMED".

CVSS20ReportConfidenceUncorroborated is a constant for "UNCORROBORATED".

CVSS20TargetDistributionHigh is a constant for "HIGH".

CVSS20TargetDistributionLow is a constant for "LOW".

CVSS20TargetDistributionMedium is a constant for "MEDIUM".

CVSS20TargetDistributionNone is a constant for "NONE".

CVSS20TargetDistributionNotDefined is a constant for "NOT_DEFINED".

CVSS3AttackComplexityHigh is a constant for "HIGH".

CVSS3AttackComplexityLow is a constant for "LOW".

CVSS3AttackVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".

CVSS3AttackVectorLocal is a constant for "LOCAL".

CVSS3AttackVectorNetwork is a constant for "NETWORK".

CVSS3AttackVectorPhysical is a constant for "PHYSICAL".

CVSS3CiaHigh is a constant for "HIGH".

CVSS3CiaLow is a constant for "LOW".

CVSS3CiaNone is a constant for "NONE".

CVSS3CiaRequirementHigh is a constant for "HIGH".

CVSS3CiaRequirementLow is a constant for "LOW".

CVSS3CiaRequirementMedium is a constant for "MEDIUM".

CVSS3CiaRequirementNotDefined is a constant for "NOT_DEFINED".

CVSS3ConfidenceConfirmed is a constant for "CONFIRMED".

CVSS3ConfidenceNotDefined is a constant for "NOT_DEFINED".

CVSS3ConfidenceReasonable is a constant for "REASONABLE".

CVSS3ConfidenceUnknown is a constant for "UNKNOWN".

CVSS3ExploitCodeMaturityFunctional is a constant for "FUNCTIONAL".

CVSS3ExploitCodeMaturityHigh is a constant for "HIGH".

CVSS3ExploitCodeMaturityNotDefined is a constant for "NOT_DEFINED".

CVSS3ExploitCodeMaturityProofOfConcept is a constant for "PROOF_OF_CONCEPT".

CVSS3ExploitCodeMaturityUnproven is a constant for "UNPROVEN".

CVSS3ModifiedAttackComplexityHigh is a constant for "HIGH".

CVSS3ModifiedAttackComplexityLow is a constant for "LOW".

CVSS3ModifiedAttackComplexityNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedAttackVectorAdjacentNetwork is a constant for "ADJACENT_NETWORK".

CVSS3ModifiedAttackVectorLocal is a constant for "LOCAL".

CVSS3ModifiedAttackVectorNetwork is a constant for "NETWORK".

CVSS3ModifiedAttackVectorNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedAttackVectorPhysical is a constant for "PHYSICAL".

CVSS3ModifiedCiaHigh is a constant for "HIGH".

CVSS3ModifiedCiaLow is a constant for "LOW".

CVSS3ModifiedCiaNone is a constant for "NONE".

CVSS3ModifiedCiaNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedPrivilegesRequiredHigh is a constant for "HIGH".

CVSS3ModifiedPrivilegesRequiredLow is a constant for "LOW".

CVSS3ModifiedPrivilegesRequiredNone is a constant for "NONE".

CVSS3ModifiedPrivilegesRequiredNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedScopeChanged is a constant for "CHANGED".

CVSS3ModifiedScopeNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedScopeUnchanged is a constant for "UNCHANGED".

CVSS3ModifiedUserInteractionNone is a constant for "NONE".

CVSS3ModifiedUserInteractionNotDefined is a constant for "NOT_DEFINED".

CVSS3ModifiedUserInteractionRequired is a constant for "REQUIRED".

CVSS3PrivilegesRequiredHigh is a constant for "HIGH".

CVSS3PrivilegesRequiredLow is a constant for "LOW".

CVSS3PrivilegesRequiredNone is a constant for "NONE".

CVSS3RemediationLevelNotDefined is a constant for "NOT_DEFINED".

CVSS3RemediationLevelOfficialFix is a constant for "OFFICIAL_FIX".

CVSS3RemediationLevelTemporaryFix is a constant for "TEMPORARY_FIX".

CVSS3RemediationLevelUnavailable is a constant for "UNAVAILABLE".

CVSS3RemediationLevelWorkaround is a constant for "WORKAROUND".

CVSS3ScopeChanged is a constant for "CHANGED".

CVSS3ScopeUnchanged is a constant for "UNCHANGED".

CVSS3SeverityCritical is a constant for "CRITICAL".

CVSS3SeverityHigh is a constant for "HIGH".

CVSS3SeverityLow is a constant for "LOW".

CVSS3SeverityMedium is a constant for "MEDIUM".

CVSS3SeverityNone is a constant for "NONE".

CVSS3UserInteractionNone is a constant for "NONE".

CVSS3UserInteractionRequired is a constant for "REQUIRED".

CVSSVersion20 is the current version of the schema.

CVSSVersion30 is version 3.0 of a CVSS3 item.

CVSSVersion31 is version 3.1 of a CVSS3 item.

ExtraProviderMetadataFound indicates an extra PMD found in security.txt.

HTTPFailed indicates that loading on HTTP level failed.

IgnoreProviderMetadata indicates that a extra PMD was ignored.

JSONDecodingFailed indicates problems with JSON decoding.

MetadataRoleProvider is the "csaf_provider" role.

MetadataRolePublisher is the "csaf_publisher" role.

MetadataRoleTrustedProvider is the "csaf_trusted_provider" role.

MetadataVersion20 is the current version of the schema.

SchemaValidationFailed indicates a general problem with schema validation.

SchemaValidationFailedDetail is a failure detail in schema validation.

TLPLabelAmber is the 'AMBER' policy.

TLPLabelGreen is the 'GREEN' policy.

TLPLabelRed is the 'RED' policy.

TLPLabelUnlabeled is the 'UNLABELED' policy.

TLPLabelWhite is the 'WHITE' policy.

WellknownSecurityMismatch indicates that the PMDs found under wellknown and in the security do not match.

Acknowledgement reflects the 'acknowledgement' object in the list of acknowledgements.

Advisory represents a CSAF advisory.

AdvisoryFileProcessor implements the extraction of advisory file names from a given provider metadata.

AdvisorySummary is a summary of some essentials of an CSAF advisory.

AggregateSeverity stands for the urgency with which the vulnerabilities of an advisory (not a specific one) should be addressed.

Aggregator is the CSAF Aggregator.

AggregatorCSAFProvider reflects one 'csaf_trusted_provider' in an aggregator.

AggregatorCSAFProviderMetadata reflects 'csaf_providers.metadata' in an aggregator.

AggregatorCSAFPublisher reflects one publisher in an aggregator.

AggregatorInfo reflects the 'aggregator' object in the aggregator.

Branch reflects the 'branch' object in the list of branches.

Content for ROLIE.

CVSS2 holding a CVSS v2.0 value.

CVSS3 holding a CVSS v3.x value.

CWE holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.

Distribution is a distribution of a CSAF feed.

Document contains meta-data about an advisory.

DocumentDistribution describes rules for sharing a document.

DocumentPublisher provides information about the publishing entity.

Engine contains information about the engine that generated the CSAF document.

Entry for ROLIE.

Feed is CSAF feed.

FeedData is the content of the ROLIE feed.

FileHash is checksum hash.

Flag contains product specific information in regard to this vulnerability as a single machine readable flag.

Format for ROLIE.

FullProductName is the full name of a product.

Generator holds elements related to the generation of the document.

Hashes is a list of hashes.

Involvement is a container that allows the document producers to comment on the level of involvement (or engagement) of themselves (or third parties) in the vulnerability identification, scoping, and remediation process.

Link for ROLIE.

LoadedProviderMetadata represents a loaded provider metadata.

Note reflects the 'Note' object of an advisory.

PGPKey is location and the fingerprint of the key used to sign the CSAF documents.

ProductGroup is a group of products in the document that belong to one group.

ProductGroups is a list of ProductGroupIDs.

ProductIdentificationHelper bundles product identifier information.

ProductStatus contains different lists of ProductIDs which provide details on the status of the referenced product related to the current vulnerability.

ProductTree contains product names that can be referenced elsewhere in the document.

ProviderMetadata contains the metadata of the provider.

ProviderMetadataLoader helps load provider-metadata.json from the various locations.

ProviderMetadataLoadMessage is a message generated while loading a provider meta data file.

Publisher is the publisher of the feed.

Reference holding any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.

Relationship establishes a link between two existing FullProductName elements.

Remediation specifies details on how to handle (and presumably, fix) a vulnerability.

RemoteTest is the result of the remote tests recieved by the remote validation service.

RemoteTestResult are any given test-result by a remote validator test.

RemoteValidationResult is the document recieved from the remote validation service.

RemoteValidatorOptions are the configuation options of the remote validation service.

RestartRequired provides information on category of restart is required by this remediation to become effective.

Revision contains information about one revision of the document.

ROLIE is the ROLIE extension of the CSAF feed.

ROLIECategories is a list of ROLIE categories.

ROLIECategory for ROLIE.

ROLIECategoryDocument is a ROLIE category document.

ROLIEFeed is a ROLIE feed.

ROLIEService is a ROLIE service.

ROLIEServiceDocument is a ROLIE service document.

ROLIEServiceWorkspace is a workspace of a ROLIE service.

ROLIEServiceWorkspaceCollection is a collection in a ROLIE service.

ROLIEServiceWorkspaceCollectionCategories are categories in a ROLIE service collection.

ROLIEServiceWorkspaceCollectionCategoriesCategory is a category in a ROLIE service collection.

Score specifies information about (at least one) score of the vulnerability and for which products the given value applies.

Summary for ROLIE.

Threat contains information about a vulnerability that can change with time.

TLP provides details about the TLP classification of the document.

Tracking holds information that is necessary to track a CSAF document.

Vulnerability contains all fields that are related to a single vulnerability in the document.

VulnerabilityID is the identifier of a vulnerability.

XGenericURI represents an identifier for a product.

AdvisoryFile constructs the urls of a remote file.

RemoteValidator validates an advisory document remotely.

Acknowledgements is a list of Acknowledgement elements.

AggregatorCategory is the category of the aggregator.

AggregatorURL is the URL of the aggregator document.

AggregatorVersion is the version of the aggregator.

BranchCategory is the category of a branch.

Branches is a list of Branch.

Category is the category of the CSAF feed.

CPE represents a Common Platform Enumeration in an advisory.

CVE holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for a vulnerability.

CVSS20AccessComplexity represents the accessComplexityType in CVSS20.

CVSS20AccessVector represents the accessVectorType in CVSS20.

CVSS20Authentication represents the authenticationType in CVSS20.

CVSS20Cia represents the ciaType in CVSS20.

CVSS20CiaRequirement represents the ciaRequirementType in CVSS20.

CVSS20CollateralDamagePotential represents the collateralDamagePotentialType in CVSS20.

CVSS20Exploitability represents the exploitabilityType in CVSS20.

CVSS20RemediationLevel represents the remediationLevelType in CVSS20.

CVSS20ReportConfidence represents the reportConfidenceType in CVSS20.

CVSS20TargetDistribution represents the targetDistributionType in CVSS20.

CVSS2VectorString is the VectorString of a CVSS2 item with version 3.x.

CVSS3AttackComplexity represents the attackComplexityType in CVSS3.

CVSS3AttackVector represents the attackVectorType in CVSS3.

CVSS3Cia represents the ciaType in CVSS3.

CVSS3CiaRequirement represents the ciaRequirementType in CVSS3.

CVSS3Confidence represents the confidenceType in CVSS3.

CVSS3ExploitCodeMaturity represents the exploitCodeMaturityType in CVSS3.

CVSS3ModifiedAttackComplexity represents the modifiedAttackComplexityType in CVSS3.

CVSS3ModifiedAttackVector represents the modifiedAttackVectorType in CVSS3.

CVSS3ModifiedCia represents the modifiedCiaType in CVSS3.

CVSS3ModifiedPrivilegesRequired represents the modifiedPrivilegesRequiredType in CVSS3.

CVSS3ModifiedScope represents the modifiedScopeType in CVSS3.

CVSS3ModifiedUserInteraction represents the modifiedUserInteractionType in CVSS3.

CVSS3PrivilegesRequired represents the privilegesRequiredType in CVSS3.

CVSS3RemediationLevel represents the remediationLevelType in CVSS3.

CVSS3Scope represents the scopeType in CVSS3.

CVSS3Severity represents the severityType in CVSS3.

CVSS3UserInteraction represents the userInteractionType in CVSS3.

CVSS3VectorString is the VectorString of a CVSS3 item with version 3.x.

CVSSVersion2 is the version of a CVSS2 item.

CVSSVersion3 is the version of a CVSS3 item.

DocumentCategory represents a category of a document.

FileHashValue represents the value of a hash.

Fingerprint is the fingerprint of a OpenPGP key used to sign the CSAF documents.

FlagLabel is the label of a flag for a vulnerability.

Flags is a list if Flag elements.

FullProductNames is a list of FullProductName.

HashedAdvisoryFile is a more involed version of checkFile.

InvolvementParty is the party of an involvement.

Involvements is a list of Involvement elements.

InvolvementStatus is the status of an involvement.

JSONURL is an URL to JSON document.

Lang is a language identifier, corresponding to IETF BCP 47 / RFC 5646.

MetadataRole is the role of the feed.

MetadataVersion is the metadata version of the feed.

NoteCategory is the category of a note.

Notes is a list of Note.

PlainAdvisoryFile is a simple implementation of checkFile.

ProductGroupID is a reference token for product group instances.

ProductID is a reference token for product instances.

Products is a list of one or more unique ProductID elements.

ProviderMetadataLoadMessages is a list of loading messages.

ProviderMetadataLoadMessageType is the type of the message.

ProviderURL is the URL of the provider document.

PURL represents a package URL in an advisory.

ReferenceCategory is the category of a note.

References is a list of Reference.

RelationshipCategory is the category of a relationship.

Relationships is a list of Relationship.

RemediationCategory is the category of a remediation.

Remediations is a list of Remediation elements.

RestartRequiredCategory is the category of RestartRequired.

RevisionNumber specifies a version string to denote clearly the evolution of the content of the document.

Revisions is a list of Revision.

Scores is a list of Score elements.

ThreatCategory is the category of a threat.

Threats is a list of Threat elements.

TimeStamp represents a time stamp in a CSAF feed.

TLPLabel is the traffic light policy of the CSAF.

TrackingID is a unique identifier for the document.

TrackingStatus is the category of a publisher.

Version is the version of a document.

Vulnerabilities is a list of Vulnerability.

VulnerabilityIDs is a list of VulnerabilityID elements.

WeaknessID is the identifier of a weakness.

XGenericURIs is a list of XGenericURI.