feat: Add new data structures for an abstract representation of proje…

…cts/findings

querying/datasource.go

@@ -0,0 +1 @@
+package querying

querying/ecosystems.go

@@ -0,0 +1,20 @@
+package querying
+
+type FindingEcosystemType uint8
+
+const (
+	FindingEcosystemApt FindingEcosystemType = iota
+	FindingEcosystemCSharp
+	FindingEcosystemDart
+	FindingEcosystemErlang
+	FindingEcosystemGHA // GitHub Actions
+	FindingEcosystemGo
+	FindingEcosystemJava
+	FindingEcosystemJS
+	FindingEcosystemPHP
+	FindingEcosystemPython
+	FindingEcosystemRPM
+	FindingEcosystemRuby
+	FindingEcosystemRust
+	FindingEcosystemSwift
+)

querying/finding.go

@@ -0,0 +1,19 @@
+package querying
+
+import "sync"
+
+type FindingIdentifierType uint8
+
+const (
+	FindingIdentifierCVE FindingIdentifierType = iota
+	FindingIdentifierGHSA
+)
+
+type Finding struct {
+	Identifiers map[FindingIdentifierType]string
+	Ecosystem   FindingEcosystemType
+	Severity    FindingSeverityType
+	Description string
+	PackageName string
+	mu          sync.Mutex
+}

querying/project.go

@@ -0,0 +1,76 @@
+package querying
+
+import (
+	"strings"
+	"sync"
+
+	"golang.org/x/exp/maps"
+)
+
+type ProjectCollection struct {
+	Projects []*Project
+	mu       sync.Mutex
+}
+
+type Project struct {
+	Name     string
+	Findings []*Finding
+	Links    map[string]string
+	mu       sync.Mutex
+}
+
+func NewProject(name string) *Project {
+	return &Project{
+		Name:     name,
+		Findings: []*Finding{},
+		Links:    map[string]string{},
+	}
+}
+
+func NewProjectCollection() *ProjectCollection {
+	return &ProjectCollection{
+		Projects: []*Project{},
+	}
+}
+
+func normalizeProjectName(name string) string {
+	return strings.Replace(strings.ToLower(name), "-", "_", -1)
+}
+
+func (c *ProjectCollection) AddProject(name string) *Project {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	name = normalizeProjectName(name)
+	for _, proj := range c.Projects {
+		if normalizeProjectName(proj.Name) == name {
+			return proj
+		}
+	}
+	// If we make it past the loop, no existing project was found with this name
+	newProj := NewProject(name)
+	c.Projects = append(c.Projects, newProj)
+	return newProj
+}
+
+func (p *Project) AddFinding(identifiers map[FindingIdentifierType]string) *Finding {
+	var result *Finding
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	for _, finding := range p.Findings {
+		for idType, id := range finding.Identifiers {
+			val, ok := identifiers[idType]
+			if ok && val == id {
+				result = finding
+				break
+			}
+		}
+	}
+	if result == nil {
+		result = &Finding{
+			Identifiers: identifiers,
+		}
+	} else {
+		maps.Copy(result.Identifiers, identifiers)
+	}
+	return result
+}

querying/severities.go

@@ -0,0 +1,12 @@
+package querying
+
+type FindingSeverityType uint8
+
+const (
+	FindingSeverityCritical FindingSeverityType = iota
+	FindingSeverityHigh
+	FindingSeverityModerate
+	FindingSeverityLow
+	FindingSeverityInfo
+	FindingSeverityUndefined
+)